Let Me Rule! 2.0 BETA 9
(Backdoor.Win32.Lemerul.20.d for Server & hook.dll)
(Backdoor.Win32.Lemerul.20.g for Client)

by ReSoiL

Written in Delphi

Released in January 2004

more versions


  [v2.0 BETA 9]
> Added category: WinNT. Create/Delete accounts, send netsends.
> Added function: Scan for LMR servers. Press F4 for this function.
> Added function: Simulate key clicks.
> Added function: Simulate mouse clicks.
> Added function: Disable Ctrl+Z,X,C,V.
> Added function: DOS prompt. Allows you to control victim's command.com.
> Added function: Empty recycle bin.
> Added function: Open 'Exit Windows' dialog.
> Added function: Minimize, restore, disable, enable, hide, show all open windows.
> Added function: Sys info: See if the victim has a soundcard installed.
> Added function: Sys info: Detect the victim's system font size.
> Added function: Sys info: Get the path to victim's temporary folder.
> Added function: A right-click popup menu in the bookmarks section.
> Added function: Delete all files in a directory.
> Added option: Steer victim's mouse cursor when doing realtime desktop.
> Edited function: Easy filemanager is now more good looking and more powerful.
> Edited function: Better registry explorer.
> Edited function: You can now execute all file types at remote host.
> Edited function: Now there is a default download directory.
> Edited function: You can now click on the bg-image even when disconnected.
> Bug fix: Fixed a bug in realtime desktop.
> Bug fix: Removed error message if program couldn't write to the registry.
> Bug fix: Fixed the Win9x upload bug.
> The client, the server and the hook.dll is now better compressed.
> Some minor bug fixes.
> Some minor changes.

ReSoiL


Client:
port: 26097 TCP



Server:
dropped files:
c:\WINDOWS\SYSTEM\svced.exe      Size: 255.488 bytes
c:\WINDOWS\SYSTEM\Settings.dll 

port: 25226, 45672 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "svced" 


MegaSecurity