icKiLLeR creates the a file called 1.exe and it places a key in the the windows registry that makes the program to run 
every time that the windows is executed. It runs in the windows with the name of explorer.exe and if you press ctrl+alt+del 
you'll see 2 explorers running (isn't that "exploring - c :\", it is only Explorer), one of this "explorers" is the trojan 
you are running. The fake explorer turns your computer into a server that can be accessed from the port 7789. With his 
program, he can execute several commands, delete, copy your password files, confidential files and finally gives access to 
ALL your computer. If you installed ickiller and want to confirm the backdoor, run a portscan on your own IP and you will 
see that port 7789 will be open. To remove ICKiller and turn off all those things that it comes with it, do the following:
1. press ctrl+alt+del
2. finish Explorer (have 2 one of them is the false explorer that allows him to do all explained above)
3. go in the c:\windows\system and delete explorer.exe (do in that order, because if you try to delete false explorer.exe 
   before you finish the app, windows will say that the application is still running).
4. later seek a key in windows registry that executes explorer in the windows. (use regedit that comes with windows). 
   Execute x:\windows\regedit.exe, edit-find-Explorer.exe until finding: run / / \system\explorer.exe, when it finds it, 
   delete that key. 

                                            -- www.warforge.com, 5/25/98