Home | About Us | Contact Us | Threats to your Security on the Internet | Products | Support | Online Store

RCT's & RAT's
What are they?
How do I detect them?
How many are there?
What ports do they use?

How do I Remove?
Acid Shivers
Acid Shivers (modified)
Back Orifice
Baron Knight
Big Gluck
Blade Runner
Deep Back Orifice
Delta Source
Doly Trojan
Deep Throat
Deep Throat v2
Executer v1
Executer v2
Hack 'a' Tack
Master's Paradise
NetBus 2 Pro
Sockets 'de Troie
SubSeven (Sub7)
Whack-a-mole (NetBus)

Additional Resources
Latest News
Recommended Books
Recommended Links
Recommended Software


NetSphere currently affects Windows 95/98 PC's.

The "server" portion (typically named "nssx.exe") is approximately 640kb in size and can be found in the WINDOWS\SYSTEM directory.

NetSphere uses TCP ports 30100, 30101 and 30102 (by default) are used to establish its connection between the "client" and "server".

Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.

Who is Responsible?

NetSphere was written by Sean Hamilton

Provided below, is a picture of what the "client" portion of the software looks like. It's what the remote user would use to control your system. What could be easier than "pointing and clicking" your way through another users PC?

NetSphere client GUI screenshot

Below are some of the functions that NetSphere offers:

The following information will be sent, assuming it was found. So you might not get all of it.
- Windows Version
- Registered Owner
- Registered Organization
- Windows Directory
- Login/Profile Name
- Computer Name
- Workgroup Name
- Computer Description
- Processor
- Processor Type
- Address
- City
- Province/State
- Country
- Postal/Zip Code
- Phone Number
- Time Zone
- Total RAM
- Used RAM

Turn on and off their monitor, that is, assuming it supports power functions. Also you can change their screen resolution (and colour depth).

- Add UIN to target's contact list
- Add me to target's contact list
- Add target to my contact list

Capture Screen
Capture in various resolutions. On 56k, the capture download can take anywhere from 5 to 30 seconds.

- Reverse and restore mouse buttons
- Enable and disable mouse trails
- Graphically set cursor position (drag to control mouse)
- Graphical real-time update of cursor position

File system
Directories and files are displayed in real-time with Windows-standard icons for each. Unless an icon is the blank page, you can double-click on it to do something. And you don't get an access violation when you click where there isn't a file (as with NetBus Pro). Download and upload, complete with resume.

App list
Real-time list of applications and windows on the screen, including the Start button, the system taskbar, and the desktop icons. Easy to manage, unlike the one in NetBus Pro. With each, you can:

- Switch to
- Terminate
- Hide
- Show
- Minimize
- Maximize
- Restore
- Change Caption

You also get the following information about each window:
- Caption
- Executable
- State (Invisible, Active Wnd, Active App)

Record from 5 to 60 seconds of audio. On 56k, it takes about twice as long to download as it does to record. The audio capture will turn on the microphone. You can play sounds on the target computer via the file system.

Batch File
Create a batch file locally, then execute it invisibly on the target.

Client Chat
Hate it when you connect to a NetBus server and hit 'Server info' and it says that there is 2 clients connected to the server, but you have no idea who it is? So, you say, Ha! I can just use NetBus Pro. With Sphere, you can use that crappy Old Fashioned way of chatting, as in NetBus Pro, or you can use IRC-style chat.

You can send a message to the server, and it will appear in a window.

You can get a list of connections on the server. That way, if you want to figure out what server they're playing Quake II on, you can easily find out. You can also open a URL on their browser.

Shutdown and logoff. Why would you want that, anyways?

Built into the GUI are a Ping client, a DNS Lookup (straight and reverse) client, and an IP scanner far faster than the one in NetBus. New to 1.26 is IP Query, which checks an IP (or DNS) for several trojans, also gets their IP and DNS.

Online Help
At your option, you can enable online help, in case you don't know what something does.

How to Remove

Several steps involve working within the registry and although the steps are easy, I cannot be held responsible if a mistake is made. Please use caution.

Step 1.
type REGEDIT and hit ENTER

Step 2.
In the left window, click the "+" (plus sign) to the left of the following:

Step 3.
In the right window, look for a registry key with a Name value of "NSSX" and a Data value of "C:\WINDOWS\system\nssx.exe". This is the registry key that provides the ability to load the server portion whenever the PC is started.

Provided below, is an example of what the default registry entry would look like:

Step 4.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.

Step 5.
Exit the Registry

Step 6.
Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.

Step 7.
After the computer has restarted, change to the WINDOWS\SYSTEM directory (e.g. CD WINDOWS\SYSTEM) and delete the "nssx.exe" file (e.g. DEL nssx.exe).

Step 8.
Press CTRL-ALT-DEL and allow Windows to restart.

Congratulations, NetSphere has now been removed from your system.

While Commodon Communications does not participate in or condone the activities of hacking. We recognize the need to educate persons who express an interest so they can better identify the activities associated and to better protect themselves and/or their organization. If you're interested in purchasing software for the purpose of learning the subject of hacking and Internet Security click here to visit our online store.

    © Copyright Commodon Communications. All rights reserved.