Specrem 6.0
(Backdoor.Win32.Specrem.60 for server.exe, STools.exe)
(Backdoor.Win32.Specrem.61.a for SMessage.exe, Updater.exe)
(Backdoor.Win32.Specrem.61.c for DelLogs.bat)

by Antti Kirjavainen

Written in Visual Basic

Released in February 2002

more versions


Specrem is a remote controlling tool for Windows 95/98/ME/NT4/2000/XP

Some important security functions:
- If the server is invisible and it is connected through internet, it 
  will popup the server window. Why? To prevent hacking. if you wan't to
  be able to connect to the server though internet, leave it visible,
  not invisible.
- If you wan't to use an invisible server in LAN, use the default port
  187. It won't popup the server window then.

These are my personal decisions to prevent hacking and wrong usage
with this program.

What to do, if someone has connected to your computer with this
program and you didn't even know about it, and/or you have the server
program running invisible, without your approval:

1. First, check the file SSERVER.LOG. It has logged every action
   that the users have done. It has also logged every IP address
   that has connected to your computer. If it contains something
   interesting, backup the file, because SERVUNST.EXE will remove
   it.
2. Run SERVUNST.EXE. If you don't have it, download Specrem from my
   homepage. This executable will kill the SSERVER.EXE process and
   removes it's all registry keys & files.
3. Contact me. It is important for me to know if something like this
   has happened. I'll then check what I can do about it.


Files containing settings:

SCLIENT.INI - Contains Client options.
SCPWD.DAT - Client's password file.

SSERVER.INI - Contains Server options.
SSPWD.DAT - Server's password file.


Required files:
Visual Basic run-time components (install by running VBRUN60.EXE,
you can download it from my homepage).
SHDOCVW.DLL
Msstdfmt.dll
MSMAPI32.OCX - REGISTER.EXE requires this file.
MSWINSCK.OCX - NOTE: This file does NOT  contain  a  virus.  Some
		     virus scanners may recognize it as one.
KTKbdHk.DLL - Made by Konstantin Tretyakov. This file  is  needed
	      for keyboard listening.
DIjpg.dll - This file was downloaded from www.vbdiamond.com.

Antti Kirjavainen


Server:
size: 753.664 bytes

port: 1187 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "SServer" 

MegaSecurity