by Helios
Written in Visual Basic
Released in January 2002
Made in Belgium
full VB6 trojan horse HelioS-Trojan-4.10-LE by HelioS Himself startup ------- reg/run reg/runservices win.ini system.ini winstart.bat installs itself in system dir \ScanStartup.exe port 2701 functions --------- -running tasks -running windows -upload -download -full media control -all the lamer stuff and lots more -capture screen bmp or jpeg -desktop clicker -change every color you want -msg box -input box -chat -full DOS control -netstat control -seceret kernel commands -change the start button -regeditor -file browser and all the file functions (del, copy,...) -windows boot options (power off, reset, log off,...) -the matrix -earthquake -pacman joke -change wallpaper -play a movie, mp3, wav, Audio CD, ... -full winamp (advanced) -mediaplayer control -let his pc talk (merlin) -i am gay joke -steal his passwords -change his resolution -let him download a file from the internet -change his internet explorer settings -unistall server Client: port: 1171 TCP Server: dropped files: c:\WINNT\winstart.bat size: 150 bytes c:\WINNT\system32\ScanStartup.exe size: 294.912 bytes c:\WINNT\system32\unist546.dat size: 294.912 bytes port: 3322, 2701 TCP startup: c:\winnt\system.ini, [boot] "Shell" value: Explorer.exe C:\WINNT\system32\ScanStartup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ScanStartup "StubPath" data: C:\WINNT\system32\ScanStartup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ScanStartup" data: C:\WINNT\system32\ScanStartup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices "ScanStartup" data: C:\WINNT\system32\ScanStartup.exe tested on Win2000MegaSecurity