| Port No | 41 |
| Service Name | Deep Throat |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | The current Deep Throat 3.0 is a buggy release which is good of course. Version 3.0 offers many more features and a better client for the hacker. While this version is buggy because of the great demand for it's release. It's keylogger uses port 999 TCP by default and it's FTP server uses 41 TCP. The port redirection a new feature to DeepThroat is defaulted for making the hacker's IRC IP number the one of the trojan's |
| Reference Link | Deep Throat Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: Systemtray It does the following : Add program to load with windows through the registry Capure screen Cd Rom Open/Close Change wall paper Create directory Delete file Download file from the internet Drive info Freeze mouse Get cached/Dial up passwords Get window list Hangup modem Hide or show: Taskbar, Start Button, Systray, Clock or Desktop Kill/Disable/Enable/Change title of window Monitor on/off Online ICQ alert Play sound Port redirection Reboot Run program invisible or visible Send text to window Send to url Show picture Swap mouse buttons System info Removal : 1.Remove the Systemtray key located at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Which can be done with regedit or any registry editing program. 2. Reboot the computer 3. Delete the trojan files pddt.dat in the Windows System directory(Usually c:\windows\system), and the systray.exe located in the Window directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.