Death (1.0) 
  Server name: Death 
  Version: 1.0 
  Different versions: None 
  Tested: Yes, on Windows 95 and Windows NT 
  Server size: 40K 
  Server files: config.cfg 
  Server icon: 
         
  Infects: Windows 95, 98.  
  Autloads: Registry:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
  Key: sys_config 
  Default port: 2 TCP 
  Can port be changed: Yes 

  Server Features 

       Open/Close Cd-rom 
       View/Delete files 
       Swap moust buttons 
       Shutdown/Logoff/Restart 
       Get/Change to drives 
       View running windows 
       Close/Lock/Make top/Change caption of running windows 
       Get server status 
       Get server time 
       Shut down server 
       Remove server 
       Beep 
       Send message 
       Get text file 
       View/Destroy running proccess's 
       Set name of the server 
       Put server in sleep mode 
       Spawn program  



  
 Comments  
 Not much to say about Death 1.0. It's a standard Visual Basic trojan
 with the standard features.  

 How To Remove  
 Quick fix: no quick fix programs 
 Manual removal: 

    1.Remove the sys_config key in the registry located at
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices 
      Which can be done with regedit or any other registry editing
      program.  
    2.Reboot the computer or close config.cfg 
    3.Delete the trojan file config.cfg in the root(c:\) directory.