Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

VIRUS ALERT !!! WAS: An optical allusion that will astound you, works on all spec pc's:) 8299

1 view
Skip to first unread message


Mar 4, 2000, 3:00:00 AM3/4/00

> Run this file, and after 20 seconds of looking at optical visuals you will WANT to ring all your friends...damn amazing!!!
> xfdcflsvujvyczbhnkttmpjpjyiqtrsyimxwhrlbtnitxmkstifuowqhpkoiqdvhkyjbp

Morpheus Dreamlord

Mar 5, 2000, 3:00:00 AM3/5/00
Yas, it contains a backdoor trojan, like orifice.


Politicians - It seems to me that the worst of them could convince
me that horse shit tastes like honey-cake; the best of them would
leave me believing that I alone in all the world had failed to
enjoy its flavour.

The individual is more important then the state!

Nieminen Juha

Mar 6, 2000, 3:00:00 AM3/6/00
In Morpheus Dreamlord <> wrote:
: Yas, it contains a backdoor trojan, like orifice.

Now, is it a trojan or a virus?

Most people call everything harmful "virus", no matter what it is, as long
as it's a program.
I would like to remind the differences between a virus and a trojan:

A virus is a piece of code that can spread itself by attaching itself to
other programs and/or to disk boot partitions. Usually it can't do anything
by itself, but comes always with an infected program or boot record. The
infected program usually has nothing to do with the virus but it's just an
innocent victim. The virus usually remains active in memory waiting for
proper victims to infect (some viruses don't do this but only search for
victims at runtime and then finish). Usually only one instance of the virus
is active at once (if the virus makes uncounted copies of itself to memory
it's usually called "worm"). A macro virus is a special case of virus because
it's not done in the machine code of the host computer, but with an interpreted
macro language used by some program (eg. excel).

A trojan is just a program that intentionally does something harmful. It
doesn't spread itself independently and it doesn't infect programs nor boot
partitions (or if it does, it's not for spreading purposes but only to be
active at boot time). It may be just a program that destroys everything it
can at runtime, or it can be some utility that does the harm only after the
program has been used for certain period of time (and author made it on
purpose). There are some trojans, like BO, that instead of just destroying
everything it can, it runs silently in the background leaving security holes
in the system thus allowing other people (who know that the computer has BO)
to log on the system freely and do what they want.
A trojan is not a virus.

):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/


Mar 6, 2000, 3:00:00 AM3/6/00

Nieminen Juha wrote:

> A trojan is not a virus.

The wording was mine and was my attempt to ensure that it got the attention
that it was due. A virus sounds worse than a trojan does even if both can
cause serious but different types of problems.

The real issue here was making the public aware that they should not,
under any circumstances, run the program mentioned in the original

Ken Tyler - 1300+ Povray, Graphics, 3D Rendering, and Raytracing Links:

Gilles Tran

Mar 6, 2000, 3:00:00 AM3/6/00
Ken wrote:


Anyone has hard data to support this claim ? Do you know what the problem is exactly ?
I can't find anything related to it neither in the web sites of the main antivirus vendors, nor in the hoax pages ??? Some
people ran it on their computers where I work some months ago (with no visible harm done yet) so I'd like to know a little more
about it.



Mar 6, 2000, 3:00:00 AM3/6/00


Here is the info I have been able to locate on it -

What does it do?

The SubSeven backdoor was first discovered in May 1999. First samples of
this backdoor were not packed and were easy to detect.

Later version were packed and could not be easily detected by contemporary
anti-virus programs that had no Win32 'Aspack' file compressor unpacking
capabilities. The backdoor was distributed under different names via
newsgroups and e-mails.

When run, the backdoor copies itself to \Windows\ directory with the
original name of file it was run from or as SERVER.EXE, KERNEL16.DLL,
single DLL file to \Windows\System\ directory - WATCHING.DLL. After
that the backdoor patches Registry so its main application could be
run during next Windows bootups (RunServices key) and finally creates
and modifies some other Registry keys. The backdoor can also install
itself to the system by modifying your WIN.INI file.

(this copy creates msrexe.exe, and mueexe.exe in the Windows dir, and
creates a registry key that won't allow any application to run without
musexe.exe being found.)

