BO2K Server
Trick
-=[ Presented by WaJ
]=-
| Author | Wajid |
| Target | BO2K trojan horse. |
| Completed | 20 NOV 99 (Public release) |
| Groups | Hellforge |
| Contact | [email protected] |
| Dedication | DG '99 |
| Wise Word | hmmmm. |
Hey, this is a neat trick I discovered when I was testing BO2K on myself. You should by now know that BO2K is very stealthy. A normal .exe has the capability to hide from a process dump, unlike other trojans in the scene. It does this by attaching itself to threads. The interface, however, not so friendly, IMHO, BO2K is THE MOST advanced trojan out there. Anyway.. enough of that.. let get down to business...
When you make the target file = *.exe and execute it, you will find it spring into action without a trace in the process dumpers (assuming you have set this option). Now here is the trick... Find the .exe file, and execute it AGAIN. This will then make the process visible in a process dump, hence you can kill it. NOTE: Killing that visible process will actually KILL the trojan. You can verify this by deleting the trojan .exe file. heh.
(C)opyright Wajid. http://wajid.cjb.net