Backdoor Controller is a sethc.exe replacement that attempts to mask the presence of the well-known backdoor. If you replace sethc.exe with cmd.exe (the normal way of installing the backdoor) you can easily tell the system has been comprimised by pressing the SHIFT key 5 times.
By replacing sethc.exe with backdoor-controller.exe you'll get numerous advantages, for example:
- If you press the SHIFT key 5 times when a user is logged in, the normal sticky keys window will popup (instead of a command prompt window)
- When you press the SHIFT key 5 on the Windows login screen, you'll see a non-suspicious looking window popup
- If you select
Nothe window will disappear and nothing will happen - If you select
Yesanother window will popup asking you to enter the "threshold", in this window you are able to type codescmd- opens a command prompt window ~ a native CMD.exe process (so you don't face the errors that the old one faces)admin- toggles the creation / deletion of a administrator user accountuninstall- uninstalls the backdoor replacing the modifiedsethc.exewith the originalhelp- shows all the available options for Backdoor Controller
- If you select
In order to get the native Windows popup dialogs & convert the batch file to an executable, I used Bat To Exe Converter by Fatih Kodak. It's an awesome project, with loads of examples & excellent documentation.