Archive Helmet Icon Archive A Reconstructed © MegaSecurity Database

I Feel Lucky I Feel Very Lucky

Helios 4.10-LE

Released 24 years, 3 months ago. January 2002

Copyright © MegaSecurity

By Helios

Informations
From Belgium
Author Helios
Family Helios
Category Remote Access
Version Helios 4.10-LE
Released Date Jan 2002, 24 years, 3 months ago.
Language Visual Basic
Additional Information
Client:
port: 1171 TCP




Server:
dropped files:
c:\WINNT\winstart.bat             size: 150 bytes 
c:\WINNT\system32\ScanStartup.exe size: 294.912 bytes 
c:\WINNT\system32\unist546.dat    size: 294.912 bytes 

port: 3322, 2701 TCP

startup:
c:\winnt\system.ini, [boot] "Shell"
value: Explorer.exe C:\WINNT\system32\ScanStartup.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ScanStartup "StubPath"
data: C:\WINNT\system32\ScanStartup.exe
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ScanStartup"
data: C:\WINNT\system32\ScanStartup.exe
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices "ScanStartup"
data: C:\WINNT\system32\ScanStartup.exe 

tested on Win2000

Author Information / Description
full VB6 trojan horse
HelioS-Trojan-4.10-LE 

by HelioS Himself

startup
-------

reg/run
reg/runservices
win.ini
system.ini
winstart.bat

installs itself in system dir \ScanStartup.exe

port 2701

functions
---------

-running tasks
-running windows
-upload
-download
-full media control
-all the lamer stuff and lots more
-capture screen bmp or jpeg
-desktop clicker
-change every color you want
-msg box
-input box
-chat
-full DOS control
-netstat control
-seceret kernel commands
-change the start button
-regeditor
-file browser and all the file functions (del, copy,...)
-windows boot options (power off, reset, log off,...)
-the matrix
-earthquake
-pacman joke
-change wallpaper
-play a movie, mp3, wav, Audio CD, ...
-full winamp (advanced)
-mediaplayer control
-let his pc talk (merlin)
-i am gay joke
-steal his passwords
-change his resolution
-let him download a file from the internet
-change his internet explorer settings
-unistall server

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.