How to hack with sub7

Sub7 Introduction

Sub7 is the most popular and the most powerful Trojan Horse program available to the public. It's distributed free of charge at www.sub7.org.

This program can be used as a professional spying tool or as a prankster-toy, either way, it's extremely lethal.

Originally known as Backdoor G, Sub7 has been revised sixteen times since 1999 and the new version, 2.3 is soon to be released. It's best know for its overall ease of use and flexible settings.

Below is a partial list of what Sub7 can do.

Monitor ALL of your online activity (purchases, chat, mail)
Watch You (if you have a web cam)
Listen to You (if you have a microphone)
Copy ANY of your files
Delete ANY of your files
Put ANY file on your computer
Record your passwords
Record your Keystrokes (on and off-line)
Open/Close your CD-ROM drive
Print Documents
Flip or Turn off your Monitor, keyboard, mouse
Navigate you to unwanted and offensive web sites
Host FTP servers
Host Sub7 cracking servers
Edit your Registry
Browse your network
Redirect incoming connections
Change screen resolution
Change Windows colors
Change Volume
Change Desktop wallpaper
Play sounds files
Play voice (using a Text to Speech engine)
Turn off the speakers
Change time/date
Update itself with a newer version
plus much more

Sub7 tends to escape virus detection due to the fact that it morphs, or changes a little each time its sent to a new victim.

Check out some Sub7 screen shots to get a general idea of what it looks like (from a hackers point of view).

Sub7 Main Window. Allows the hacker to change different server settings. As you can see, one of the options is completely removing the server from the host machine.

Sub7 Print - Allows a hacker to print anything out on your home printer. This is typically used by the pranksters.

Sub7 Fun Manager - One of the many "fun" features Sub7 offers. This is the prankster-toy side of Sub7.

Sub7 Screen Capture. Allows a hacker to receive continuous screen shots of your screen. This mean that whatever you see, chat, e-mail, online shopping, the hacker sees as well. These live feeds can actually be saved so the hacker can play it back like a movie and go over any information he/she might have missed.

Sub7 File Manager. Allows the hacker to copy, delete, rename, run any file on your computer.

How it loads, where it hides

Sub7 can be set to hide in just about any directory and can be loaded from the registry, system.ini, win.ini, and a few other less known places. Since the server editor that comes with Sub7 allows customization of startup, and the actual executable file, it is impossible to pinpoint the exact place Sub7 hides (since it's different with every file). What makes it even harder to find is that it can be assigned a different file name each time its ran, so every time you reboot your computer the file is somewhat altered (making it much harder to track down and delete)

Sub7 Server Editor Program. Allows you to customize your server so virus scanners and Intruder detection systems can't find it.

Sub7 will usually hide in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_CLASSES_ROOT\*\shellex

If it is placed in the shellex part of the registry, and if you actually find the infected file and remove it (assuming you used a virus scanner) your computer won't function properly. You will not be able to load ANY application, this is why.

By putting itself in that particular key the Trojan Horse essentially attaches itself to every file you run. This is because whatever you click on, windows will check that key and run whatever application is in that key passing the original program as a parameter (it is a bit confusing but read on). Let's say you clicked on notepad.exe. Windows runs c:\windows\sub7.exe /notepad.exe (because that is what was inserted into that shellex key). Sub7 then executes notepad and it seems to you like nothing special happened. Well, lets say you were to delete sub7.exe, now, when windows attempts to run notepad.exe it gets confused because there is no such file as sub7.exe. It will return an error and not execute that file. In fact, it will not run any file, and after you reboot your machine windows will bomb you with a ton of errors.

Why would it ever want to attach itself to that key?

One thing you have to keep in mind is that once Sub7 is attached to that key, it literally controls which applications you can and can't run. This is commonly used to stop you from running the registry, anti-virus, and anti-hacking programs. If you can't edit the registry then you can't get rid of the Trojan Horse, and if you delete the executable you're essentially taking down your entire system and rendering it useless. Pretty clever eh?

What if it's too late?

If you have the Sub7 server, or suspect you might have it, you basically have two options.

1). Format your hard drive Erase all information, including the Trojan Horse, Windows and all your personal documents and settings. This will be very time consuming and if not done properly might render your computer completely useless. (Please note that although this is an option we do not recommend it. Neither Zelon Technologies nor anyone associated with HackGuard can be held responsible for any loss of data caused by our recommendation)

2). Get HackGuard. Although HackGuard won't attempt to delete Sub7, it will detect it and disallow any communication between the server and the client. HackGuard will try to disarm Sub7 by sending the messages that the client would use to remove the server. This in extremely effective in safely removing most Trojan Horses. HackGuard essentially creates a wall between the hacker and your computer. Think of Sub7 as a stick of dynamite without a match. It's useless.


