Specrem 4.0 (a)
(Backdoor.Win32.Specrem.40.a)
(Backdoor.Win32.Specrem.61.a for SMessage.exe)

by Antti Kirjavainen

Written in Visual Basic

Released in May 2001

more versions 


Specrem remote control Server & Client
	 by Antti Kirjavainen

Version: 4.00 Update #2

PROBLEMS?

Missing file or component...
You can download the required run-time files and components  from
my homepage. Here is the direct link for the needed file:

http://www.sunpoint.net/~akirjavainen/vbrun60.exe
After downloading this file, run it.


Component not registered...
Run SINSTALL.EXE, select "Install needed files" and press OK.






Some important security functions:
- If the server is invisible and it is connected through internet, it 
  will popup the server window. Why? To prevent hacking. if you wan't to
  be able to connect to the server though internet, leave it visible,
  not invisible.
- If you wan't to use an invisible server in LAN, use the default port
  187. It won't popup the server window then.

These are my personal decisions to prevent hacking and wrong usage
with this program.

What to do, if someone has connected to your computer with this
program and you didn't even know about it, and/or you have the server
program running invisible, without your approval:

1. First, check the file SSERVER.LOG. It has logged every action
   that the users have done. It has also logged every IP address
   that has connected to your computer. If it contains something
   interesting, backup the file, because SERVUNST.EXE will remove
   it.
2. Run SERVUNST.EXE. If you don't have it, download Specrem from my
   homepage. This executable will kill the SSERVER.EXE process and
   removes it's all registry keys & files.
3. Contact me. It is important for me to know if something like this
   has happened. I'll then check what I can do about it.
   
Antti Kirjavainen


Server:
c:\WINDOWS\SYSTEM\SServer.exe 

size: 536.576 bytes 

port: 187 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "SServer" 

added:
c:\WINDOWS\SYSTEM\DIJPG.DLL 
c:\WINDOWS\SYSTEM\KTKbdHk.dll 
c:\WINDOWS\SYSTEM\MSSTDFMT.DLL 
c:\WINDOWS\SYSTEM\scrrun.dll 
c:\WINDOWS\SYSTEM\SServer.LOG 

Server icon is visible in system tray
MegaSecurity