Genie 1.7
(Backdoor.Win32.CMDer.f)

by prncipia

Released in January 2007

more versions


Genie v1.7  with new security procedurs,Hard to remove from users.
For Windows 2K/XP,build 01/01/2007 (Tested on win2k/xp)
Code by prncipia <[email protected]>

Genie is a simple Telnet backdoor program.

Note: Best use with Putty and NetCat.

----------------------------------------------------------------
Instalation > "c:\install.exe" (May takes a few seconds)

Note2: Important. Do not Remove "rainboy.onj" file.
----------------------------------------------------------------

Remove > "c:\ginstall.exe -r" or "c:\ginstall.exe /r"
----------------------------------------------------------------

Now to connect to remote host you have to type Telnet "targets_ip" 1179
then press "CTRL+A" and ENTER to activate the program.
The last step is to ask you the password and by default thes password is "katerina".
That's it.

----------------------------------------------------------------
Genie commands:

Helpme                    Genie commands.
Cdopen/Cdclose            Opens/Close CD port.
Fdownload                 Download files from sites.
Mlock/MUnlock             Lock/Unlock Monitor.
Msg                       Send message to your victim.
Mypass                    Change default password.
Myport                    Change default port.
Pview                     Shows current running process with PID.
Pkill                     Terminate a process.
RLock/RUnlock             Lock/UnLock registry.
Reset                     Reboot windows.
Reload                    Reload genie - new settings.
Sdown                     Shutdown victim computer.
SecOn/SecOff              Start(Default)/Stop Genie Security procedures.
SFile                     Auto start file.
TLock/TUnlock             Lock/UnLock Taskman.
Users                     Logon users on Genie.
Exit                      Close current connection.
Gshutdown                 Shutdown the genie.


prncipia


dropped:
c:\WINDOWS\rainboy.onj                       Size: 1,004,032 bytes 
c:\WINDOWS\system32\MSPSTL32.DLL             Size: 15,360 bytes 
c:\WINDOWS\system32\CatRoot2\tmp.edb         Size: 1,056,768 bytes 
c:\WINDOWS\system32\dllcache\MSPSTL32.DLL    Size: 15,360 bytes 

changed:
c:\WINDOWS\explorer.exe
	
deleted:
c:\WINDOWS\system32\dllcache\explorer.exe

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List


tested on Windows XP
February 27, 2007

MegaSecurity