Hacktool.THCIISLame worm

April 26, 2004

Hacktool.THCIISLame is a hack tool that takes advantage of the SSL PCT Windows vulnerability, as described in Microsoft Security Bulletin MS04-011.. It provides an attacker a system shell on a specified remote computer.The vulnerability affects unpatched versions of Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003.

Upon execution, Hacktool.THCIISLame performs the following actions:

  1. Sends a specially crafted exploit string to TCP port 443 of the IP address, specified on the command line.
  2. If the vulnerability is successfully exploited, the shell code executed will reconnect to the IP and port that the attacker specified on the command line.

Removal

Symantec has release some information about this worm and its removal at:
http://www.sarc.com/avcenter/venc/data/hacktool.thciislame.html

If your computer is still having problems after following the instructions, you will need to format your computer and reinstall your operating system and applications.