Netbuster 1. - What is NetBus and NetBuster? First of all you will have to know what NetBus is. NetBus is a program that allows people to access your computer via internet. Is consists of TWO parts, one client part and one server part. The client part is the part the 'intruder' uses to control your computer if you have the SERVER installed. The server is usually called sysedit.exe, patch.exe or explore.exe. Somebody might install it to your computer without your knowledge, or you might run a program that installs it. One of these programs is a game called Whack-a-mole, it installs a file called explore.exe, which is a NetBus server. Explore.exe is the official NetBus 1.60 server called patch.exe renamed. This version installs itself to the autostart registry so that it will be autostarted everytime you reboot windows. To protect yourself against NetBus is no problem, just check the registry for unknown files and remove. But to me this isn't enough, i want to know WHO is trying to NetBus me, and fool with the guy NetBusing me instead. So i made NetBuster. NetBuster emulates the serverversion of NetBus so that people can connect you and believe they're fooling around with you. Instead all their actions will be logged, together with their IP adress, date and time. As if this wasn't enough you can fool with them instead. Unfortunately you can't do the same actions to them as they're trying to do to you, but you can send them multiply messages which could be very irritating. And you can select files to be transmitted as screendump, recording or other files on requests. For example, they want a screendump of your screen. If you've selected a JPG image this will be sent as a 'screendump' image. They will probably get chocked when they get's a picture showing a fat ass with the text kiss me or something like that. Or a wavefile saying something rude when they try to record. You can also select an executable file to be sent when they try to download a file from you. But how do they know what file to download? Well, there is a file called drive.dsk which is a faked directory tree. They might want some 'files' from this dir, and if they try to download anything they will get the file you selected, and they will get the same filename as they wanted! This file could be anything, perhaps a netbus server, or a program crashing their computer. You can't edit this directory tree file from NetBuster, but if you have a Hex-Editor you can make changes to it if you want a personal directory file. 2. - How does it work? When starting NetBuster it first scans the memory for known versions of NetBus servers. If not found then it activates itself and the activate button will change name to 'Inactivate'. I guess most of the functions doesn't need to be explained, Fooling with volume might need explanation. When turned on and user tries to record his balance-controls of the volume will jump around for about 10 seconds. If Check if NetBus is installed on remote IP is checked then it checks the IP adress of the connected intruder for NetBus servers. If found you will get through EVEN when password protected! You can then set the password to whatever you want, and connect him via your own NetBus if you have it. You will also be able to do some 'nice' things to him direct from NetBuster, if you want to do anything else you will have to connect him via NetBus. 3. - What's new in version 1.12? Fixed the 'list index out of bound' bug on filetransfer. It now works under NT systems. Trayicon and hidden from taskbar when minimized. Notify signal on connect. Finds more versions of NetBus servers. View the autostart registry to find possible NetBus servers. Checks if NetBus server is running on remote IP. Better log handling. Better user-interface. 3. - Error Messages If you get an error message saing 'Error on API-bind (10048)' it means that NetBuster can't allocate port 12345 because it's already allocated by another program. Most surely this is a NetBus server. NetBuster checks the memory for usuall versions of NetBus servers and removes it if found. If not found then this error message appears. To solve it you can check the autostart registry under the tab SCAN. Be carefull, don't remove anything unless sure it's a NetBus server. If there is a file with the parameter /nomsg then check it out, it might be a netbus 1.60 server. After removing a file from the registry you will have to restart your computer. If you still get the error message, you've deleted the wrong file. If you need help, then mail me together with the list of your registry. For bug reports or anything else contact me at gibby@swipnet.se Latest version can be found at http://surf.to/netbuster J O N A Sltda Phthom@sti.com.br