NetDefend IPS
IPS Advisories
Anti-Virus Advisories
NetDefend Web Content Filtering
NetDefend IP Reputation
NetDefend Update Center
IPS History
Jun 22, 2022
Jun 20, 2022
Anti-Virus History
Feb 12, 2022
Jan 06, 2022
Oct 23, 2021
Aug 29, 2021
Aug 23, 2021

Home > NetDefend Live > NetDefend IPS Service
NetDefend IPS Service
Advisory ID
DeepThroat backdoor for Windows
IPS Signature
Maintenance IPS Signature
IPS Group
Oct 08, 1998
Deep throat leaves port 6670 tcp open so that people can use tcp scanners to find infected victims, this port serves no other purpose.
There is a Global Master Password backdoor in all the servers: v 2.0 - whothefuckdoyouthinkiamgoddamnit2v 2.1 - whothefuckdoyouthinkiamgoddamnit1v 3.* - whothefuckdoyouthinkiamgoddamnit3

DeepThroat (versions 1, 2 and 3):
DeepThroat version 1 only works on Windows 95 and 98 machines, but versions 2 and 3 will run on Windows NT.
DeepThroat is a backdoor that operates on UDP port 2140. All three versions that are currently released use the same protocol: DeepThroat sends a UDP packet with a 2 byte command code, and the server sends back a response. For a 'ping' packet, the UDP packet's data is "00".
Affected Application
Microsoft Corporation: Windows 95, 98, NT Any version
1. Using Regedit, find the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key.
2. Identify the DeepThroat registry entry. The entry could have one of two names:
SystemDLL32 (for DeepThroat version 1.0)
Systemtray (for DeepThroat version 2.0 or 3.0)
3. Stop the DeepThroat program from running. This process is different based on the version of Windows you are running.
- Windows 95/98: Restart the computer in MS-DOS mode. Proceed to step 4.
- Windows NT: Press CTRL+ALT+DEL, then click the Task Manager button to start the NT Task Manager. Click the Processes tab, and search the list for the file you identified in step 2. Select the file, and click End Process.
4. Delete the DeepThroat program file that you identified in step 2.
- Windows 95/98: From the DOS command prompt, delete the file from the path named in the registry value.
- Windows NT: Delete the file from the path named in the registry value.
5. Using Regedit, delete the registry entry you identified in step 2.
Enter your details in the box below to receive an email each time we post a new issue of our newsletter.

Jun 27, 2022