by th3 r1pp3rz
Written in Delphi
Released in July 2001
Optix Lite by: th3 r1pp3rz Programming: th3 s13az3 and xMs Optix Lite is a small uploader trojan that works on Windows 95/98/2K/NT. The client contains the editor. The server file comes unpacked. Use the client/editor to set your settings, save, and use your favorite packer. You should expect to see a packed server file size of 35-38k. Once your server file is packed, you cannot modify settings until you unpack. Disable firewall/av. There are several full blown trojans that bypass Firewall/AVs now. As far as we know, as of 7/01/01, we have created the first "uploader" trojan to bypass the more popular firewalls/avs. For a complete list of firewall/avs that Optix Lite defeats, see listing below. There is no bypass for this feature at this time. It's in the server and it will execute. It does not, however, damage any files on the server. It only shuts the processes it finds down, THEN allows the server to do it's work. The firewall/av feature is threaded, and it continues to check to see if any in it's list have been reloaded every 60 seconds. File to Upload. This is where you select your file to upload. By default, the check box "Run File on Upload" is checked. The file is uploaded into the root (C:\) directory of the server and executed. You will receive notification when file is executed. Run Remote File. You must know where the file you want to run is located on the server. It has nothing to do with the File to Upload feature above. We added this feature for our own use. Fake Error Message. If you do not want to bind the Optix server file, you can enable this option to give a fake error message the first time the server is started up. The vic thinks the file encountered an error, and doesn't pay any attention to it, but in fact, the server actually installs, disables the av/firewall(s) and sends ICQ notification. Password. Leave password field blank if you do not wish to use a password. Our primary goal with Optix Lite was to create a small, stable uploader trojan with a stealth installation feature that runs stable across all Win32 OS platforms. We've tested Optix on Win95/98/NT/2K to be sure. Windows 95 notice: DO NOT use the Stealth startup method if you think your server will go to a Windows 95 SR1 machine. On the early version of Windows 95, our stealth option will not work. On all other Windows version, it works very well, and is very well hidden. No server.exe found in the registry, win.ini, or system.ini. FIREWALLS: ZoneAlarm ZoneAlarm Pro BlackIce ConSeal PC Firewall Tiny Personal Firewall AVS: AntiViral Toolkit Pro Norton AntiVirus Sophos AntiVirus Panda Antivirus 6.0 Platinum Ants Anti-Trojan WinRoute The Cleaner Lockdown Sphinx Dr. Solomon Virus Scan McAfee Virus Scan Server: C:\WINDOWS\server.exe size: 74 KB port: 831, 370, 222 TCP startup: HKLM\Software\Microsoft\Windows\CurrentVersion\RunMegaSecurity