Optix

[Ŧ1LAN]

Optix PRO v1.33
Бэкдор
Server:
созадёт следующий файл
c:\WINNT\system32\msiexec16.exe

рамезр: 294.975 bytes

порт: 3410 TCP
создаёт следущие ключи в реестре

HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control "DisableConnectionQuery"
HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control "LoginSessionDisable" 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS Autodial\Control "DisableConnectionQuery"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS Autodial\Control "LoginSessionDisable"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodial"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "GLSetIT32"
data: c:\winnt\system32\msiexec16.exe

тестировалось на 2000винде
Скачать|Download
палица всеми приличными антвирями ((

Antivirus Version Update Result 
AntiVir 6.34.1.34 05.27.2006 BDS/Sub7-22.A.04 
Authentium 4.93.8 05.26.2006 PHP/Optixpro.B@dr 
Avast 4.6.695.0 05.26.2006 Win32:SubSeven22-B 
AVG 386 05.26.2006 BackDoor.Generic2.EQJ 
BitDefender 7.2 05.28.2006 Backdoor.Subseven.22.A 
CAT-QuickHeal 8.00 05.27.2006 (Suspicious) - DNAScan 
ClamAV devel-20060426 05.27.2006 BDS.Sub7-22.A.04 
DrWeb 4.33 05.28.2006 BackDoor.Optix.13 
eTrust-InoculateIT 23.72.19 05.26.2006  no virus found 
eTrust-Vet 12.6.2229 05.26.2006  no virus found 
Ewido 3.5 05.27.2006 Backdoor.SubSeven.22.a 
Fortinet 2.77.0.0 05.28.2006 SubSeven.Logger 
F-Prot 3.16c 05.26.2006 CGI/Subseven.A@bd 
Ikarus 0.2.65.0 05.27.2006  no virus found 
Kaspersky 4.0.2.24 05.28.2006 Backdoor.Win32.SubSeven.22.a 
McAfee 4771 05.26.2006 New Malware.b 
Microsoft 1.1441 05.28.2006 Backdoor:Win32/Optixpro.M 
NOD32v2 1.1562 05.27.2006 Win32/SubSeven.22 
Norman 5.90.17 05.26.2006  no virus found 
Panda 9.0.0.4 05.27.2006 Bck/Sub7.22 
Sophos 4.05.0 05.27.2006 Troj/Sub7Cgi-A 
Symantec 8.0 05.28.2006  no virus found 
TheHacker 5.9.8.149 05.26.2006  no virus found 
UNA 1.83 05.26.2006  no virus found 
VBA32 3.11.0 05.28.2006 Backdoor.Win32.Optix.Pro.143

 

[][-user]

возможности:
v1.33 - Client Side
COMPATIVBLE WITH ALL PAST SERVER VERSIONS! in a limited way! (own risk)
Client SOCKS 4/5 Support
Power Options - logoff,suspend,reboot,shutdown etc.
Server Information - Get info about builder settings
File Manager
Process Manager
Windows Manager
Registry Manager
FTP Manager
SOCKS 4/5 Server
Remote IP Scanner
Port Redirect
Application Redirect
Service Manager
Message Box
Matrix Chat (Client-2-vic)
Client-2-Client chat
Computer Information
Get Passwords - (RAS/Cached - 9x and AIM)
Online Key Logger - (now window titles)
Screen Capture with left click mouse manipulation
Keyboard Manipulation - (more advanced)
Cam Capture
SendKeys - old version of SendKeys for older servers
Humor normals - Flash keyboard lights, Monitor on/off, Disable keyboard/mouse etc.
Humor Screen Printer - print text to their screen!

v1.33 - Server Side
COMPATIBLE WITH ALL PREVIOUS CLIENT VERSIONS! in a limited way! (own risk)
Configurable:
Notification Information Separators
IP Address Separator
Info included in any Notification
Idenfitication Name
Server Port
Server Password
Fake Error
Server Icon
Registry Run startup
Registry RunServices startup
win.ini startup
system.ini startup
s7 special method startup!
Server File Name
Start Directory (windir/sysdir)
Melt Server
Unlimited ICQ Number Notification
Unlimited CGI Script Notification
Unlimited IRC Server/channel Notification
Unlimited PHP Script Notification
Unlimited SMTP Notification
Toggling killing of in-built exe/service list for firewalls
Toggling killing of in-built exe/service list for Anti-Virus
Toggling killing of in-built exe/service list for packages classifed as both anti-virus and firewall!
Unlimited Number of custom exe's to kill
Unlimited Number of custom services to kill
Easily Automated UPX Packing if needed.
Option for unpacked or packed server with your own packer if wanted (instructions clear)