DonkBoy Internet
Home of the famous
Information Archives.
Terms of use  

Information on SubSeven server and Backdoor-G.
Complete list of ports

SubSeven has substantially more features than BackOrifice or NetBus. Depending upon counting method one comes on 113 to 117 characteristics, which are divided on eight functional modules (managers)

I would like to enumerate the most important and most interesting characteristics briefly here. You find a detailed characteristic list on the Orginal homepage or with DATA Fellows. In principle one can assume SubSeven all characteristics of back Orifice and NetBus possesses.
Beyond that the following additional functions are available:

    Fun manager

  • Mouse pointers hide
  • Windows colours and - dissolution change
  • Internet connection interrupt
  • Modify from date and time
  • Hiding places (and displays) the Desktop Icons and the start Buttons
  • Switching of the monitor on and off
  • Disable / Enable of < CTRL+ALT+DEL >
  • Record the signals of attached microphone
     

    Connection manager

  • IP scanner
  • Query of computer and username
  • Query of different hard and software information (CCU speed, hp size of, current dissolution, Windows version etc..)
  • Notification by ICQ, IRC and E-Mail (over activated server)
     

    Key board manager

  • Log from keyboard entries (also off-lines!!!)
  • ICQ Spy
  • Switch off the keyboard
  • Closing and removing (Deinstallieren) servers
     

    Misc. Manager

  • Announcement of passwords (ge-cached or recorded)
  • Capture of an attached camera
  • Display Capture (automatic: between 1 and 30 second)
  • Open FTP FTP-Servers
  • Edit the Registry
  • Printouts of text (TXT and rtf) on the angschlossenen printer

    File manager

  • Announcements and deletion of files and directories
  • Execute from applications
  • Transferred by files (upload and down load)
  • Set a " barrier PAPER "
     

    Windows manager

  • Displays of all active windows and applications
  • Closing of Windows and power-off of the " X " (CLOSE off) Buttons
     

    Option menu

  • Determines to the quality of the Full Scree Capture
  • Adjusts the " Download Direcory "
     

    Edit server

  • Determine the port (standard: 1243)
  • Adjust the autostart function (Registry, Win.ini etc..)
  • Modify the file size and the server Icons
  • Attach any EXE files
  • Adjust file names after the installation
  • Adjust the Registry k

SubSeven alias Backdoor g detect and counter measures take

For the autostart SubSeven installs itself either in c:\windows\win.ini or c:\windows\system.ini - or in the Registry in:
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run or
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
 
 
As previously mentioned SubSeven uses according to standard the port 1243, which can be easily modified however with EditServer. For the same reason there are also many names, under which the program files and DLLs can occur. The most usual names are:
 
SERVER.EXE
KERNEL16.DLL
RUNDLL16.COM
SYSTEMTRAYICON!.EXE
WINDOW.EXE
 
All these files are to be found in the Windows directory. A further file with the name WATCHING.DLL is under Windows\System.
But as said: All files can be renamed!
A further skillful method, the server to loose-will is the use of the Remove servers- functionality of the Connection of manager (in the Client). In this way can be checked - with well-known port number Servers - also at the same time the successful installation servers (a connection to 127,0,0,1 may not be possible any longer!).

SubSeven: Rechliche questions, FAQ

Since the questions for all Backdoor programs are the same, they have been summarized on its own page. Please you read these also, before you transmit a E-Mail or an ICQ inquiry to me!):

Other resources:

The Basics of SubSeven (aka Sub7 or Backdoor_G)

 

Thursday, January 11, 2007

© Dancom Industries.
All Rights Reserved

GoStats stats counter
GoStats stats counter