NetBuster 1.12

NetBuster is shareware. If you find it useful and want to support me
in keeping NetBuster updated then send whatever you think its worth to:

Hkan Bergstrm
Hans Nilssongatan 7
296 32 hus
SWEDEN
---------------------------------------------------------

Files that should be included in netbuster.zip.

netbuster.jpg
netbuster.exe  
notify.wav
drive.dsk    
netbuster.rtf  (this doc in rtf format)
netbuster.txt  (this doc in txt format)

1.  What is NetBus and NetBuster?

First of all you will have to know what NetBus is.
NetBus is a program that allows people to access your computer via internet.
Is consists of TWO parts, one client part and one server part.  The client part
is the part the intruder uses to control your computer if you have the SERVER
installed.  The server is usually called sysedit.exe, patch.exe or explore.exe.
Somebody might install it to your computer without your knowledge, or you 
might run a program that installs it.  One of these programs is a game called
Whack-a-mole, it installs a file called explore.exe, which is a NetBus server.
Explore.exe is the official NetBus 1.60 server called patch.exe renamed.
This version installs itself to the autostart registry so that it will be autostarted
everytime you reboot windows.    To protect yourself against NetBus is no
problem, just check the registry for unknown files and remove.  But to me
this isnt enough, i want to know WHO is trying to NetBus me, and fool 
with the guy NetBusing me instead.  So i made NetBuster.
NetBuster emulates the serverversion of NetBus so that people can connect
you and believe theyre fooling around with you.  Instead all their actions 
will be logged, together with their IP adress, date and time.
As if this wasnt enough you can fool with them instead.    Unfortunately you
cant do the same actions to them as theyre trying to do to you, but you can
send them multiply messages which could be very irritating.  And you can select
files to be transmitted as screendump, recording or other files on requests.
For example, they want a screendump of your screen. If youve selected a
JPG image this will be sent as a screendump image.  They will probably
get chocked when they gets a picture showing a fat ass with the text kiss me or
something like that.   Or a wavefile saying something rude when they try to record.
You can also select an executable file to be sent when they try to download a
file from you.  But how do they know what file to download?  Well, there is
a file called drive.dsk which is a faked directory tree.  They might want some
files from this dir, and if they try to download anything they will get the
file you selected, and they will get the same filename as they wanted!
This file could be anything, perhaps a netbus server, or a program crashing
their computer.  You cant edit this directory tree file from NetBuster, but
if you have a Hex-Editor you can make changes to it if you want a personal
directory file.

2.  How does it work?

When starting NetBuster it first scans the memory for known versions of
NetBus servers.  If not found then it activates itself and the activate button
will change name to Inactivate.      I guess most of the functions doesnt need
to be explained, Fooling with volume might need explanation.
When turned on and user tries to record his balance-controls of the volume 
will jump around for about 10 seconds. 
If Check if NetBus is installed on remote IP  is checked then it checks
the IP adress of the connected intruder for NetBus servers.  If found you will
get through EVEN when password protected!  You can then set the password
to whatever you want, and connect him via your own NetBus if you have it.
You will also be able to do some nice things to him direct from NetBuster,
if you want to do anything else you will have to connect him via NetBus.

3.  Whats new in version 1.12?

Fixed the list index out of bound bug on filetransfer.
It now works under NT systems.
Trayicon and hidden from taskbar when minimized.
Notify signal on connect. 
Finds more versions of NetBus servers.
View the autostart registry to find possible NetBus servers.
Checks if NetBus server is running on remote IP.
Better log handling.  
Better user-interface.

3.  Error Messages

If you get an error message saing Error on API-bind (10048) it means that
NetBuster cant allocate port 12345 because its already allocated by another program.
Most surely this is a NetBus server.  NetBuster checks the memory for usuall versions
of NetBus servers and removes it if found. If not found then this error message appears.
To solve it you can check the autostart registry under the tab SCAN.
Be carefull, dont remove anything unless sure its a NetBus server.
If there is a file with the parameter /nomsg then check it out, it might be
a netbus 1.60 server. 
After removing a file from the registry you will have to restart your computer.
If you still get the error message, youve deleted the wrong file.
If you need help, then mail me together with the list of your registry.


For bug reports or anything else contact me at gibby@swipnet.se
Latest version can be found at http://surf.to/netbuster