The SubSeven backdoor task being active in memory (and invisible in Task
Manager) looks for TCP/IP connections, and if they are established it
listens to TCP/IP ports for commands from client part. A person who has
a client part gets control over remote system where the server part is
installed. Here's the list of 113 SubSeven's capablities:

Run Manager
1. Open Web Browser to specified location.
2. Restart Windows.
3. Reverse Mouse buttons.
4. Hide Mouse Pointer.
5. Move Mouse.
6. Mouse Trail Config.
7. Set Volume.
8. Record Sound file from remote mic.
9. Change Windows Colors / Restore.
10. Hung up Internet Connection.
11. Change Time.
12. Change Date.
13. Change Screen resolution.
14. Hide Desktop Icons / Show
15. Hide Start Button / Show
16. Hide taskbar / Show
17. Opne CD-ROM Drive / Close
18. Beep computer Speaker / Stop
19. Turn Monitor Off / On
20. Disable CTRL+ALT+DEL / Enable
21. Turn on Scroll Lock / Off
22. Turn on Caps Locl / Off
23. Turn on Num Lock / Off

Connection Manager
1. Connect / Disconnect
2. IP Scanner
3. IP Address book
4. Get Computer Name
5. Get User Name
6. Get Windows and System Folder Names
7. Get Computer Company
8. Get Windows Version
9. Get Windows Platform
10. Get Current Resolution
11. Get DirectX Version
12. Get Current Bytes per Pixel settings
13. Get CPU Vendor
14. Get CPU Speed
15. Get Hard Drive Size
16. Get Hard Drive Free Space
17. Change Server Port
18. Set Server Password
19. Update Server
20. Close Server
21. Remove Server
22. ICQ Pager Connection Notify
23. IRC Connection Notify
24. E-Mail Connection Notify

Keyboard Manager
1. Enable Key Logger / Disable
2. Open Key Logger in a remote Window
3. Clear the Key Logger Windows
4. Collect Keys pressed while Offline
5. Open Chat Victim + Controller
6. Open Chat among all connected

1. Windows Pop-up Message Manager
2. Disable Keyboard
3. Send Keys to a remote Window

Misc. Manager
1. Full Screen Capture
2. Continues Thumbnail Capture
3. Flip Screen
4. Open FTP Server
5. Find Files
6. Capture from Computer Camera
7. List Recorded Passwords
8. List Cached Passwords
9. Clear Password List
10. Registry Editor
11. Send Text ot Printer

File Manager
1. Show files/folders and navigate
2. List Drives
3. Execute Application
4. Enter Manual Command
5. Type path Manually
6. Download files
7. Upload files
8. Get File Size
9. Delete File
10. Play *.WAV
11. Set Wallpaper
12. Print *.TXT\*.RTF file
13. Show Image

Window Manager
1. List visible windows
2. List All Active Applications
3. Focus on Window
4. Close Window
5. Disable X (close) button
6. Hide a Window from view.
7. Show a Hidden Window
8. Disable Window
9. Enable Disabled Window

Options Menu
1. Set Quality of Full Screen Capture
2. Set Quality of Thumbnail Capture
3. Set Chat font size and Colors
4. Set Client's User Name
5. Set local 'Download' Directory
6. Set Quick Help
7. Set Client Skin
8. Set Fun Manager Skin

Edit Server
1. PreSet Target Port
2. PreSet server Password
3. Attach EXE File
4. PreSet filename after installation
5. PreSet Registry Key
6. PreSet Autostart Method:
Registry: Run
Registry: RunSevices
Less known method
7. PreSet Fake error message
8. PreSet Connection Notify Username
9. PreSet Connection Notify ICQ#
10. PreSet Connection Notify E-Mail
11. PreSet Connection Notify IRC Chan.
12. PreSet IRC Port
13. Change Server *.exe Icon

The author of SubSeven backdoor calls himself Mobman. His backdoor can be
considered to be the most advanced one at the moment.

Subseven tries to use ICQ, IRC and different e-mail accounts to notify the
author that his victims are online.


I know that this is not much info but it was the best I could do in
so short amount of time.

0 new messages