by prncipia
Released in January 2007
Genie v1.7 with new security procedurs,Hard to remove from users. For Windows 2K/XP,build 01/01/2007 (Tested on win2k/xp) Code by prncipia <[email protected]> Genie is a simple Telnet backdoor program. Note: Best use with Putty and NetCat. ---------------------------------------------------------------- Instalation > "c:\install.exe" (May takes a few seconds) Note2: Important. Do not Remove "rainboy.onj" file. ---------------------------------------------------------------- Remove > "c:\ginstall.exe -r" or "c:\ginstall.exe /r" ---------------------------------------------------------------- Now to connect to remote host you have to type Telnet "targets_ip" 1179 then press "CTRL+A" and ENTER to activate the program. The last step is to ask you the password and by default thes password is "katerina". That's it. ---------------------------------------------------------------- Genie commands: Helpme Genie commands. Cdopen/Cdclose Opens/Close CD port. Fdownload Download files from sites. Mlock/MUnlock Lock/Unlock Monitor. Msg Send message to your victim. Mypass Change default password. Myport Change default port. Pview Shows current running process with PID. Pkill Terminate a process. RLock/RUnlock Lock/UnLock registry. Reset Reboot windows. Reload Reload genie - new settings. Sdown Shutdown victim computer. SecOn/SecOff Start(Default)/Stop Genie Security procedures. SFile Auto start file. TLock/TUnlock Lock/UnLock Taskman. Users Logon users on Genie. Exit Close current connection. Gshutdown Shutdown the genie. prncipia dropped: c:\WINDOWS\rainboy.onj Size: 1,004,032 bytes c:\WINDOWS\system32\MSPSTL32.DLL Size: 15,360 bytes c:\WINDOWS\system32\CatRoot2\tmp.edb Size: 1,056,768 bytes c:\WINDOWS\system32\dllcache\MSPSTL32.DLL Size: 15,360 bytes changed: c:\WINDOWS\explorer.exe deleted: c:\WINDOWS\system32\dllcache\explorer.exe added to registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List tested on Windows XP February 27, 2007MegaSecurity