Net Bus

intro

Net bus was intended for use as a remote administraition tool. Net bus consists of 2 parts. The server and a client.

net bus capabilities

with the server in place the hacker uses the client software to access the infected computer. Once the hacker has gained access to the infected computer they can open the cd-rom, reverse the mouse buttons,start a program, use the infected computers sound card to record the any conversations in the room, do a screen dump which is a picture of what is on the screen of the infected computer, download files, upload files including virus, shut down the key board, delete files, open a url,open any picture that maybe on the hard drive,open and control applications, and make the computer reboot.

how do you get infected

net bus IS NOT a virus and can not be picked up by a virus scan. It is most commenly past out with another file and the exe is run by a .bat file. most commen means lately has been a file called wackjob.zip. people are being told it is simply a game called wack-a-mole. When the exe is run it opens a self extracting zip and runs a bat file making the game open as well as running the exe for the net bus server. It has also been past out on IRC as a sound utility called SoundX.exe and users are being told it is to hear sounds wav files played on remote machines that you dont have locally.

how to clean the infection

Net Bus is not a virus technically but is very damaging to your system. There are several things to look for when cleaning it off your system. If you are not familure with editing the registry DO NOT touch it.

the first part is the driver that makes it work.

keyhook.dll

this driver will most likely be in the windows directory.IF you are a windows 95/98 user you can use the file find to locate it. Once it has been located simply high light it and hit the delete button. You may have it in one or more directory so be sure to delete all copies of it .

explore.exe or patch.exe

this file is the server and can also be named what ever the hacker chooses. first use file/find to look for either of these files.If located delete all of them. next do a manuel search of the windows directory. This can be done using windows explorer.in the windows directory look for a icon that looks like a satelite dish or a torch.If you locate a icon like this delete it and send us the name of the exe file at [email protected] .

editing the registry

the net bus server no matter what name it is given once installed makes a entry in the registry. to edit this go to windows run and type in "regedit" after typing this in look in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

for the net bus entry delete the entry and save your work and you are clean.

 

JBS Technical Services Inc. and any associates will be held harmless of any damages or loss of profits caused by missuse of any and all info listed on this page