TRDOS web site section, original INDEX.HTML : index1.html

TRDOS web site section, original SPECS.HTML : specs1.html

Following URLs are resource of WIN32/Tenga.gen virus file DL.EXE  : and

If a computer which with infected EXE files with WIN32/Tenga.gen virus, the virus code

trys to download "DL.EXE" at above URLs. If it successes, then DL.EXE will try to download TROJAN files for

grabbing (transfering) paswords and e-mail info to the (vx9) remote computers.

I have found and I have used NOD32 Antivirus program for Windows XP and also for DOS (NOD32DOS.EXE)

If the virus infected Windows XP system initialization files like WINLOGON.EXE (and if you run Windows XP on FAT32 file system) you need to start computer with WINDOWS 98 System Disk and run NOD32DOS.EXE for cleaning the WINDOWS XP system fıles.

You can download NOD32 Antivirus program at: (also you can get info about that virus, there)

NOD32 Antivirus Program successfully detects and cleans files which infected by WIN32/Tenga.gen worm/virus.


Erdogan Tan (14/5/2006)


My Message from one day ago:


Me, Erdogan Tan, I am temporary stopping service of original specs.html and original index.html

web pages due to show/declare about VIRUS senders and virus owners/developers.

I found "dl.exe" trojan program when my Windows XP OS running.

Continuously it was trying to run but it was failing.

Several times i had resetted my Windows configuration but DL.EXE problem restarted again.

Yesterday, i disabled INTERNET configuration and i saw that

some code was trying to access DL.EXE file


for downloading it. At normally, it is hidden but if you setup window XP and prevent to internet access at the beginning. You see the virus URL or download request.

For example: when i have disabled ADSL connection and Windows gave a  message to me, "a program is trying to get a file or info from", "a program is trying to get a file or info from".

When i look it. I tried to clean it but when i use my new BINARY FILE EDITOR (CODE GRABBER v1.0) (with Visual Basic 6.0 source code)

i see, most of exe files on my disks, have been infected. Original windows xp files are shorst and infected file has

3 KB additional virus code with an executable (with MZ header) image.

You see screen capture images of virus infected and clean TASMAN.EXE as example.


(NOTE: original virus is not DL.EXE. Original virus does this,downloads and runs the trojan file DL.EXE)

The VIRUS which downloads and run DL.EXE at





WINDOWS XP TASKMAN:EXE with VIRUS addition, byte pos: 17785 (NOTE: "MZ" shows  virus code is an exe code.)

Notice that virus site names and virus file name are shown at the binary file editor window.


TASKMAN.EXE without VIRUS, notice that file size is 15360 bytes


Continual code of VIRUS:

Notice that: bytes position 17785 is the start of virus code. Virus added file size: 18944 bytes.

Then, the virus code is 3584 bytes. (Note: virus code addition changes the orginal windows XP file date/times with last modification date/time. So

an XP user can understand virus infection: by seeing it has changed windows SYSTEM32 exe file or any exe file size, date/time which had original WINDOWS XP setup -fixed, cd-rom file- time, before. Also file size will be 3-4 KB larger.

FINALY, we can say...

That is a pitty...

DL.EXE gamers

or UNTENTI.LYCOS.IT or VX9.FREEBSD.AT guy,gay gamers

have been fucked by CODE GRABBER v1.0 program by Erdogan Tan.

 DL.EXE OUT... Code Grabber... IN...


Let developers fuck hackers...

I am an amateur developer... I don't like hackers... Because, They are info SUCKERS...

Hackers are also suckers...



Erdogan Tan (13/5/2006)