by ?
Written in Visual Basic
Released in July 2005
-------------
iRcHaTaN-PS v 7.1
-------------
** Now Disable GPedit and MsConfig by Check Msconfig Item
Disable Auto Login
Disable RegEdit
Disable System Restore
** Now Send DialUp PassWord ,External Ip Address,Os Name
** Now Send As Email < injection mode > and Fixed PM Bug
** Now Can Open a BackDoor (Listen a Port) to Get Shell From Victim
** Now U Can Bind Server By Another File (As jpg ,exe,txt , ...)
** Now U Can Select Icon
** Now U Can Make a Fake Error For Server
** Auto Update Server in First Logg Off
dropped files:
c:\WINDOWS\netiu1.dll Size: 9,216 bytes
c:\WINDOWS\Spoolsvr.exe Size: 34,343 bytes
c:\WINDOWS\system32\mst32init.exe Size: 34,343 bytes
c:\WINDOWS\system32\netiu1.dll Size: 9,216 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} "StubPath"
data: C:\WINDOWS\System32\mst32init.exe
tested on Windows XP
March 16, 2006
MegaSecurity