Severity scale  
  (50/100)

Excalibur. How to Remove? (Uninstall Guide)

removal by - -   | Type: Remote Administration Tools
12
This RAT program was designed for virtual hooliganism, it can not be classified as dangerous, because the functions of this program are not harmful. Ti annoys the user by causing DoS attacks (jamming the channel by fast pinging). It also uses a very sneaky ways to infect the system, so the detection is quite hard. The pest originated in April 1999. The author is a hacker called MaTrim. It was written in Visual Basic.

From the publisher:

"Excalibur is a new backdoor virus program with several advantages over the other backdoor programs available.

1: It is not yet detected by virusscanners
2: It automatically hides itself very well from any type of detection
3: It has built-in DoS capibilities, such as Ping Bomb [think
of pingbomb from 10 computers!] or Nuking.

4: It uses a little-known way of running itself on bootup, making
it difficult to detect

5: Much more!

--- 3.1 ---
*Installer*
-----------

After running install.exe, there should be a zip file in the directory with the client.1. Download any program [or use one that you have handy]. Make sure that it has an install program built in. Then, rename the install program [most likely install.exe or setup.exe] to "install.___" [no quotes]. Those _ marks are NOT spaces, they are underscores.
2. Copy all of the files from install.zip to the same place as this other program. There should now be a new 'install.exe' [the one from install.zip].
3. Recompress and send to your victom! When the run 'install.exe' it will set up the virus and run the original install program. Your victom won't notice a thing!

--- 3.2 ---
*OtherFucn*
-----------

This is a list of the 'other' functions [buttons], i.e. not the DoS functions, and what they do. Obviously, you need to be connected to a virused computer first.

Alt-Ctrl-Del off = Disables Alt-Ctrl-Del, click again to enable
Run Program = Runs program on remote computer
Crash Explorer [win98 only] = When enabled, will crash Explorer [NOT IE] on any computer running Win98. Very nasty!
Comptuer Takedown = Completly destroies a computer. BE CAREFUL WITH THIS FUNCTION.
Set WallPaper = Set the computer's wallpaper
Annoying Mouse... = Whenever the user moves the mouse, a messagebox will be displayed.
Switch Mouse Buttons = Self-explanitory. Just plain annoying!

--- 3.3 ---
*DoS Funct*
----------- This is a list of the DoS functions [buttons], and what they do. Obviously, you need to be connected to a virused computer first.
PingBomb = Has the virused computer pingbomb an IP for aprox. 5 min. Very effective if multiple clients are using it, and none of it gets traced back to you!" Excalibur properties:
• Allows remote user connection
• Hides from the user
• Stays resident in background

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Excalibur. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Excalibur. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2005-03-23 03:53)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2005-03-23 03:53)
Hitman Pro
Webroot SecureAnywhere AntiVirus

Excalibur manual removal

Kill processes:
install.exe
Unregister DLLs:
[system root]\\system\\sys23.dll

Delete files:
data.5, data.6, data.7, data.8, data.9, install.exe, readme.1st, readme.txt, [system root]\\system\\sys23.dll

Geolocation of Excalibur

Map reveals the prevalence of Excalibur. Countries and regions that have been affected the most are: Austria, United States, Czech Republic, Canada and Romania.

Information updated:

Comments on Excalibur

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)