Excalibur. How to remove? (Uninstall guide)

removal by Jake Doevan - - | Type: Remote Administration Tools
12

This RAT program was designed for virtual hooliganism, it can not be classified as dangerous, because the functions of this program are not harmful. Ti annoys the user by causing DoS attacks (jamming the channel by fast pinging). It also uses a very sneaky ways to infect the system, so the detection is quite hard. The pest originated in April 1999. The author is a hacker called MaTrim. It was written in Visual Basic.

From the publisher:

“Excalibur is a new backdoor virus program with several advantages over the other backdoor programs available.

1: It is not yet detected by virusscanners
2: It automatically hides itself very well from any type of detection
3: It has built-in DoS capibilities, such as Ping Bomb [think
of pingbomb from 10 computers!] or Nuking.

4: It uses a little-known way of running itself on bootup, making
it difficult to detect

5: Much more!

— 3.1 —
*Installer*
———–

After running install.exe, there should be a zip file in the directory with the client.1. Download any program [or use one that you have handy]. Make sure that it has an install program built in. Then, rename the install program [most likely install.exe or setup.exe] to “install.___” [no quotes]. Those _ marks are NOT spaces, they are underscores.
2. Copy all of the files from install.zip to the same place as this other program. There should now be a new ‘install.exe’ [the one from install.zip].
3. Recompress and send to your victom! When the run ‘install.exe’ it will set up the virus and run the original install program. Your victom won’t notice a thing!

— 3.2 —
*OtherFucn*
———–

This is a list of the ‘other’ functions [buttons], i.e. not the DoS functions, and what they do. Obviously, you need to be connected to a virused computer first.

Alt-Ctrl-Del off = Disables Alt-Ctrl-Del, click again to enable
Run Program = Runs program on remote computer
Crash Explorer [win98 only] = When enabled, will crash Explorer [NOT IE] on any computer running Win98. Very nasty!
Comptuer Takedown = Completly destroies a computer. BE CAREFUL WITH THIS FUNCTION.
Set WallPaper = Set the computer’s wallpaper
Annoying Mouse… = Whenever the user moves the mouse, a messagebox will be displayed.
Switch Mouse Buttons = Self-explanitory. Just plain annoying!

— 3.3 —
*DoS Funct*
———– This is a list of the DoS functions [buttons], and what they do. Obviously, you need to be connected to a virused computer first.
PingBomb = Has the virused computer pingbomb an IP for aprox. 5 min. Very effective if multiple clients are using it, and none of it gets traced back to you!”

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Excalibur you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Excalibur. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Excalibur (2005-03-23)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Excalibur (2005-03-23)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Excalibur (2005-03-23)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Excalibur (2005-03-23)

Excalibur manual removal:

Kill processes:
install.exe

Unregister DLLs:
[system root]\system\sys23.dll

Delete files:
data.5,data.6,data.7,data.8,data.9,install.exe,readme.1st,readme.txt,[system root]\system\sys23.dll

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author