from the doc: Setup/Installation Since you will be "controlling" another user's computer, we will have to install a separate program onto that machine. If you have not already done so, download "win32b.zip", and then install it on user's machine by running the included setup program. The setup program will install the needed runtime files and then place a copy of "win32b.exe" into the default "Windows" directory. Obviously for the full effect to occur, the user cannot know that you are doing this. Once the program has been fully installed, locate the win32b.exe program, and run it by double-clicking on it's icon. Please note that you will not get a confirmation that the program actually loaded into memory, nor will you see it running when you look in the -- menu (except in Windows NT); this is normal! It runs in a "stealth" mode for optimum secrecy. How to Determine a Computer Name Once the win32b.exe program is loaded into memory, you will need to know the IP-Address or Computer Name of that machine in order to successfully establish a connection. If you do not have this information, open the Control Panel by clicking "Start->Settings->Control Panel" and then double-click the "Network" icon. This will open up a "Network" Dialog Box; click on the "Identification" tab and write down the value stored in the field where it says "Computer name". Connecting to a Remote Computer Once you know the Computer Name and the "win32b.exe" program is running, launch the Remote HAVOC program and key in either the IP-Address or Computer Name where it says "Remote Machine" and then click on the "Initialze" button. This will cause the status to display "Ready to Connect!" and allow you to click on the "Connect" button. Click on the "Connect" button now; if you provided the proper connection information, the status will be updated with a message stating what time you connected to the machine as well as who is currently logged onto that machine. Tips and TricksThe most effective use of this program is to run some of the more subtle commands such as moving the mouse cursor or swapping the mouse buttons. Also, if possible, choose a computer that is visible from where you are sitting so that you can watch the victom's reaction! If you are under a person's watchful eye but you still want to get them, click the "Hide" button from the Remote HAVOC program interface. The program will still be running on your computer, however there will be no visible signs of it to the average user. When using this mode, use the icon located in the systray (next to the clock) by right clicking and navigating through the menu to select your command. If you need to regain access to the main control interface, select "Show Menu" from the systray menu. If a more advanced user has become suspicious of your activites and suspects that you are at the root of thier problems, click on the "Unload Client" button to remove the win32b.exe program from memory on that machine. This is like a "suicide pill", so once you click this, you will not have access to the program again until you re-run the "win32b.exe" program. Please note that this does not un-install or remove the file, it will only unload it from memory. If you're very daring, create a shortcut to this program and place it in the "Startup" folder on the person's computer, or for a more experienced user, place it in "load=" statement within the win.ini file. Be careful when you do this however, and be sure to make a backup to the win.ini file whenever you make a change. Please note that this will be easy to spot for the more experienced windows users, and it will be an absolute clue as to what is going on with thier machine.
Backdoor.Havoc.a
backdoor.havoc.c.exehavoc.exeremote.exe