Inet 2.0 (a)
(Trojan-PSW.Win32.INet20.a)
(Trojan-PSW.Win32.INet20.b)
(Trojan.BAT.Runner)

by Mandrake the Magician

Written in Delphi

Released on February 24, 1999

more versions


Program: inet -- Keystroke Recorder for Post Terminal Screen and
         Connect To screen + mail sender with that info.
Version: 2.0 (Freeware).
Released: 24th February 99.
Original Creator : Mandrake the Magician

***********
Disclaimer: The author will not be responsible for anything!
***********
-----------------------------------------------------------------------------
target machine means the machine on which the program is installed.
------------------------------------------------------------------------------
Main features:
* Once installed you get the passwords + username of the target machine by mail
* Auto load at start-up.
* Subsequent mail is (supposed to be) sent only when there is a change in password.
* Will not be detected by any antivirus software.
* Can't be seen even in the tasklist got by pressing Ctrl-Alt-Del

	      --------------------------
**************|Where it will not work ?|***************************
	      |              ***       |
	      -------------------------
		
* On a machine running any other operating system than Win95 or Win 98.
* Where they are sharing a dial-up connection using Web Ramp or similar tools.
* Where they are using leased line.
* Where they are using a proxy server to share a modem.(If  you can get the
  program installed on the machine which has the modem then it might work)


Introduction:
-------------
     inet.EXE is a Windows 95/98  freeware utility that records keystrokes
     on the Post Terminal Screen (the screen that comes once you connect to
     VSNL or any other ISP without scripting) and Connect To screen (the one
     that comes when you click a phone book entry of dial-up networking)
     It then sends the username and password if the guy uses scripting.If the victim
     uses the Post-Terminal Screen whatever is typed in the post terminal screen will
     be sent.The mail is sent automatically when the machine on which the program is installed,
     is connected to the internet.You have the option of setting the e-mail address
     (the one to which the passwords will be sent)at install time.
     Details are given below in the **What you need to do ?**section

     The program does no harm to the system as such.It will not be detected
     by any antivirus programs, as it is not a virus.

How it works ?
--------------
     The program was written in Delphi 3.The main executable loads a keyboard
     hook when it detects the Post-Terminal Screen or Connect To screen.
     It saves whatever is typed in the post-terminal screen or
     Connect To screen of win95/98 to a file.The collected information is sent as 
     e-mail as soon as the machine which has the program installed is connected to the                internet.Once the mail is sent the progarm terminates.It gets loaded again on the next           windows start-up.Mail is sent again only if there is a change in password.

What you need to do ?
---------------------
     You are reading the inet.TXT file which has instructions on installation
     & usage.You should not put this file on the target machine for obvious
     reasons.

     1) Run the self-extracting setup program setup.EXE. 
     
     2) You will prompted for an e-mail address,Enter the address to which the passwords
	will be sent.	

     4) Delete setup.exe to remove any traces.

        That's it. You can expect two e-mails if you installed the program
        while you were connected to the net.The first one will be without
        password if the user typed the password in the post terminal screen or
        on the Connect To screen.But the second one,which 'll be sent when the
        target machine connects to the net the second time.Subsequent mails are supposed to
        arrive only when the user has changed the passwords.

Preferred Modus Operandi:(for internet booths -Hope you have read where it won't work above)

       Download the setup.exe from http://members.xoom.com/mmandrake.Then send this file 
       as an attachment to your own hotmail/any mail account.

       There are a lot internet cafe's now who are screwing people with high
       charges.They are easy targets.Go to Department of Telecom's booth if
       at all possible.(Government's money is everyone's money :)

       Now go in with the pretext of checking mail at your hotmail account.
       Check your account which has the files.Download the attachment setup.exe
       and run it(as per Step1). 
       If you used the Save to disk option while downloading,its advisable to
       delete it(setup.exe) before you leave the place. 

       Check your mail (account specified in the file e) later and Presto You Have The Passwords        - Always.  At any time there is a change you are updated.


Uninstallation:

The files inet.exe,isys.dll,isys.sys gets copied to the system directory 
(default is C:\WINDOWS\SYSTEM)inet.exe and isys.dll can't be deleted directly if the program
is runing.

To close the program Go to the  Start Menu,select Run and just type inet.exe and hit enter.
Now the program gets closed and you can delete all the above mentioned files in the system directory.

There are two registry entries made by the program and you can delete that also if you are familiar with the registry.

The entries are
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Inet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Send

Or you can use the uninstallation program at my site members.xoom.com/mmandrake

----------------------------------------------
End Note:
----------------------------------------------
After reading all these long instructions you might be pretty bored.And you
might perhaps have a natural question What's my benefit ? I saw guys struggling
for passwords in all those password mailing lists.So I thought I'll share the
program which Iam using to get passwords with others.Lets make it a free world.

One last advice:
Once you get the password please do not change it.It helps no one.

Bye for now .
You can always send comments and problems, if any, regarding this program
to [email protected]


Server:
size: 67,072 bytes

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "inet" 

MegaSecurity