The TIc.K 2003 0.1

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 - Firewall & AVS Killer (Supports: Norton Firewall (ATGuard) & AVS, Cleaner, Lockdown, McAfee, BlackIce, Zone Alarm, Conseal Firewall) - Delphi Edit Server New Key Ripper Games: - Need for Speed Underground

About: The TIc.K 2003 is a Client-Server R.A.T with the following Features: - File Upload & Run (to app.path or windows dir) - IP / Dynamic IP Notifier System - Autostart (Run-RunOnce) - CD Key Ripper - Kill Firewall & AVS

Server Informations: Compiler: Server Compatibility: Win 95/98/NT/ME/2K/XP Server Location (Autostart): ..\windows\SVCHOST.exe Startup once: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce "MS Rem-Service" Startup run: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "MS Rem-Service" Command Port: 22222 File sending Port: 22220 (hardcoded) Notifier Port: 22200 Connection Type: TCP IP

Instructions: Run ServerAdmin.exe Step1: Open server. Step2: Enter your IP / Dynamic IP and save the data. Optional: Compress / Demcompress server with upx. Now send those modified server.exe file to your victim. Open the Client and wait for incomming connections. DoubleClick the incomming connection data to connect to the server. (or press the 'Connect' button)

Alias:

 Backdoor Program [Panda], Backdoor.Tetick.c, Backdoor/TIc.K!Server [Computer Associates]

Category:

AV Killer: Any hacker tool intended to disable a user's anti-virus software to help elude detection. Some will also disable personal firewalls.

Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.

Firewall Killer: Any hacker tool intended to disable a user's personal firewall. Some will also disable resident anti-virus software.

Notifier: Any tool designed for stealth notification of an attacker that a victim has installed and run some pest. Such notification might be done by FTP, SMS, SMTP, or other method, and might contain a variety of information. Often used in combination with a Packer, a Binder and a Downloader.

Similar Pests:

 AV Killer · Backdoor · Downloader · Firewall Killer · Notifier

Origins

Author:

 AGM65

EMail:

 ruxnetsys@yahoo.de

Programming Language:

 Delphi

Date of Origin:

 December, 2003

Operation

Platform:

 Win 95/98/NT/ME/2K/XP

Storage Required:
  • The TIc.K 2003 0.1: at least 717 KB
    		•

    Restart:

    		 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce "MS Rem-Service" Startup run: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "MS Rem-Service"
    Autostarting Pests

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove The TIc.K 2003 0.1 from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 04, 2005