J’raxis·Com

J’raxis·Com
 
 
2008-09-08T01:36:31Z
http://www.jraxis.com/archive/dmsetup

DMSetup Information

DMSetup and it’s later version, DM2, were the first Trojans to hit IRC. Once a mIRC user became infected with DMSetup, the Trojan would propagate itself by DCC sending itself to anyone who joined a channel which the infected person was also in. The Trojan only acted if the user executed it; it would then install itself into several of mIRC’s *.ini files. Of course, If you’re stupid enough to run an unknown file downloaded from a stranger on IRC, you deserve it.

The original DMSetup always used the filename DMSetup.exe, but the newer DM2, of which there are actually several versions, propagates itself under several different names. The ones J’raxis has seen include 69101.exe, 311BUZZ.exe, BUNYLOVE.exe, CFGJUNK.exe, EYEPOWR.exe, FUCKSKIN.exe, GODFUN.exe, HELLPUSY.exe, ICQIRC.exe, JNKLOVE.exe, JNKNUKE.exe, LOVEHELL.exe, MIRCPOWR.exe, PEEINST.exe, POWRBUNY.exe, SEXTOE.exe, SETDoD.exe, TITPUSSY.exe, TITDINK.exe, TRICK.exe, UDPCANDY.exe, and YESARM.exe. There are most likely more.

People infected with DM2 can usually be identified by one of several telltale signs. They will either have hqghu as their real name in their whois, or possibly their nick, or they may have typehere or a number as their username. Once one of the hqghu people is disconnected, they often sign on again with a single-letter nick. DMSetup reached epidemic proportions when typehere was its identifying mark, to the point where this username was K-Lined on DALnet and several other IRC networks.

Using DMSetup (Victims)

You will usually know if someone is infected with DMSetup or DM2 the moment you join a channel; they will attempt to DCC the file to you. There are several things that can be done to someone infected with these Trojans—anything from getting them kicked out of the channel to downloading their entire C drive to your own computer! As far as J’raxis knows, this Trojan is only an annoyance, and cannot cause the infected computer any harm or data loss.

If a DM2 victim joins #NoHack, #mIRChelp, #OperHelp, #Help, #HelpDesk, #Help-Desk, #HelpCenter or #DALnetHelp, they will automatically quit. Joining #IRChelp results in an instantaneous part.

Here are some of the things that can be done to a person infected with DM2. These are all /NOTICEs that can either be sent directly to the infected person or the entire channel.

gerr
They broadcast to all channels: I like to lick my own ass hole.
gerrrr
They broadcast to all channels: I love to lick my own ass hole.
you suck
They broadcast to all channels: I sucked your dad's cock twice.
You are a lamer!
They reply: I am a lamer!
[channel]
They join the channel you specified.
gohome
They join the channels #Teen, #Teens, #TeenChat, #TeenSex.
ni!
They part all channels they’re in.
I hate your guts with a passion
They quit with: Waa! Some one told me off! }DM2{
I think you are cool
This turns their C drive into a file server.

In most of the versions of the Trojan, }DM2{ is appended to the end of their broadcasts; in some versions J’raxis has seen, it even appends your nickname! Also, in some versions of DM2, some of these commands will not work, particularly the broadcast commands.

The original DMSetup had only one command as far as J’raxis knows. If you messaged the person goawaysilly (all one word), they quit with: 'Tis to I who seem so sad as their signoff message.