ThreadBoard ArchivesSite FeaturesActiveworlds SupportHistoric Archives |
The AWToolKit Trojan (Community)
The AWToolKit Trojan // CommunitybrockJul 22, 2003, 5:17pm
Alright, this thread and all replies to it, are to inform, i suggest that
software intelligent people post replies to this threat. Alright what is AWToolKit.exe? It is NOT a virus. I hear people running around like morons saying OH MY GOD VIRUS, it's a TROJAN, TROJANS and viruses are different. VIRUS: Virus has a set course of action, it runs it's course and then stops. TROJAN: A Trojan penetrates your computer, and allows others to come in. Now because of this Trojan, your aw citizenship and other information is liable to be stolen. Okay, Black Plague Virus, Crazy Pills gave it that name..... Uh Black Plague Virus....THIS IS NOT A VIRUS, it's a trojan. Also, who is the creator of this trojan, none other than the one we know as M a t t. It sends information back to him, and he then continues by stealing the persons cit, and spreading his trojan trying to get people to download it. Now if you get a telegram, email, or something of that trying to download it, be vigilant, do not download e-mail attachments unless you are SURE that they are legit, but if you have any doubt, please, use common sense. By blowing this out of the water and panicing you are letting him win. Also, Matt is not a hacker, Matt is a script kiddie, don't give him that honor of calling him a hacker, he just doesnt deserve the title. -- Brock - 308723 - DE Leader brockJul 22, 2003, 5:25pm
For those who look at me weird, the sole purpose of this is to be a
AWToolKit FAQ for all the n00bs. -- Brock - 308723 - DE Leader builderzJul 22, 2003, 5:42pm
See my comments below:
[View Quote] True. > Okay, Black Plague Virus, Crazy Pills gave it that name..... Uh Black Plague > Virus....THIS IS NOT A VIRUS, it's a trojan. Correct, it should be classified as a Trojan and not a virus. > Also, who is the creator of this trojan, none other than the one we know as > M a t t. It sends information back to him, and he then continues by stealing > the persons cit, and spreading his trojan trying to get people to download > it. Now if you get a telegram, email, or something of that trying to > download it, be vigilant, do not download e-mail attachments unless you are > SURE that they are legit, but if you have any doubt, please, use common > sense. I'm not sure if M A T T made it or not, but someone posted that is it similar to the Backdoor.Beasty Trojan (http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.html). I don't have a safe "sandbox" available here to test it or to confirm either statement. > By blowing this out of the water and panicing you are letting him win. Also, > Matt is not a hacker, Matt is a script kiddie, don't give him that honor of > calling him a hacker, he just doesnt deserve the title. IMO, I agree that M A T T is a script kiddie. Now, let's not get the terms hacker and cracker mixed up next. :) Builderz http://www.3dhost.net themaskJul 22, 2003, 6:24pm
I don't think any "uber" hacker in AW can program for crap but bots that
make them look leet.. [BOT]: WorldMessaging ON (Global) E N Z O: HI!!! IM GAY!!! Hacker: ROFL LMAO OMG IM SO LIKE A GENIUS hehe.. no offense Enzo, but it's mostly you thats being offended by people who think your evil .. johnJul 22, 2003, 6:58pm
glitzy giftzJul 22, 2003, 6:59pm
I guess I am or was kind of one of these morons. I did but didn't know this
until I went to McCaffee website. This is my first post ever to any newsgroup. I will definitely be checking out the aw newsgroups and possibly/probably posting replies often. It is important to keep informed. I hope to learn much more through all of you. Thanks to all of you for being here. This trojan horse needs to be shot. It's very lame. Thanks to Bill and our phone calls to him and AW it seems that it has been fixed. On the one computer here that was invaded here with it anyway. Thanks Bill. :-) [View Quote] themaskJul 22, 2003, 7:08pm
*waits for E n z o to be at his door and then shows some kind of lawsuit* OH
CRAP brockJul 22, 2003, 7:29pm
POSTED BY NELXAGA:
Post subject: What that trojan does awtoolkit.exe immediately renames to c:\%win_root%\msagent\mslxlu.exe. It creates at least 3 registry entries, which call the program whenever you logon to windows and/or you start IE. Once mslxlu.exe it copies itself to c:\%win_root%\system32\msrksd.com, which is also called when you logon to windows or start IE. A third copy is made and copied to c:\%win_root%\win32cmds.exe. Using your taskmanager (win2k/XP) will show you this process once its running. All instances are UPX compressed files. Norton does NOT recognize the trojan! What it does: 1) It runs an IRC server on port 6666 2) It connects to ICQ using remote port 80 3) It tries to connect to hotmail.com to send off an email, using remote port 25. The virus has the capability of grabbing ahold of your citizen password. This is truthful because a number of citizens have got the telegram and downloaded the program. Pineriver and Grace H. Mace have both got the trojan, for example, so the hacker signs onto their accounts and sends out the above telegram telling their friends to get the program. Do not install this, or any other EXE files ever from anyone. Although I think you should know that by now. -- Brock - 308723 - DE Leader [View Quote] begin 666 icon_quote.gif M1TE&.#EA/ `3`+,``&-VBZJZS'6&FT!3:K/"U$E<<GZ/HS=+8FQ^DUMM at Z&Q MQ%)D>YBIN[S+W%EWE2Y"6B'Y! ``````+ `````\`!,```2^T,E)J[TX:_NZ M_V HCF3I26:JKB/*OC#IQC0]U_AZ`P+P\#[08#'H%!8/8F=83"X6!>>3=6,T M& \K] at -H>'W61T/P\S9\9JRY075\# S#`R[_! at `0B#+'C_N>7L+#0I1#0$] M;2]7?(U^C&%B6V9D.FX>6GQ;'H!Z?%UDG7N2'8>)EA^9F1\)!%X(#P)F2%U? MI9-FBAY'4;PA!PL!; ],'L4=4,A/2* at QP#FZT-(RE]/6(#?7U]G:TQO?X.$; #$0`[ ` end brockJul 23, 2003, 4:32am
Courtesy of NelXaga:
To get rid of the awtoolkittrojan download http://iceflare.net/nelxaga/stuff/awtoolkitdeleter.zip or use source code Private Sub clean_click() On Error GoTo 10 Dim path1 As String Dim path2 As String Dim path3 As String path1 = "c:\windows\msagent\mslxlu.com" path2 = "c:\windows\win32cmds.exe" path3 = "c:\windows\system\msrkds.com" Kill (path1) Kill (path2) Kill (path3) 10 MsgBox "Paths weren't found meaning that your computer doesn't have the trojan" End Sub -- Brock - 308723 - DE Leader |