I Feel Lucky I Feel Very Lucky

RemEye

Released 22 years, 9 months ago. February 2002

Copyright © MegaSecurity

By GAnon Crew

Informations
From Poland
Author GAnon Crew
Family RemEye
Category Remote Access
Version RemEye
Released Date Feb 2002, 22 years, 9 months ago.
Language Visual C++
Additional Information 
Server:
dropped files:
c:\WINDOWS\Msvcirt.dll        Size: 77,878 bytes 
c:\WINDOWS\Msvcrt.dll         Size: 295,000 bytes 
c:\WINDOWS\omnithread_rt.dll  Size: 45,056 bytes 
c:\WINDOWS\VNCHooks.dll       Size: 32,768 bytes 
c:\WINDOWS\winvnc.exe         Size: 208,896 bytes 


port: 5900, 5800 TCP

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005022120050228
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005030620050307
HKEY_CURRENT_USER\Software\ORL
HKEY_CURRENT_USER\Software\ORL\VNCHooks
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\winvnc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\ORL
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winvnc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winvnc\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winvnc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winvnc\Security




tested on Windows XP
March 06, 2005

Author Information / Description 
RemEye v.1.0
Copyright (c) 2002, GAnon Crew
==================================

[What is RemEye?]
RemEye is an console application that silently installs WinVNC server with password set to "abcd".
It can be used as an easy to use installer for a really good administration tool or even better trojan horse.

[Usage]
RemEye is really simple to use. To install WinVNC just run "remeye.exe".
If you wanna uninstall WinVNC server from the computer run "remeye.exe" with "-remove" parameter.

Usage example:
You can telnet over remote computer. Execute "remeye.exe". Run vncviewer.exe. 
Connect to remote computer. Type default password - "abcd",
and from this moment you have totally control over computer.

[What is VNC?]
"(..) VNC stands for Virtual Network Computing. It is, in essence,
a remote display system which allows you to view a computing 'desktop' environment
not only on the machine where it is running, but from anywhere on the Internet
and from a wide variety of machine architectures (..)" - VNC website


==================================
made in Poland

GAnon Crew

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.