Optix Lite Firewall Bypass
(Trojan-Notifier.Win32.OptixPager.SE.a)

by s13az3

Written in Delphi

Released in June 2002

more versions


THe main technological advancements of OL Firewall Bypass SE are:
Firewall Bypass
Foreign Process Memory Injection
Normal OL Client Features
Notification/Connection via SIN
Other notification methods provided as a mere log capability
connecting to computers behind LAN/Router/Gateway possible

The "Url to get IP from:" field is also CORE of the firewall
bypass technology. The Optix Lite firewall bypass SE server
file does NOT let YOU connect to IT as the first contact.
Connecting to the server is done via a static IP notification
method (SIN). Basically this means the vic will find out your
ip address, connect to YOU, and register themselves in a connection
list in your client. To connect to a vic you will need the following
three things:

1) Some free webspace on a website
2) FTP Access to this webspace
3) Know the URL to this website you have free space on

To get these things I would recommend using one of the following 
free services, otherwise functionality has not been tested!

http://www.free.prohosting.com
http://www.multimania.com
http://www.netfirms.com

http://www.fortunecity.com
http://www.50megs.com


Now, I will guide you through an example of connecting to a vic.
Lets say I registered a new website:

http://www.spaceports.com/EESTesterSite

This is what I would do to configure my server and connect to my
vic:

1) EDITSERVER
Enter my normal Trojan details in Edit Server and I choose to keep
Internet Explorer as the default trusted program. Except�in the
�Url to get IP Address From:� field I put:

http://www.spaceports.com/EESTesterSite/iplog.txt

- this specifies that iplog.txt will hold MY IP address. It doesn�t 
have to be iplog.txt at the end but make sure you remember the log 
file name whatever you do!

2) Upload and run the file on the vics computer

3) CLIENT
Now I open the client and go straight to the �Connection� menu 
page. When I am there I click on �Update my IP� and you should 
make sure you do the following procedures whenever your IP address 
changes and you want to connect to your vics (you have to be online 
therefore).

4) UPDATE IP PAGE
Here I enter the ftp details for my ftp server and account ie:

FTP server: ftp.spaceports.com
Port: 21
Username: EESTesterSite
Password: testerpasswd

Now, the next field is �IP Log file:� and here you enter the file 
that will hold your current IP Address. Earlier, I specified 
iplog.txt as the file so here I must enter:

IP Log file: iplog.txt

This next field is the most important, it is crucial that you put 
your correct IP Address in here. If you do not know how to get your 
IP address then click the button �Get My IP� and it will attempt to 
get your IP for you, but otherwise, just type your IP Address in 
here, so I put:

My Current IP Address: 213.122.6.123

FINALLY, click the �Update� Button and the client will Insert your 
IP into the filename you specify in the �IP Log File:� field and 
will then proceed to upload and replace any file on the ftpserver. 
After this completes close the Update IP dialogue and go back to 
the connection page.

5) CONNECT TO VIC
The final stage of getting the vics to register themselves in 
your list is to click the �Listen for vics� button. After you 
click this button the vics will eventually download your IP log 
from the address you configured in their server file and then 
will extract the IP and attempt to connect to you. If you are 
�listening� a connection will be successful and hence they will 
appear in the list for you to click on them and then click 
�Connect to Selected�. After you do this all the normal 
connection options e.g. Upload, Remote Commands etc. will be 
available in the menu.

s13az3


Server:
C:\WINDOWS\SYSTEM\regscanr.exe 

size: 222.720 bytes

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Registry Scanner" 


Added:
c:\WINDOWS\SYSTEM\plugin32.dll 

MegaSecurity