Lost Door is a backdoor trojan horse family of more than 10 variants which can infect Windows operating systems from 95 to XP. It was created by OussamiO and built using Visual Basic. It uses the typical server, server builder, and client backdoor program configuration to allow a remote user, who uses client, to execute arbitrary code on the compromised machine (which runs the server whose behavior can be controlled by the server editor). The server component (75,053 bytes) when running, connects to a predefined IP address on TCP port 2185, awaiting commands from the remote user who uses the client component can execute arbitrary code at will on the compromised machine.
Features
Lost Door allows many malicious actions on the victim's machine. Some of its abilities include:
- Reverse connection
- Webcam shot
- Date and time manager
- printer
- Control panel
- PC control
- Executor
- Dos command
- Windows manager
- Screen shot
- Remote server manager
- Server remover
- Ip Grabber
- Server Downloader
- Icon Changer
- Audio Streaming
- Encrypt Settings
- Volume Control
- Connection Logs
- Installed Application
- Infect All USB
- Multilanguage
- Services Viewer
- Remote passwords
- MSN Controller
- Remote Shell
- Chat with server
- Send fake messages
- files manager
- Find files
- Change remote screen resolution
- Information about remote computer
- Clipboard manager
- Internet Explorer options
- Running Process
- Online key-logger
- Offline keylogger
- Fun Menu
Infection Method
Lost Door has a server creator with features that allow it to be undetected by antivirus and firewall software, and also allow it to stealthily run in the background. The software only runs completely (including rootkit) in Windows XP/2000. Such features include disabling security software, removing and disabling system restore points, and displaying a fake error message to mislead the victim.
CLICK HERE TO DOWNLOAD ALL AVAILABLE VERSIONS FOR FREE
This version is now detectable by ESET NOD32 Antivirus. For other AV's, I have not checked.
Server
Dropped Files:
c:\WINDOWS\system32\dlllhost.exe
Size: 129,808 bytes
Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Winupdate"
Data: C:\WINDOWS\system32\dlllhost.exe
REFERENCES
- http://www.checkpoint.com/defense/advisories/public/2009/cpai-30-Mar.html
- http://www.megasecurity.org/trojans/l/lostdoor/Lostdoor_all.html
- http://www.techmantras.com/content/lost-door-32-rat
Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
10 Visitor Reactions & Comments:
How good is this Trojan & Backdoor hacking software
How good...
hmmmm..Their no specific parameter to define.
It you achieve you goal.. its good otherwise not. Simple
Poison Ivy is Also Awesome...
Easy To Use..
@ vs4vijay
Pls share
thanks for the article
@ Swamy....Keep visiting
the site was not opening
"server not found" plz give any other download link" this is my id:
The official website of Lostdoor RAT seems down. It is: http://www.lostdoor.cn/
I have updated the post & included the direct download link for PRORAT TROJAN.
Demonstration article also posted.
I have a problem with ProRat. After downloading i infect another computer using my pent drive. But, i was unable to receive any email containing the ip address which i will use in connecting to the computer. I followed all the procedure you outlined. Pls help me out
Giv the infected PC IP address on prorat client and try to connect.
If it got connected then might be their is some problem with email settings.