[AVOID HyperFIGHTER] last updated: 2002/02/15

Sections:

  1. Detection
  2. Removal

Detection Questions Answers
Does HL allow remote access to your computer? Yes. It allows powerful remote control to your files, as well as being able to reboot your system.
What trojan software detects HL hidden files? As of feb 15th 2002, none that I have tried.
  • TDS-3 does not
  • The Cleaner 3 does not
  • Trojan Hunter 2.5 does not [unless you add a RULE]
What software can I use to detect HL software?
  • SpyGuru [directory monitoring]
  • BlackICE [packet capturing]
  • DirectoryCRC [it checks before and after installs]
  • Ethereal [packet capturing analysis]
Does HL get re-coded to bypass detection? Yes each version gets harder to detect hidden files / control
What is the Mswinsck.ocx HL installs, it says it is signed by Microsoft it must be safe then? Mswinsck.ocx is one of the secret files HL installs. IT IS VERY POWERFUL and HL can use ALL of it undetected by normal means. The files is only DATE signed and it has mismatched verification. This is verysuspicious.

Trojan submission to DCS makers of TDS-3

There have been rumours that DCS has fully checked HyperLOBBY for remote access code and all dangers to the user. THIS IS FALSE.

DCS claims the following:

How pathetic can they get?

Interesting Trivia: after adding the fingerprint of the HL program into Trojan Hunter, it Found trojan file: D:\apps\TDS-3\execprot.exe (HyperLOBBY.26133) That means TDS and HL use so much of the same code or infect each other.

Interesting? No?


Removal

Here are some quick notes to help you remove the HyperLOBBY Pro 26133 infection from your system[s]

  1. Go offline
  2. from START menu select RUN, the REGEDIT
  3. find text MSWinsock.Winsock
  4. remove any key found
  5. exit regedit
  6. file find mswinsck.ocx
  7. remove or rename that file
  8. uninstall hyperlobby via its uninstall program

Options: other files that might be infected, rename or delete them at your own risk

Older versions of HyperLOBBY may have infected your TWAIN_32.DLL file. Delete that file [you may have to access your sytem via a boot floppy], and reinstall it from your scanner software.

Good luck

end