by c-cure
                                 -= ev0luti0n HTTP keylogger =-  
                                    ._                    _.
                                       ~ expl0it_shad0w ~
 
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
o0 - Table Of Contents - 0o
-= Section 1 =-
A> Introduction
B> Instructions
C> Trojan Removal
D> Contacting Me
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
-= Section 1,A =-
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
Introduction
I wanted to make a keylogger with a difference,
I dont think one has been made like this yet, if it has let me know.
This is a Keylogger that records all the key strokes to a file, 
and it allows you to view them,
just by typing the victims IP address in the Internet Explorer
( or some other Internet browser ).
NOTE: the keylogger sucks, so im working on a better one.
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
-= Section 1,B =-
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
Instructions
Follow these instructions.
1. Rename "Server.exe" to what ever you want,
   make it convincing, not like "TROJAN.exe" or "KEYLOGGER.exe".
2> Send it to them and tell them its a new hacking tool,
      NOTE: Try binding it with a real one. If you know how.
( Once the victim opens it, it hides in memory and records all the key strokes on the computer,
  so you can view them with an Internet Browser like MSIE. )
3> Connect to there machine on port 80 with an Internet browser, as stated above.
   Type in there IP address into it and just hit Enter. 
   For example if the victims IP address was 127.0.0.1 you type in http://127.0.0.1 or
   just 127.0.0.1.
4> have Phunn.
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
-= Section 1,C =-
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
Trojan Removal
Follow these simple instruction to remove ALL traces of the trojan.
1> Goto inside the windows\system directory and remove all these files.
smsg.html - Online HTML file
wincmd.exe - The Trojan Itself
Msvbrt60.dll - A needed DLL
evlog.dat - Stored keystokes
NOTE: If you can not delete wincmd.exe, or any of the other files,
just boot into MS-DOS and delete them there.
using the Del command.
2> Open up your Registry Editor and remove the following entry.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Wincmd - its a string.
3> Thats it.
Server:
c:\WINDOWS\TEMP\server\server\ev0.exe 
c:\WINDOWS\SYSTEM\wincmd.exe 
size: 177 KB
port: 80 TCP
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run 
MegaSecurity