Deep Throat v2

  Fruit Bat /\0/\ 16:38 20 Jul 2004

Deep Throat v2 currently affects Windows 95/98 PC's. It's rumored that the author is working on a Windows NT version.

In this version of Deep Throat, the trojan deletes the existing "systray.exe" which is normally 36kb in size with the "server" portion, which is approximately 301kb in size.

TCP port 6670, UDP Port 2140 and UDP port 3150 are used to establish its connection between the "client" and "server".

Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.


How to Remove

Step 1.
Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.

Step 2.
After the computer has restarted, change to the WINDOWS\SYSTEM directory.

Step 3.
Type "DIR systray.exe" (without the quotes) and look at the size of the file. If it's over 300kb, then you've confirmed this is the "server portion" of the trojan.

Step 4.
Type "DEL systray.exe" (without the quotes) to delete it.

Step 5.
Press CTRL-ALT-DEL and allow Windows to restart.

Congratulations Deep Throat has been removed from your system.

Important Notes:
Because the trojan deletes and replaces Microsoft's SYSTRAY.EXE with the "server" portion, you'll have to either extract the original systray.exe from the CAB files, or copy it from another PC.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Huawei Mate 20 Pro review: In-depth hands-on

See concept art from groundbreaking video games including The Last of Us, Journey and No Man's Sky

iPhone XR release date, price & specs

Les meilleurs VPN pour Kodi (2018)