Deep throat leaves port 6670 tcp open so that people can use tcp scanners to find infected victims, this port serves no other purpose. There is a Global Master Password backdoor in all the servers: v 2.0 - whothefuckdoyouthinkiamgoddamnit2v 2.1 - whothefuckdoyouthinkiamgoddamnit1v 3.* - whothefuckdoyouthinkiamgoddamnit3
DeepThroat (versions 1, 2 and 3): DeepThroat version 1 only works on Windows 95 and 98 machines, but versions 2 and 3 will run on Windows NT. DeepThroat is a backdoor that operates on UDP port 2140. All three versions that are currently released use the same protocol: DeepThroat sends a UDP packet with a 2 byte command code, and the server sends back a response. For a 'ping' packet, the UDP packet's data is "00".
Affected Application
Microsoft Corporation: Windows 95, 98, NT Any version
Solution
1. Using Regedit, find the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. 2. Identify the DeepThroat registry entry. The entry could have one of two names: SystemDLL32 (for DeepThroat version 1.0) Systemtray (for DeepThroat version 2.0 or 3.0) 3. Stop the DeepThroat program from running. This process is different based on the version of Windows you are running. - Windows 95/98: Restart the computer in MS-DOS mode. Proceed to step 4. - Windows NT: Press CTRL+ALT+DEL, then click the Task Manager button to start the NT Task Manager. Click the Processes tab, and search the list for the file you identified in step 2. Select the file, and click End Process. 4. Delete the DeepThroat program file that you identified in step 2. - Windows 95/98: From the DOS command prompt, delete the file from the path named in the registry value. - Windows NT: Delete the file from the path named in the registry value. 5. Using Regedit, delete the registry entry you identified in step 2.
