Dark FTP (1.6)
Server name: Dark FTP
Version: 1.6
Different versions:  [1.0b][1.1][1.2][1.3][1.4][1.41][1.5][1.6][1.65][1.7]
Tested: Yes, on Windows 95 and Windows NT
Server size: 240K or 438K
Server files: msregscn.exe
Server icon:

Infects: Windows 95/98/ME/NT/2000
Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: MSRegScan
Default port: 21 TCP
Can port be changed: Yes

Server Features

  • Disable @Guard
  • FTP server
  • Restart or Shutdown windows

 
Comments 
Dark FTP 1.6 is a Spanish trojan. Dark FTP is an invisible FTP server. The server lets anyone with a FTP client connect. Being a FTP server means that the "hacker" can upload, download and delete files. Dark FTP also logs on to IRC, where it broadcasts that you are infected. Dark FTP 1.6 can be pre-configured. The IRC server and channel to notify can be changed. Also the FTP port, username and password can be changed. Note that all this configured information is stored on your computer in the Data key in the registry at HKEY_LOCAL_MACHINE\Software\DataLogic\ActiveSubControl\Arrays. Also note that this version was released with the server exe file being compressed (240 kilobyte version) and not compressed (438 kilobyte version). 

How To Remove 
Quick fix: no quick fix programs
Manual removal:

  1. Remember the value (trojan location) MSRegScan key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and then remove the MSRegScan key. Which can be done with regedit or any other registry editing program. 
  2. Reboot the computer or close trojan file listed in the registry.
  3. Delete the trojan file listed in the registry. 

 
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.