Title: Moses

Remove Moses. Removal instructions

Severity scale:

(57 / 100)

A RAT program works by a simple but effective principle: the hacker infects the machine with a "server" program via the e-mail or File and Print Sharing system and can control it, using a "client" on his computer. Originated in September 2001. The functions of a RAT can vary, depending on the needs of the attacker. This program has a "backdoor" function, allowing the intruder to bypass the security. The author of this pest is a hacker called Psyon. The RAT was written in Visual C++ programming language. Several variants (Moses 1.1.5 b, Moses 1.1.5 d, Moses 1.10c, Moses 2.01) appeared from July 2000 to October 2003.

From the publisher:

"Moses - Remote Admin Tool By Psyon for MoDeM

DISCLAIMER: This software is intended for legitimate remote administration needs. It is provided as is, without any support from. MoDeM is not now and will not ever be responsible for any uses of the software.

CONFIGURATION Use the configuration tool config.exe in the zip file. It should be pretty self explanatory. config.exe is a slimmed down version of the Bo2k Config tool. It works, thats all that matters.

VERSIONS

2.0.1 BETA I added a file server, so that you can download files from the host easier. Also I fixed the MSGBOX code that was causing the software to stop if no one clicked OK.

1.1.5 BETA I changed the way that the USERHOST response was being handled. It was preventing the lookup of the host IP properly, so dos consoles were not working right.

1.1.2 BETA I changed the ResolveHost() function. Im pretty positive it was responsible for some errors I was encountering.

1.1.1 BETA Just a few small bug fixes.

1.1.0 BETA I changed the installation process. The old way was not working on all computer. The installer and Moses are actually separate programs now, but they run as one.

1.0.1 BETA I fixed a problem with the initial setup not running on all computers. Also fixed a problem with Moses not connecting to IRC when it did run.

1.0.0 BETA This is the initial release of Moses. It is not very complete. It does have some useful features in it, like the console. Check it out.

COMMANDS

All commands are given by messaging the bot. If you are familiar with IRC than you know what this means, if than stop reading and delete moses! Commands are as follows:

COMMAND - Sends raw IRC commands to the server. USAGE: COMMAND ex: COMMAND PRIVMSG #Moses :Command used!

CONSOLE - Gives you a DOS prompt in a DCC window. This function is extremely buggy and may not work on all computers. Im looking into fixing it. USAGE: CONSOLE

EXECUTE - Executes a specified program or file. USAGE: EXECUTE ex: EXECUTE c:\windows\notepad.exe

HELP - Lists all currently available commands. USAGE: HELP

MSGBOX - Shows a message box on the remote machine. USAGE: MSGBOX ex: MSGBOX Sorry, you are about to be rebooted

QUIT - Makes the bot quit irc and reconnect. USAGE: QUIT [message] ex: QUIT quit requested from Admin

REBOOT - Reboots remote computer. USAGE: REBOOT

SEND - Sends a series of files matching a mask via DCC. It will send one at a time USAGE: SEND ex: SEND c:\windows\*.exe

SERVER - Makes the bot switch IRC servers. USAGE: SERVER

VERSION - Returns current version of Moses. USAGE: VERSION

Psyon"

Moses properties:
• Allows remote user connection
• Hides from the user
• Stays resident in background

Automatic Moses removal:

remover for Moses

SpyHunter is recommended remover to uninstall Moses. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manul removal instructions below.

If you failed to remove Moses using SpyHunter please report this to us.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.

STOPzilla

download | review

We are testing STOPzilla's efficiency at removing Moses (2005-04-10 05:57:01)

Malwarebytes Anti Malware

download | review

We are testing Malwarebytes Anti Malware's efficiency at removing Moses (2005-04-10 05:57:01)

Spyware Doctor

download | review | tutorial

We are testing Spyware Doctor's efficiency at removing Moses (2005-04-10 05:57:01)

XoftSpySE Anti Spyware

download | review

Moses manual removal:

FORUM:
Discuss Moses in
spyware removal forum

Kill processes:
-1705630907.exe, config.exe, installer.exe, lwclient.exe

HELP:
how to kill malicious processes

Unregister DLLs:
[system root]\\system\\userprof.dll

HELP:
how to unregister malicious DLLs

Delete files:
-1705630907.exe, bo2kcfg.cpp, bo2kcfgdlg.cpp, bo2kcfgdlg.h, cmd_msgbox.c, config.dsp, config.exe, installer.c, installer.exe, installer.rc, license.txt, lwclient.exe, moses.c, moses.def, moses.dsp, moses.dsw, readme.txt, resource.h, stdafx.cpp, stdafx.h, [system root]\\system\\userprof.dll, vssver.scc

HELP:
how to remove harmful files

Information added: 2005-04-10 03:19:46
Information updated: 2005-04-10 03:19:46

Additional resources related to Moses:

Attention: If you know or you have a website or page about Moses removal, feel free to add a link to this list: add url

more resources

Post Comment:

Attention: Use this form only if you have additional information about Moses parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Latest spyware news:

Subscribe to news

Similar parasites:

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.