by prncipia
Released in February 2006
Genie v1.1 , for Windows 98/NT/XP,build 01-02-2006 Code by prncipia Genie is a simple Telnet backdoor program. -When Gene.exe executed, it opens port on 1179. -Creates a copy of itself as %System%\regmont.exe and %windir%\cagent.exe -And adds the follow values in the registry to be executed each time Windows starts. "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" "RegMon" = " %System%\regmont.exe" "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" "Run" = "%windir%\cagent.exe" Genie commands: Exit Close current connection. Reset Reboot windows. Vshutdown Shutdown the virus. Now to conect to remote host you have to type Telnet "targets_ip" 1179 then type "hello" to activate the program. And the last step is to ask you for the password and by default password is "katerina". That's it. I accept email from any user with comments or bug fixes. Note: This is version 1.1 so the are bugs, incompatabilities with various flavors of windows and other anomolies ! But if you want something better write it yourself. Oh and send me a copy..!! Of course this program is untraceable from any antivirus .......except firewalls. prncipia dropped files: c:\WINDOWS\cagent.exe Size: 15,486 bytes c:\WINDOWS\system32\regmont.exe Size: 15,486 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "Run" data: C:\WINDOWS\cagent.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "RegMon" data: C:\WINDOWS\System32\regmont.exe tested on Windows XP March 19, 2006MegaSecurity