Remote Storm (1.2)
Server name: Remote Storm 
Version: 1.2
Different versions: None
Tested: Yes, on Windows 95 and Windows NT
Server size: 173K
Server files: Extract.exe
Server icon:

Infects: Windows 95/98/ME/NT/2000
Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: WinManager
Default port: 1441 TCP
Can port be changed: No

Server Features

  • Click any one of three mouse buttons 
  • Click start menu 
  • Display illegal operation 
  • Enable/Disable clipboard 
  • Enable/Disable double click 
  • Exit windows 
  • Fake format 
  • File manager 
  • Key logger 
  • Minimize all windows 
  • Open/Close Cd-Rom 
  • Send message 
  • Send text 
  • Send to URL 
  • Server setup 
  • Set computer name 
  • Set resolution 
  • Show/Hide task bar 
  • Start screen saver 
  • Swap mouse buttons 
  • View/close running windows 

 
Comments 
Remote Storm 1.2 has some unseen features. It is nice because it is not destructive on the other hand it is scary. It can display a fake formatting of the server. This fake format can be configured to start right when the dialog is shown or when the server hits the X button. Also it can display fake illegal operation messages (that look exactly the same except you can't hit details more then once). Plus this can be configured that if the program it is saying had an illegal operation and is running Remote Storm will actually close it. The server also infects Windows NT/2000 computers.

How To Remove 
Quick fix: no quick fix programs
Manual removal:

  1. Remove the WinManager key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run  Which can be done with regedit or any other registry editing program. 
  2. Reboot the computer or close DllRun.exe.
  3. Delete the trojan file DllRun.exe and DllCount.sys in the windows system directory. 

 
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.