Undetected 3.1
(Backdoor.Win32.TDS.SE.31)
(Backdoor.Win32.TDS.SE.32)

by Knox_rw

Compressed with UPX

Released in September 2000

more versions 


 undetected 3.1
==============
Release notes:
- the kickass "change icon" function is finally here (in the editserver)
  this means that you can change the icon of the server or binder module
  from the editserver;it supports only 766 bytes icons.
  All you have to do is to select the server or binder module file,double
  click on the icon that will be displayed in the upper right corner of the 
  editserver,select an icon and the click on the "write icon" button!
  piece of cake ...
- the icq pager will not have the subject "undetected" any more
  to prevent icq filtering
- added some new functions like change port,change password,
  disable/enable icq pager
- made some modifications in the editserver;now it's easier to use
- fixed some bugs (in the "file manager","windows manager",download)
- fixed also the fake startup error bug (now it will be displayed only when 
  the victim runs the server for the first time)
- readded the posibility to manage your commands in the "commands" section
- added plugin manager;now the compressor plugin and the new screen capture
  are easier to use;I suggest to compress your files (including the screen
  captured ones) before download or upload

Plugin notes:
- to use the functions from the "plugin" section in the client you must
  upload the following files:
   cap.dll - for "screen capture"
   ucompress.dll - for "compressor"
  I recommand to compress the "screen dumps" before downloading.Then use
  the "compressor.exe" from the  dir to decompress them on your
  computer.
  
 And oh,yes,I received stupid emails asking "where is the keylogger",
 "is there any keylogger",etc.
 The answer is:yes,the keylogger is there.To make the server log the
 keys you must edit it!! and enable the keylogger specifying where to
 log the damn keys.To get the logged keys you have to "stop the keylogger
 until restart" and then download the log file.I recommand to use the
 compression plugin,to make the download easier.
 Enjoy!

 @copyleft knox_rw - the dark side 
 http://home.cyberarmy.com/undetected
 [email protected]
 icq UIN:86011168


Server:
dropped file:
c:\WINDOWS\winload32.exe
size: 21.097 bytes 

port: 777 TCP 

startup:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: "winload32.exe" "%1" %* 

tested on Windows 98
November 26, 2004
MegaSecurity