Code: p241 Severity: Notice
Description: The DeepThroat backdoor is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. With the DeepThroat backdoor, an attacker can do the following: ? access files and the system registry ? execute programs ? open a web browser to a URL ? open and close your CD-ROM drive ? start and stop an FTP server on your computer ? send messages that appear on your screen ? retrieve cached passwords Impact: Windows NT, Windows 95, Windows 98, Trojan Horse: Windows Corrective: To remove the DeepThroat backdoor from your computer, follow these steps: Using Regedit, find the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. Identify the DeepThroat registry entry. The entry could have one of two names: SystemDLL32 (for DeepThroat version 1.0) Systemtray (for DeepThroat version 2.0 or 3.0) Stop the DeepThroat program from running. This process is different based on the version of Windows you are running. Windows 95/98: Restart the computer in MS-DOS mode. Proceed to step 4. Windows NT: Press CTRL+ALT+DEL, then click the Task Manager button to start the NT Task Manager. Click the Processes tab, and search the list for the file you identified in step 2. Select the file, and click End Process. Delete the DeepThroat program file that you identified in step 2. Windows 95/98: From the DOS command prompt, delete the file from the path named in the registry value. Windows NT: Delete the file from the path named in the registry value. Using Regedit, delete the registry entry you identified in step 2.
|
