Released in April 2004

evil-vnc is an vnc server injector as it's name it will install secretly
an vnc server on remote host ,and run it automatikly after
installation and you will be notified immediatly by server
given u the remote ip and password for connection.
once the server installed It allows a person at a remote computer to assume
control of another computer from network,
as if they were sitting in front of the other computer.
In other words, sitting at your desk in Baltimore, you could use it to take control 
of your mother's PC in London and show her how to install and use some new software package 
by actually doing it yourself. 
 
for cgi installation or setup check documentation in (ralog.zip/cgi.zip),server work with both
cgi logger (blackfire and netdevil).
once executed the server and components are cloaked,become (invisible).
each time when windows start you will be notified by the server.
usually the server  required no password for connection.
if u use your webbrowser for connection hit ok button without
password and connection done.
 

why this soft:
=============
it is just an help for system administrator to assume the maintance 
of remote computer's on their lan or network.one common scenario is using it to help 
troubleshoot the computer of a distant less-technically-savvy relative. 
In other words, sitting at your desk in Baltimore, you could use it to take control of 
your network user's PC  or client's pc in London and show them how to install and use some 
new software package by actually doing it yourself.
because sometimes the system administrator haven't enough free time to move from one contrie to another
for doing installation. 
 



how to connect to server:
=========================

for those who know jump this section

* to connect to server check your cgi notification
grab the ip addresse.don't worry for password.if password is requested by
server set "0000" as password.
download the winvnc viewer somewhere from the web and read how
to connect to an vnc server.

* the second way to connect to server is the web browser
on the addresse bar type the remote host addresse ip with port 5800
and hit enter button.

eg: http://192.168.0.1:5800


* once connected now you can use the remote computer like you
were in front of your computer you can do everything you need.
access file,folder,configuration,total control.... etc

notice:
======
before connecting to server,we recommed u to use an proxy server
or chain.it's for your own security for some stealth reason
but u can make an direct connection i u wanted.

matiteman



Server:
port: 5800, 5900 TCP

dropped files:
c:\WINDOWS\SYSTEM\iexplore.exe    size: 19.456 bytes 
c:\WINDOWS\SYSTEM\iexplorer.exe   size: 135.680 bytes 
c:\WINDOWS\SYSTEM\othread2.dll    size: 61.440 bytes 
c:\WINDOWS\SYSTEM\stealth.dll     size: 12.800 bytes 
c:\WINDOWS\SYSTEM\vnchooks.dll    size: 57.344 bytes 

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "OPTIMIZER" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "WinVNC"