Web Ex (1.3)
Server name: Web Ex
Version: 1.3
Different versions: [1.2][1.3][1.4]
Tested: Yes, on Windows 95 and Windows NT
Server size: 182K
Server files: Task_Bar.exe
Server icon:

Infects: Windows 95/98/ME
Autoloads: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: RunDl32
Default port: 1001 TCP
Can port be changed: No

Server Features

  • Control mouse
  • Draw circles
  • File viewer
  • FTP server
  • Get information
  • Key logger
  • Open/Close CD-Rom
  • Run program
  • Send message
  • Send text
  • Send to URL
  • Shutdown windows
  • Swap mouse buttons
  • View/close active programs
  • Write on screen

 
Comments 
Web Ex 1.3 is a Visual Basic trojan that has a client resembling NetBus. This version has a few more features than version Web Ex 1.2. Now the "hacker" can create an FTP server on your computer and access any files. Plus Web Ex 1.3 has a key logger, which means that if you are infected you should change any passwords you have to type in. Also note that at the time it was created, the Web Ex 1.3 server logged all servers on a web page. However, this web page has been taken down. 

How To Remove 
Quick fix: Anti dote 1.3
Manual removal:

  1. Remove the RunDl32 key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run  Which can be done with regedit or any other registry editing program 
  2. Reboot the computer or close Task_bar.exe.
  3. Delete the trojan file Task_bar.exe in the windows system directory. 

 
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.