| Port No | 1015 |
| Service Name | DolyTrojan |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Doly Trojan |
| Reference Link | More Information |
| Attack | Name: Doly Trojan Server Features: 1. Change computer name 2. Change owner name 3. Change resolution to 640/480 4. Change the title color on open windows to a random color 5. Change volume to maximum or minimum 6. Close all windows 7. Close server Chat with server 8. Computer run time 9. Disable double click 10. Disconnect server from internet 11. Display fatal error plus customizable message 12. Display FBI screen 13. File manager 14. Get ICQ password 15. Get ICQ UIN 16. Get passwords 17. Get user info 18. Hide/show all drives 19. Hide/show find dialog (Start menu..find) 20. Hide/show mouse 21. Hide/show run dialog (Start menu..run) 22. Hide/show task bar 23. ICQ notify IRC notify 24. Key logger on/off 25. Move mouse 26. Open/close cd-rom 27. Open FTP server 28. Password protect server (password deleted if server not connected to within 4 days) 29. Remove windows background 30. Run program (visible to user or hidden) 31. Screen capture 32. Send key or string 33. Send to URL 34. Set all window names to another name 35. Set systems color 36. Shell spy 37. Sleep 38. Show/stop error screen 39. Shutdown windows 40. Start/stop crazy mouse 41. Swap/unswap mouse buttons (Left button becomes right) 42. View running applications 43. View, clear or change clipboard text Comments: The Doly Trojan 2.0 has been released as a beta and appears to be the last Doly Trojan. This version came with a brand new client and a server that was reduced to only 104 kilobytes. Doly Trojan 2.0 does not infect computers. The programmers suggested merging it with other files. Also the screen capture feature needs an extra DLL file to work, which needs to uploaded by the person using the server. The lack of infection capabilities and non-working features mean version 1.70 SE is probably encountered more often then this version. HOw To Remove: 1. Remove the Ms tesk keys in the registry located at HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run. Then delete Enable, parameters, path and startup keys in the registry located at HKEY_USERS\.Default\Software\Mirabilis\ICQ\Agent\Apps\Ava. Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close mdm.exe in the program files directory (Usually c:\program files\) and in the windows start up directory (Usually c:\windows\start menu\programs\startup\). Also reboot or close Kernal32.exe in the windows system directory. 3. Delete the trojan file Kernal32.exe in the windows system directory. Also delete mdm.exe in the windows start up directory (Usually c:\windows\start menu\programs\startup\) and in the program files directory (Usually c:\program files\). If any of the files can not be deleted or closed then reboot the computer into DOS mode and delete them there. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.