Faceless ICQ

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 From the doc: 'The server is coded in VB but it doesn't need either MSVBVM60.DLL or MSWINSCK.OCX On 9x,2000 Professional and ..Anyways Its the BETA VERSION.Just released for 'TESTING'.The '*Fixed version' will be released soon.INSHALLAH. One thing more.It has been sucessfully tested on 9x,Win 2000 a .So 'PLEASE' Dont say that it still needs runtimes.'

Alias:

 Trj/W32.Notifier [Panda], Trojan Horse.LC [Panda], TrojanNotifier.Win32.Faceless [Kaspersky], Win32/Faceless!Trojan [Computer Associates], Win32/otifier/Win32.Faceless!Tro [Computer Associates]

Category:

Misc Tool: Any tool that might be used in planning an attack on a system, developing tools for such an attack, or performing it.

Notifier: Any tool designed for stealth notification of an attacker that a victim has installed and run some pest. Such notification might be done by FTP, SMS, SMTP, or other method, and might contain a variety of information. Often used in combination with a Packer, a Binder and a Downloader.

Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Similar Pests:

 Misc Tool · Notifier · Trojan

Origins

Author:

 Faceless Master,

By This Author:

 Faceless Fake Mailer 1.0 · Faceless Sin 2.0 · Herman Uploader · Herman Uploader 1.0 · Herman Uploader Public Beta 1.0 · Herman Uploader Public Beta 1.1 · IH Infector · IH Infector 1.0 · IH-Infector 1.2 · RAM Eater · RAM Eater 1.2 · Remote VIREUS · Remote VIREUS version 2 · Sin · Sin 1.0b · Sin 2.0 · Sin Static Ip Notifier · Static IP Notifier

Group:

 ISLAMIC HACKERS

Date of Origin:

 January, 2003

Operation

Storage Required:
  • Faceless ICQ: at least 105 KB
    		•

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove Faceless ICQ from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Unregister DLLs:

    Unregister these DLLs with Regsvr32, then reboot:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 February 28, 2005