Archive A Reconstructed © MegaSecurity Database

Genie 1.7

Released 19 years, 3 months ago. January 2007

By prncipia

Informations

Author	prncipia
Family	Genie
Category	Remote Access
Version	Genie 1.7
Released Date	Jan 2007, 19 years, 3 months ago.

Additional Information

dropped:
c:\WINDOWS\rainboy.onj                       Size: 1,004,032 bytes 
c:\WINDOWS\system32\MSPSTL32.DLL             Size: 15,360 bytes 
c:\WINDOWS\system32\CatRoot2\tmp.edb         Size: 1,056,768 bytes 
c:\WINDOWS\system32\dllcache\MSPSTL32.DLL    Size: 15,360 bytes 

changed:
c:\WINDOWS\explorer.exe
	
deleted:
c:\WINDOWS\system32\dllcache\explorer.exe

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List


tested on Windows XP
February 27, 2007

Author Information / Description

Genie v1.7  with new security procedurs,Hard to remove from users.
For Windows 2K/XP,build 01/01/2007 (Tested on win2k/xp)
Code by prncipia <
[email protected]
>

Genie is a simple Telnet backdoor program.

Note: Best use with Putty and NetCat.

----------------------------------------------------------------
Instalation > "c:\install.exe" (May takes a few seconds)

Note2: Important. Do not Remove "rainboy.onj" file.
----------------------------------------------------------------

Remove > "c:\ginstall.exe -r" or "c:\ginstall.exe /r"
----------------------------------------------------------------

Now to connect to remote host you have to type Telnet "targets_ip" 1179
then press "CTRL+A" and ENTER to activate the program.
The last step is to ask you the password and by default thes password is "katerina".
That's it.

----------------------------------------------------------------
Genie commands:

Helpme                    Genie commands.
Cdopen/Cdclose            Opens/Close CD port.
Fdownload                 Download files from sites.
Mlock/MUnlock             Lock/Unlock Monitor.
Msg                       Send message to your victim.
Mypass                    Change default password.
Myport                    Change default port.
Pview                     Shows current running process with PID.
Pkill                     Terminate a process.
RLock/RUnlock             Lock/UnLock registry.
Reset                     Reboot windows.
Reload                    Reload genie - new settings.
Sdown                     Shutdown victim computer.
SecOn/SecOff              Start(Default)/Stop Genie Security procedures.
SFile                     Auto start file.
TLock/TUnlock             Lock/UnLock Taskman.
Users                     Logon users on Genie.
Exit                      Close current connection.
Gshutdown                 Shutdown the genie.


prncipia

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.