Moses removal

Spyware Moses Information
Name: Moses Category: RAT Date: 2001-07-23 Author: Psyon Coded in: Visual C++ Dangerous: Yes

Moses is one of RAT spywares.
Finding it on your computer means that your computer is infected with RAT and crucial data could be endangered or even lost.

Moses description by Psyon:

From the Documentation: Moses - Remote Admin Utility By Psyon for MoDeM DISCLAIMER: This software is intended for legitimate remote administration needs. It´s provided as is, without any support from. MoDeM isn´t now & will not ever be responsible for any uses of the software. CONFIGURATION Use the configuration utility config.exe in the zip file. It should be pretty self explanatory. config.exe is a slimmed down version of the Bo2k Config utility. It works, thats all that matters. VERSIONS 2.0.1 BETA I added a file server, so that you can download any file from the host easier. Also I fixed the MSGBOX code that was causing the software to stop if no one clicked OK. 1.1.5 BETA I changed the way that the USERHOST response was being handled. It was preventing the lookup of the host IP properly, so dos consoles were not working right. 1.1.2 BETA I changed the ResolveHost() function. Im pretty positive it was responsible for some errors I was encountering. 1.1.1 BETA Just a few small bug fixes. 1.1.0 BETA I changed the installation process. The old way was not working on all computer. The installer & Moses are actually separate applications now, but they run as one. 1.0.1 BETA I fixed a problem with the initial setup not running on all computers. Also fixed a problem with Moses not connecting to IRC when it did run. 1.0.0 BETA This is the initial release of Moses. It´s not very complete. It does have some useful features in it, like the console. Check it out. COMMANDS All commands´re given by messaging the bot. If you´re familiar with IRC than you know what this means, if than stop reading & delete moses! Commands´re as follows: COMMAND - Forwards raw IRC commands to the server. USAGE: COMMAND ex: COMMAND PRIVMSG #Moses :Command used! CONSOLE - Gives you a DOS prompt in a DCC window. This function is extremely buggy & may not work on all computers. Im looking into fixing it. USAGE: CONSOLE EXECUTE - Executes a specified application or file. USAGE: EXECUTE ex: EXECUTE c:\windows\notepad.exe HELP - Lists all currently available commands. USAGE: HELP MSGBOX - Shows a message box on the remote machine. USAGE: MSGBOX ex: MSGBOX Sorry, you´re about to be rebooted QUIT - Makes the bot quit irc & reconnect. USAGE: QUIT [message] ex: QUIT quit requested from Admin REBOOT - Reboots remote computer. USAGE: REBOOT SEND - Forwards a series of any file matching a mask through DCC. It´ll send one at a time USAGE: SEND ex: SEND c:\windows\*.exe SERVER - Makes the bot switch IRC servers. USAGE: SERVER ex: SERVER irc.aohell.org VERSION - Returns current version of Moses. USAGE: VERSION Psyon

This RAT is also known as:

•Backdoor.BO2K.psyconf.
• Backdoor.Moses.115.
• Backdoor.Moses.115 - named by Kaspersky.
• BackDoor-PA - named by McAfee.
• Bck/Moses.115 - named by Panda.
• security risk or a "backdoor" program - named by F-Prot.
• Win32.Moses.115 - named by Computer Associates.

>> Delete Moses automatically - Download Spyware Doctor

Moses Removal Instructions
Kill the following processes -1705630907.exe, config.exe, installer.exe, lwclient.exe
Unregister the following DLLs and reboot userprof.dll in Windows\system\
Remove the following files -1705630907.exe, bo2kcfg.cpp, bo2kcfgdlg.cpp, bo2kcfgdlg.h, cmd_msgbox.c, config.dsp, config.exe, installer.c, installer.exe, installer.rc, license.txt, lwclient.exe, moses.c, moses.def, moses.dsp, moses.dsw, moses1-1-5b.vex, moses2-01.vex, readme.txt, resource.h, stdafx.cpp, stdafx.h, vssver.scc. userprof.dll in Windows\system\

Bookmark Moses page

Previous Spyware: Remove Moscow Mail Trojan 1.6

Next Spyware: Remove Moses 1.1.5 b