Archive A Reconstructed © MegaSecurity Database
NtRootkit 1.21
Released 22 years, 3 months ago. January 2004
Copyright © MegaSecurity
By yyt hac
Informations
| From | China |
| Author | yyt hac |
| Family | NT RootKit |
| Category | Rootkit |
| Version | NtRootkit 1.21 |
| Released Date | Jan 2004, 22 years, 3 months ago. |
| Language | Visual C++ |
Author Information / Description
********yyt_hac's ntrootkit Server Command List********
?-------------------------------Show this list
HideFileDir [FileName or DIR]----------------------Hide the file or directory(no
para will show all file or directory been hidden)
HideProcId [pid]----------------Hide process with the id
HideProcName [procname]---------Hide process with the process name
HideKey [KeyName]---------------Hide the registry key
HideValue [ValueName]-----------Hide the registry value
HideUser [UserName]-------------Hide the User
HideServ [ServiceName]----------Hide the Service
ShowFileDir FileName or DIR-----UnHide the file or directory that been hidden be
fore
ShowProcId pid------------------UnHide the process that been hidden before with
the id
ShowProcName procname-----------UnHide the process that been hidden before with
the process name
ShowKey KeyName-----------------UnHide the registry key
ShowValue ValueName-------------UnHide the registry value
ShowUser UserName---------------UnHide the user that been hidden before
ShowServ ServiceName------------UnHide the service that been hidden before
Get RemoteFilePath [LocalFilePath]----Get the remote file to local computer
Put LocalFilePath [RemoteFilePath]----Put the local file to remote computer
KeyLogOn------------------------------Start key log
KeyLogOff-----------------------------Stop key log
DDOS DDos_Destip [DDos_Destport DDos_type DDos_seconds DDos_ProcCount]---DDos th
e destip
SDDOS---------------------------------Stop DDos
GetPwd [LocalFilePath]----------------Get the ntrootkit keylog password file to
local computer
DelPwd--------------------------------Del the ntrootkit keylog password file
Ps------------------------------------Show all processes on remote machine
Kill pid------------------------------Kill the process with the id or name
RTVer---------------------------------Show Ntrootkit server version and author i
nfo
SetPass [NewPassword]-----------------Change or show the connection password
Reboot--------------------------------Reboot the targer computer
OpenShell-----------------------------Open a command shell
system command------------------------excute command use system fuction
getsysinfo----------------------------get remote system infomation
getfile URL [LocalFileName]-----------get file from the URL to LocalFileName
Exit----------------------------------Exit the shell or rootkit
yyt hacThis archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.