Services    Trojan info    Chat    Downloads      About Us      Contact  Us     Help Forum     Support Us    Search

Spirit 2000
This is a dangerous  trojan with some unique features that can be used to screw with the victims monitor etc .
The beta version wasn't that powerful but the latest release of this trojan is very powerful and can be used as a powerful remote access trojan like netbus , subseven

Removal (Beta version)
Next Click Start, and go to Run. In the box, type regedit and click OK.
When regedit starts, you will see a file-like tree on the left hand panel. Open the folders to follow the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Click on 'Run' and the righthand panel will change. Look for the item titled: internet = "c:\windows\netip.exe "
Right click on 'internet' and choose Delete.
Close regedit

Next, open Windows Explorer, or go into your C drive in 'My Computer', and move into the C:\windows\ directory. Find the file win.ini and double click it to open the file in notepad.
Find the section that starts with [Windows], and below look for a line as follows:
run=c:\windows\netip.exe
Remove that whole line, and save win.ini.
Next reboot your computer.
When windows restarts, open Windows explorer, and in the directory C:\Windows\System\ find and delete the file netip.exe.


Removal v1.2
Next Click Start, and go to Run. In the box, type regedit and click OK.
When regedit starts, you will see a file-like tree on the left hand panel. Open the folders to follow the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Click on 'Run' and the righthand panel will change. Look for the item titled: SystemTray = "c:\windows\windown.exe "
Right click on 'SystemTray' and choose Delete.
If this item is listed, delete it as well.
Be careful that you Only delete the 'SystemTray' item IF it has the same program name listed above. If it shows anything else, it may be the Real SystemTray and should Not be deleted.

Reboot your computer.
When windows restarts, open Windows explorer, and in the directory C:\Windows\System\ find and delete the file windown.exe.