by GAnon Crew
Written in Visual C++
Released in February 2002
Made in Poland
RemEye v.1.0 Copyright (c) 2002, GAnon Crew ================================== [What is RemEye?] RemEye is an console application that silently installs WinVNC server with password set to "abcd". It can be used as an easy to use installer for a really good administration tool or even better trojan horse. [Usage] RemEye is really simple to use. To install WinVNC just run "remeye.exe". If you wanna uninstall WinVNC server from the computer run "remeye.exe" with "-remove" parameter. Usage example: You can telnet over remote computer. Execute "remeye.exe". Run vncviewer.exe. Connect to remote computer. Type default password - "abcd", and from this moment you have totally control over computer. [What is VNC?] "(..) VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures (..)" - VNC website ================================== made in Poland GAnon Crew Server: dropped files: c:\WINDOWS\Msvcirt.dll Size: 77,878 bytes c:\WINDOWS\Msvcrt.dll Size: 295,000 bytes c:\WINDOWS\omnithread_rt.dll Size: 45,056 bytes c:\WINDOWS\VNCHooks.dll Size: 32,768 bytes c:\WINDOWS\winvnc.exe Size: 208,896 bytes port: 5900, 5800 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005022120050228 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005030620050307 HKEY_CURRENT_USER\Software\ORL HKEY_CURRENT_USER\Software\ORL\VNCHooks HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\winvnc.exe HKEY_LOCAL_MACHINE\SOFTWARE\ORL HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winvnc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winvnc\Security HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winvnc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winvnc\Security tested on Windows XP March 06, 2005MegaSecurity