from the doc: ' This program can be run 2 ways. 1) Just run it and leave the computer. This looks authentic but if the user presses ctrl alt delete then it can be discovered. The windows keys, alt tab are blocked but not ctrl alt delete.2) Now this way is a little more tricky but still is a lot more secure. You run a reg file which makes the screensaver timeout before logon run the program. This way no-one is logged on and as soon as it closes the real logon pops up.I think its pretty much 100percent accurate in appearance. It displays the wrong password text then closes depending on which version you are using. The difference between Dontquit.exe and Fakelogon.exe is that FakeLogon is optimized for the screensaver version and closes its self after every entry. the Dontquit.exe just keeps logging as long as its running. The program logs to DBB.DLL, this is just a text file and can be opened in notepad.exe but will be encypted so just type the path of the file into decrypter. Any questions should be directed to the address below, custom version may be availible(just send an email) The images if renamed to .jpg could be viewed. The program interprets them as images though.TIP- If you rename the program to winlogon.exe then it becomes unquitable once run, as windows thinks its the real winlogon.exe. POO.bat and Hope.reg are not VIRII. They provide the information needed to install the program as a screensaver. Either way it logs the passwords to the directory it is run from.'
Trojan Horse.LC [Panda]Win32/VB.AY!PWS!Trojan [Computer Associates]WINDOWS 2000 FAKELOGON 1.0
blakestone.exedecoder1.exedisk-ert.exedukenukem.exepoo.exetest.exewolf3d.exe