by prncipia
Released in February 2006
Genie is a simple Telnet backdoor program. -When Gene.exe executed, it opens port on 1179. -Creates a copy of itself as %System%\regmont.exe and %windir%\cprog.exe -And adds the follow values in the registry to be executed each time Windows starts. "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" "RegMon" = " %System%\regmont.exe" "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" "Run" = "%windir%\cprog.exe" Genie commands: Lock locking Taskman and registry editors (win2k/xp) UnLock Unlocking Taskman and registry editors (win2k/xp) Reset Reboot windows. Exit Close current connection. Vshutdown Shutdown the virus. Now to conect to remote host you have to type Telnet "targets_ip" 1179 then type "hello" to activate the program. And the last step is to ask you the password and by default password is "katerina". That's it. prncipia Server: dropped file: c:\WINDOWS\cprog.exe Size: 15,998 bytes c:\WINDOWS\system32\regmont.exe Size: 15,998 bytes startup; HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "Run" data: C:\WINDOWS\cprog.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "RegMon" data: C:\WINDOWS\System32\regmont.exe tested on Windows XP March 12, 2006MegaSecurity