System33r Socks5 1.3b
(Not detected by AVP on October 22, 2004)
(Constructor.Win32.SS.12.b for editor.exe)

by System33r (k0nsl)

Released in October 2004

more versions


System33r Socks5 v1.3b by System33r ([email protected])

System33r Socks5 is a socks5 server with a 'trojan'-like behaviour (extremely stable)

Main Features:
- SubSeven CGI Notification
- Installation Routine (copies itself to sysdir/drivers/filename.exe, and adds registry entries)
- If Registry entries are deleted the server adds them again
- deleteself (melt)
- identd
- custom registry key (eg. Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run)
- reasonable size
- included my slightly modified Sub7 CGI Logger
- editor remembers your settings
- it's horribly stable

Changes in v1.3b:
- option to send LAN notifications, or not send such notifications to the CGI, as requested by some people
- randomization to make it harder to detect
- added DLL injection (FWB) (6,kb packed, 11,5kb unpacked)
- injects into Explorer
- does not need the DLL loader for starting up. if "loader.exe" is deleted, it will startup anyway
- some misc tweaks in the editor here and there
- tested on win2k/winxp (pro)

System33r



MegaSecurity