 Remove Mosucker. Description and removal instructions
From the publisher: "MoSucker is a backdoor trojan, coded with Visual Basic 6. The server needs the vb6-runtime-dll msvbvm60.dll. It does no longer need any ocx-files (you can change this in the EditServer) This trojan is written for Windows 95/98, it wasn't tested on other systems like 98se, NT and 2K, but it should work there, too. MoSucker is the best or one of the best trojans ever programmed with vb. Have fun with it!' 2.30: From the doc: 'This list will kill (terminate) all well-known firewalls and Anti-Virus programs currently running on the victim's system. It will NOT delete or currupt these programs, it will just stop them.' 3.0a: From the doc: 'This list will kill (terminate) all well-known firewalls and Anti-Virus programs currently running on the victim's system. It will NOT delete or currupt these programs, it will just stop them. Kills ZoneAlarm (Including Pro), LockDown, Norton AntiVirus, Trojan Check, Trojan First Aid Kit, MS Visual Studio Spy tools, Dr. Watson, RegEdit, The Cleaner, Trojan Defense Suit 3, Anti Trojan, Dr. Solomon, Norton Utilities, McAffee Virus scan, Kaspersky Anti Virus RegRun II, Tau Monitor, ANTS and AtGuard ... and others' MoSucker 3.0b - Released Nov. 20th 2002 !!IMPORTANT!! 1) MoSucker 3.0b servers are not compatible with the MoSucker 3.0a edit server. 2) If you get any runtime errors, execute Runtimes.exe in the runtimes folder. 3) Check the announcements in the forum for the latest public CGI locations. 4) The edit server cannot change the icon for servers that include the runtimes. Use reshacker or microangelo. Icon is 32x32 16 colors Changes/bugfixes for 3.0b - Modification of settings encryption for increased server security. - Edit server and client install runtimes if needed (since nobody can read). - MSN notification protocol error fixed. - MSN notification no longer gives visible error message when service is down. - Kill running system process checkbox error on reload fixed. - File exists routine for bound files fixed (bug rare) - Improved error handling in edit server. - Removed webdl.ocx dependancy. MoSucker ErEbuS: Ive packadged the mosucker trojan into a new trojan installer that compresses the file differently. This also installs the visual basic 6.0 runtimes with it. Copies file to system directory quietly and runs mosucker. Ofcourse, after it runs the mosucker server, the antivirus will pick it up. I leave this problem to you. These are the attached server's settings: port: 1037 (default) filename: wsvchost.exe deny local connections events: deleting/restoring of netstat and kills the threads of avs/fw melts the install ErEbuS" Mosucker properties: • Allows remote user connection • Hides from the user • Stays resident in background Automatic Mosucker removal:remover for Mosucker
Mosucker manual removal:Kill processes:backdoor.mosucker.11.exe, createserver.exe, editserver 2.0.exe, editserver.exe, free pink.exe, mosucker 2.0.exe, mosucker.exe, pics.zip.exe, server.exe, server1.exe, server2.exe, server3.exe, server4.exe, server5.exe, skinmaker.exe, [system root]\\jthh.exe, [system root]\\msnetcfg.exe, [system root]\\system\\svr.exe, [system root]\\temp\\pkg310.exe, [system root]\\temp\\pkg332.exe, [system root]\\temp\\pkg3392.exe, [system root]\\unin0686.exe, [system root]\\vvuijoe.exe, v young.exe Delete registry values: HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{beuicvq-zpdev-zyk-oswoz-ipcjbgekjhf} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{eengqgs-gdrfc-zzvzd-thmp-dnvpuihfkre} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{hmcsqss-ejo-sdbyh-rcwb-ypenjkwjze} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{mbubrwf-krfhc-cpg-qygw-lrjscpnsur} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{rtemrsp-vhe-kgsoz-enjdg-tdtfhwtknffn} Unregister DLLs: moicons.dll, [system root]\\buxyelbk.dll Delete files: 1.stub 2.stub, 3.stub, avkill_large.ini, avkill_small.ini, backdoor.mosucker.11.exe, bios killer plugin readme.txt, bios killer plugin v1.0.gui, bios_killer_plugin.msp, build.stub, createserver.exe, data.tag, editserver 2.0.exe, editserver.exe, fake login readme.txt, fake login.gui, fakelogin.msp, free pink.exe, front.jpg, fuck me!!!!!.vbs, get.cgi, help.chm, help+tutorial.chm, htm.cgi, infector readme.txt, infector.gui, infector.msp, moicons.dll, mosucker 2.0.exe, mosucker.chm, mosucker.exe, mosucker.ini, msn mass message readme.txt, msn message v2 readme.txt, msn message v2.gui, msn message.gui, msnmsgv2.msp, new default.title.gif, newfeatures.txt, pics.zip.exe, picture 26.jpg, pictures[1].txt, put.cgi, read me.txt, readme.txt, runtimes.txt, server.exe, server1.exe, server2.exe, server3.exe, server4.exe, server5.exe, setup.ini, setup.ins, skin.ini, skinmaker.exe, superclicks readme.txt, superclicks.gui, superclicks.msp, [system root]\\buxyelbk.dll, [system root]\\jthh.exe, [system root]\\kernel32.txp{10}, [system root]\\msnetcfg.exe, [system root]\\qirqgs.bin, [system root]\\system\\svr.exe, [system root]\\temp\\pkg310.exe, [system root]\\temp\\pkg332.exe, [system root]\\temp\\pkg3392.exe, [system root]\\unin0686.exe, [system root]\\vvuijoe.exe, [system root]\\wesapygp.sys, [system root]\\winexec32.dli, [system root]\\xqwrmthm.sys, tapisvc.sys.txt, thumbs.db, v young.exe, webdl.ocx Other programs to remove Mosucker:• SUPERAntiSpyware - Review - Download• CounterSpy - Review - Download • Windows Defender - Review - Download Information added: 10/04/05 Information updated: 10/04/05 Additional resources related to Mosucker:Attention: If you know or you have a website or page about Mosucker removal, feel free to add a link to this list: add url
more resources Post Comment:Attention: Use this form only if you have additional information about Mosucker parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
|
Latest spyware news:
 What could happen if you’d replied to every single spam message? Is your web browser safe? Supervisor of the newest Nigerian scam gets punished MySpace spammer sentenced to pay $6 million Security experts are worried about home computers France and Japan combines efforts to fight cyber crimes Why can’t spam say goodbye? The most secure and the most insecure domains of virtual world Beware of new scam targeting online banking accounts Why hackers are faster than you areSubscribe to news 
Similar parasites:
|
FORUM:
HELP:
