from the doc: 'Golden Retreiver v1.1
BETA By Noa What the h%ll is it? Golden
Retreiver is a very simple trojan made to do one
specific thing. Once GR is run it will ftp to your
ftp site and download the file called RunMe.exe.
After it succesfully downloads it, it will be
spawned. NOTE: For a more detailed description
scroll down. Package Description GRcfg.exe-
This needs to be run first so you can specify the
username, password, ftp server, and binary file to
download. GR.exe- This is the Golden Retreiver
trojan file that needs to be spawned on a remote
computer. This one will not restart with windows.
GRreg.exe- This is the Golden Retreiver trojan
file that needs to be spawned on a remote
computer. This one will restart with windows.
GRreg.exe.bak- This is a back-up of the one above
because the GD trojan file can only be configured
once. Read-Me.bat- Your viewing it dipsh%t.
Read-Me.pif- settings for readme file.
Detailed description When you run the
trojan file it will copy itself to c:mstask.exe
with a different icon and add itself to the reg as
"Task Manager" in /CurrentVersion/Run/. Then GR
will check and see if it has allready been run and
had a successfull download. If it hasn't then it
will ftp to your previously specified ftp site and
download the exe file named RunMe.exe(It *IS* Case
Sensitive). If it can't successfully download the
trojan at that time than it will try ever 5
minutes until it's successfull. If it is
successfull than it will not start again untill
the downloaded trojan is deleted:) !IMPORTANT
NOTES!- In the config program make sure that when
it asks you for executable that you put RunMe.exe,
or it will not work at all. Also, GR.exe will not
copy itself to the c: dir and add itself to the
reg. Getting Started Step#1. Upload your
favorite trojan or whatever to your ftp site and
rename it RunME.exe(Case Sensitive). Step#2.
Run Config.exe and specify the required info.
Step#3. Give the GR Trojan file to a victim in
some form or another. Step#4. Go to your ftp
site and look for The_Trojan_Was_Uploaded. If it's
there then trojan was successfully
downloaded. iMPORTANT iNFO The trojan file
does not require any VB runtime files because it
was not coded in VB. BUT, the config.exe program
requires VB6 runtimes. Sorry about that. I had
probs with making it in c++.'
Alias:
GR
Win32.TrojanDropper.Win32.GR
Win32.TrojanRunner.GR