				*Vexx Impact* *How to hack with sub7*



	Home Links \| My friends \| Chat room \| Forum \| How to hack for there IP \| How to hack with sub7 \| Cyclodrome \| Dragons \| Snatch a Graphic \| Contact Me \| UFO \| UFO Ships \| Computer pranks \| Funny \| Warning \| Fantasy \| Off the wall \| Thunder






		Sub7 Introduction Sub7 is the most popular and the most powerful Trojan Horse program available to the public. It's distributed free of charge at www.sub7.org. This program can be used as a professional spying tool or as a prankster-toy, either way, it's extremely lethal. Originally known as Backdoor G, Sub7 has been revised sixteen times since 1999 and the new version, 2.3 is soon to be released. It's best know for its overall ease of use and flexible settings. Below is a partial list of what Sub7 can do. Monitor ALL of your online activity (purchases, chat, mail) Watch You (if you have a web cam) Listen to You (if you have a microphone) Copy ANY of your files Delete ANY of your files Put ANY file on your computer Record your passwords Record your Keystrokes (on and off-line) Open/Close your CD-ROM drive Print Documents Flip or Turn off your Monitor, keyboard, mouse Navigate you to unwanted and offensive web sites Host FTP servers Host Sub7 cracking servers Edit your Registry Browse your network Redirect incoming connections Change screen resolution Change Windows colors Change Volume Change Desktop wallpaper Play sounds files Play voice (using a Text to Speech engine) Turn off the speakers Change time/date Update itself with a newer version plus much more Sub7 tends to escape virus detection due to the fact that it morphs, or changes a little each time its sent to a new victim. Check out some Sub7 screen shots to get a general idea of what it looks like (from a hackers point of view). Sub7 Main Window. Allows the hacker to change different server settings. As you can see, one of the options is completely removing the server from the host machine. Sub7 Print - Allows a hacker to print anything out on your home printer. This is typically used by the pranksters. Sub7 Fun Manager - One of the many "fun" features Sub7 offers. This is the prankster-toy side of Sub7. Sub7 Screen Capture. Allows a hacker to receive continuous screen shots of your screen. This mean that whatever you see, chat, e-mail, online shopping, the hacker sees as well. These live feeds can actually be saved so the hacker can play it back like a movie and go over any information he/she might have missed. Sub7 File Manager. Allows the hacker to copy, delete, rename, run any file on your computer. How it loads, where it hides Sub7 can be set to hide in just about any directory and can be loaded from the registry, system.ini, win.ini, and a few other less known places. Since the server editor that comes with Sub7 allows customization of startup, and the actual executable file, it is impossible to pinpoint the exact place Sub7 hides (since it's different with every file). What makes it even harder to find is that it can be assigned a different file name each time its ran, so every time you reboot your computer the file is somewhat altered (making it much harder to track down and delete) Sub7 Server Editor Program. Allows you to customize your server so virus scanners and Intruder detection systems can't find it. Sub7 will usually hide in the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices or *HKEY_CLASSES_ROOT\\shellex** If it is placed in the shellex part of the registry, and if you actually find the infected file and remove it (assuming you used a virus scanner) your computer won't function properly. You will not be able to load ANY application, this is why. By putting itself in that particular key the Trojan Horse essentially attaches itself to every file you run. This is because whatever you click on, windows will check that key and run whatever application is in that key passing the original program as a parameter (it is a bit confusing but read on). Let's say you clicked on notepad.exe. Windows runs c:\windows\sub7.exe /notepad.exe (because that is what was inserted into that shellex key). Sub7 then executes notepad and it seems to you like nothing special happened. Well, lets say you were to delete sub7.exe, now, when windows attempts to run notepad.exe it gets confused because there is no such file as sub7.exe. It will return an error and not execute that file. In fact, it will not run any file, and after you reboot your machine windows will bomb you with a ton of errors. Why would it ever want to attach itself to that key? One thing you have to keep in mind is that once Sub7 is attached to that key, it literally controls which applications you can and can't run. This is commonly used to stop you from running the registry, anti-virus, and anti-hacking programs. If you can't edit the registry then you can't get rid of the Trojan Horse, and if you delete the executable you're essentially taking down your entire system and rendering it useless. Pretty clever eh? What if it's too late? If you have the Sub7 server, or suspect you might have it, you basically have two options. 1). Format your hard drive Erase all information, including the Trojan Horse, Windows and all your personal documents and settings. This will be very time consuming and if not done properly might render your computer completely useless. (Please note that although this is an option we do not recommend it. Neither Zelon Technologies nor anyone associated with HackGuard can be held responsible for any loss of data caused by our recommendation) 2). Get HackGuard. Although HackGuard won't attempt to delete Sub7, it will detect it and disallow any communication between the server and the client. HackGuard will try to disarm Sub7 by sending the messages that the client would use to remove the server. This in extremely effective in safely removing most Trojan Horses. HackGuard essentially creates a wall between the hacker and your computer. Think of Sub7 as a stick of dynamite without a match. It's useless.