by th3 r1pp3rz
Written in Delphi
Released in August 2001
Optix Lite by: th3 r1pp3rz Programming: th3 s13az3 and xMs Version 0.2 Pretty Much the same kind of stuff in this update, if you need help with what feature does what then just hover your mouse over the button/control that you want info on and a Hint box will appear. The main advantages of version 0.2 are that past bugs have been eradicated. Especially bugs which disabled you from connecting to the server file after a broken upload or even after you have disconnected once! Virus/Firewall library has been updated, mainly concentrating on getting the currently resisted firewalls & AVS to be terminated in Win2k/NT environment! A WHOLE extra feature called "Process Manager" has been added, which allows you to manually close running executables on the remote computer. Oh yeah, and the ability to run a file has been advanced and you can now toggle to enable/disable Firewall/AVS killing,ICQNotify and wether or not the installation server file is melted! ENJOY! Version 0.1 Optix Lite is a small uploader trojan that works on Windows 95/98/2K/NT. The client contains the editor. The server file comes unpacked. Use the client/editor to set your settings, save, and use your favorite packer. You should expect to see a packed server file size of 35-38k. Once your server file is packed, you cannot modify settings until you unpack. Disable firewall/av. There are several full blown trojans that bypass Firewall/AVs now. As far as we know, as of 7/01/01, we have created the first "uploader" trojan to bypass the more popular firewalls/avs. For a complete list of firewall/avs that Optix Lite defeats, see listing below. There is no bypass for this feature at this time. It's in the server and it will execute. It does not, however, damage any files on the server. It only shuts the processes it finds down, THEN allows the server to do it's work. The firewall/av feature is threaded, and it continues to check to see if any in it's list have been reloaded every 60 seconds. File to Upload. This is where you select your file to upload. By default, the check box "Run File on Upload" is checked. The file is uploaded into the root (C:\) directory of the server and executed. You will receive notification when file is executed. Run Remote File. You must know where the file you want to run is located on the server. It has nothing to do with the File to Upload feature above. We added this feature for our own use. Fake Error Message. If you do not want to bind the Optix server file, you can enable this option to give a fake error message the first time the server is started up. The vic thinks the file encountered an error, and doesn't pay any attention to it, but in fact, the server actually installs, disables the av/firewall(s) and sends ICQ notification. Password. Leave password field blank if you do not wish to use a password. Our primary goal with Optix Lite was to create a small, stable uploader trojan with a stealth installation feature that runs stable across all Win32 OS platforms. We've tested Optix on Win95/98/NT/2K to be sure. Windows 95 notice: DO NOT use the Stealth startup method if you think your server will go to a Windows 95 SR1 machine. On the early version of Windows 95, our stealth option will not work. On all other Windows version, it works very well, and is very well hidden. No server.exe found in the registry, win.ini, or system.ini. Currently Resists: FIREWALLS: ZoneAlarm ZoneAlarm Pro BlackIce ConSeal PC Firewall Tiny Personal Firewall Lockdown2000 LockdownME Sphinx AVS: PC Door Guard 2 PC-Cillan Trojan Defence Suit 3 AntiViral Toolkit Pro (AVP) AntiVirus eXpert 2000 Desktop (AVX) AVG Anti-Virus Norton AntiVirus Sophos AntiVirus Panda Antivirus 6.0 Platinum Ants Anti-Trojan WinRoute The Cleaner Dr. Solomon Virus Scan McAfee Virus Scan Server: C:\WINDOWS\SERVER.EXE size: 82.432 bytes port: 5151 TCP startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "RunProg"MegaSecurity