by Flowby
Written in Visual Basic
Released in October 2004
This program will download your trojan from the web and open it without user knowing it! it will also trick some firewaly by injecting in another trusted proces! then it will check the txt file you uploaded to your web page and used the names that will find in that txt to spread on all p2p programs(kazaa,ares,emule...) if p2p spreading option is enabled,please be shore that you upload the list with filenames you want it to spread like(mcafee,winrar.....)to your web page and put the right url(that will point to your uploaded txt file with names)!! I woud like to thanx to Alchemist,brainbuster and many others for suporting me and giving me ideas.(: The p2p spreading option is made by Alchemist (: THANX M8! Bug fixes: -crashing server when wrong url was entered in settings now is fixed. -startup fixes... -activce skin error is ok now!(ocx file missing error = FIXED!) Ok now the downloader shoud work ok without problems ...but still if you find anything wrong please let me know i woud realy aprishiate it,thanx OPTIONS: -injection(it will inject itself to another trusted program and trick some firewalls) -melt server(the file will delete itself and start runing hidden in win or system directory) -icon changer(god to use it with when p2p spreading enabled) -download the file on certan date -option to choose where you want your exe to be downloaded(system,or windows dir) -icq ip notification(every startup it will send you a ip number of a infected computer) -camera detection(if this option is enabled it will only download if a computer has a web cam)if you want only victims with web cams. (: -p2p spreading(this will add a worm function to this downloader,it will spread your exe from computer to computer using p2p) FlowbyMegaSecurity
Server: dropped files: c:\WINDOWS\win32exec.exe size: 32.977 bytes c:\WINDOWS\system32\EliRT.dll size: 5.632 bytes c:\WINDOWS\system32\wini32.dll size: 10.752 bytes c:\WINDOWS\Temp\tmp.tmp size: 32.977 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" data: C:\WINDOWS\win32exec.exe tested on Windows XP