Hacktool.THCScan

Printer Friendly Page

Updated: February 13, 2007 11:40:50 AM
Type: Dialer, Hack Tool
Version: 2.0 - 2.02
Publisher: THC (The Hackers Choice)
Risk Impact: High
File Names: THC-SCAN.EXE thcscan.exe
Systems Affected: Windows

Behavior


Hacktool.THCScan is a tool for "war dialing" a range of telephone numbers to find carriers and other types of phone systems.

Symptoms


Your Symantec antivirus program detects this threat as Hacktool.THCScan.

Transmission


An attacker may install this program after a system is compromised.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version November 23, 2004
  • Latest Daily Certified version January 17, 2008 revision 033
  • Initial Weekly Certified release date November 23, 2004

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Updated: February 13, 2007 11:40:50 AM
Type: Dialer, Hack Tool
Version: 2.0 - 2.02
Publisher: THC (The Hackers Choice)
Risk Impact: High
File Names: THC-SCAN.EXE thcscan.exe
Systems Affected: Windows


Hacktool.THCScan uses a modem to dial a range of telephone numbers to find carriers, PBX's, voice mail boxes, and so on. Depending on its use, it could incur large phone bills.

Although this program is a DOS program, it can be successfully run on a range of UNIX-based systems, using a DOS emulator such as Dosemu.

Updated: February 13, 2007 11:40:50 AM
Type: Dialer, Hack Tool
Version: 2.0 - 2.02
Publisher: THC (The Hackers Choice)
Risk Impact: High
File Names: THC-SCAN.EXE thcscan.exe
Systems Affected: Windows


The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

  1. Update the virus definitions.
  2. Close modem connections
  3. Run a full system scan and delete all the files detected as Hacktool.THCScan.

For specific details on each of these steps, read the following instructions.


1. To update the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
  • Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
  • Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

    The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

2. To close modem connections
This risk uses available modems to create an Internet connection, sometimes without any visible signs. In order to successfully remove this threat, ensure that all modem-based Internet connections are disconnected before proceeding. For instructions on how to do this, consult the appropriate Internet service provider, computer manufacturer, or operating system documentation.

3. To scan for and delete the infected files
  1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.
  2. Run a full system scan.
  3. If any files are detected as infected with Hacktool.THCScan, click Delete.


    Note:
    If your Symantec antivirus product reports that it cannot delete an infected file, Windows may be using the file. To fix this, run the scan in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode." Once you have restarted in Safe mode, run the scan again.

    When all the infected files have been deleted, restart the computer in Normal mode.