Backdoor Controller is a sethc.exe
replacement that attempts to mask the presence of the well-known backdoor. If you replace sethc.exe
with cmd.exe
(the normal way of installing the backdoor) you can easily tell the system has been comprimised by pressing the SHIFT key 5 times.
By replacing sethc.exe
with backdoor-controller.exe
you'll get numerous advantages, for example:
- If you press the SHIFT key 5 times when a user is logged in, the normal sticky keys window will popup (instead of a command prompt window)
- When you press the SHIFT key 5 on the Windows login screen, you'll see a non-suspicious looking window popup
- If you select
No
the window will disappear and nothing will happen - If you select
Yes
another window will popup asking you to enter the "threshold", in this window you are able to type codescmd
- opens a command prompt window ~ a native CMD.exe process (so you don't face the errors that the old one faces)admin
- toggles the creation / deletion of a administrator user accountuninstall
- uninstalls the backdoor replacing the modifiedsethc.exe
with the originalhelp
- shows all the available options for Backdoor Controller
- If you select
In order to get the native Windows popup dialogs & convert the batch file to an executable, I used Bat To Exe Converter by Fatih Kodak. It's an awesome project, with loads of examples & excellent documentation.