from the doc: -= ev0luti0n HTTP keylogger =- ~ expl0it shad0w ~IntroductionI wanted to make a keylogger with a difference, I dont think one has been made like this yet, if it has let me know. This is a Keylogger that records all the key strokes to a file, and it allows you to view them, just by typing the victims IP address in the Internet Explorer ( or some other Internet browser ). NOTE: the keylogger sucks, so im working on a better one.InstructionsFollow these instructions.1. Rename "Server.exe" to what ever you want, make it convincing, not like "TROJAN.exe" or "KEYLOGGER.exe".2> Send it to them and tell them its a new hacking tool, NOTE: Try binding it with a real one. If you know how. ( Once the victim opens it, it hides in memory and records all the key strokes on the computer, so you can view them with an Internet Browser like MSIE. )3> Connect to there machine on port 80 with an Internet browser, as stated above. Type in there IP address into it and just hit Enter. For example if the victims IP address was 127.0.0.1 you type in http://127.0.0.1 or just 127.0.0.1.4> have Phunn.Trojan RemovalFollow these simple instruction to remove ALL traces of the trojan.1> Goto inside the windowssystem directory and remove all these files.smsg.html - Online HTML filewincmd.exe - The Trojan ItselfMsvbrt60.dll - A needed DLLevlog.dat - Stored keystokesNOTE: If you can not delete wincmd.exe, or any of the other files, just boot into MS-DOS and delete them there. using the Del command.2> Open up your Registry Editor and remove the following entry.HKEY LOCAL MACHINESoftwareMicrosoftWindowsCurrentVersionRunWincmd - its a string.3> Thats it.
Backdoor.Haan
Windowssystemwincmd.exeWindows empserverserverev0.exe