Name: achtung
"ACHTUNG! free (tm)
Main: Achtung.exe 327 KB (334,848 bytes)
Keys: values added: 2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
"HRZR_EHACNGU:P:\hamvccrq\npughat\npughat.rkr"
Type:
REG_BINARY
Data:
5F, 00, 00, 00, 06, 00, 00, 00, E0, 84, 38, 84, 4A, BD, C0, 01
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Achtung"
Type:
REG_SZ
Data:
C:\WINDOWS\achtung.exe
Version:
"ACHTUNG! Free (tm)
Type: keylogger
(some versions don’t function as a keylogger)
Port/s used: none
Files: none
Modifies: none
Aliases: D.I.R.T
Behaviour: Once
executed a message pops up telling you, you are using a system that is being
monitored, then prompts you to accept these terms and hit ok
Removal: click Start,
and go to Run. In the box, type regedit and click OK.
When regedit starts, you will see a
file-like tree on the left hand panel. Open the folders to follow the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Look for a value named "Achtung"
right click on it and choose delete.
Reboot, then find and delete the
following file: Achtung.exe
327 KB (334,848 bytes)
Special: This file is
actually a demo type file, It may not run as a keylogger but similar products
by the same company do run as keyloggers, that’s is why this program was added
to the library. It could be considered a trojan because it is not easily
removed and writes a registry entry allowing it to autoload on reboot.
Author: Codex Data
Systems, Inc.
Notes: here is a
quote from the programs readme.txt file
"ACHTUNG! Free (tm) supplies a
supervisory notification to users of company
Or personal computers that they MAY be
subject to monitoring and requires
their acknowledgement in order for the
user to access said computer. This
version performs NO OTHER FUNCTION.”
“Full versions of "Achtung!"
(tm) and "Achtung! Pro" (tm) the civilian
version of D.I.R.T. will be available soon from our…"