NetSphere currently affects Windows 95/98 PC's.

The "server" portion (typically named "nssx.exe") is approximately 640kb in size and can be found in the WINDOWS\SYSTEM directory.

NetSphere uses TCP ports 30100, 30101 and 30102 (by default) are used to establish its connection between the "client" and "server".

Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch in the Registry.

Who is Responsible?

NetSphere was written by Sean Hamilton

Provided below, is a picture of what the "client" portion of the software looks like. It's what the remote user would use to control your system. What could be easier than "pointing and clicking" your way through another users PC?

Below are some of the functions that NetSphere offers:

Information
The following information will be sent, assuming it was found. So you might not get all of it.
- Windows Version
- Registered Owner
- Registered Organization
- Windows Directory
- Login/Profile Name
- Computer Name
- Workgroup Name
- Computer Description
- Processor
- Processor Type
- Address
- City
- Province/State
- Country
- Postal/Zip Code
- Phone Number
- Time Zone
- Total RAM
- Used RAM

Monitor
Turn on and off their monitor, that is, assuming it supports power functions. Also you can change their screen resolution (and colour depth).

ICQ
- Add UIN to target's contact list
- Add me to target's contact list
- Add target to my contact list

App list
Real-time list of applications and windows on the screen, including the Start button, the system taskbar, and the desktop icons. Easy to manage, unlike the one in NetBus Pro. With each, you can:

You also get the following information about each window:
- Caption
- Executable
- State (Invisible, Active Wnd, Active App)

Multimedia
Record from 5 to 60 seconds of audio. On 56k, it takes about twice as long to download as it does to record. The audio capture will turn on the microphone. You can play sounds on the target computer via the file system.

Batch File
Create a batch file locally, then execute it invisibly on the target.

Client Chat
Hate it when you connect to a NetBus server and hit 'Server info' and it says that there is 2 clients connected to the server, but you have no idea who it is? So, you say, Ha! I can just use NetBus Pro. With Sphere, you can use that crappy Old Fashioned way of chatting, as in NetBus Pro, or you can use IRC-style chat.

Messaging
You can send a message to the server, and it will appear in a window.

Internet
You can get a list of connections on the server. That way, if you want to figure out what server they're playing Quake II on, you can easily find out. You can also open a URL on their browser.

Shutdown
Shutdown and logoff. Why would you want that, anyways?

Tools
Built into the GUI are a Ping client, a DNS Lookup (straight and reverse) client, and an IP scanner far faster than the one in NetBus. New to 1.26 is IP Query, which checks an IP (or DNS) for several trojans, also gets their IP and DNS.

Online Help
At your option, you can enable online help, in case you don't know what something does.

How to Remove

Several steps involve working within the registry and although the steps are easy, I cannot be held responsible if a mistake is made. Please use caution.

Step 1.
Click START | RUN
type REGEDIT and hit ENTER

Step 2.
In the left window, click the "+" (plus sign) to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run

Step 3.
In the right window, look for a registry key with a Name value of "NSSX" and a Data value of "C:\WINDOWS\system\nssx.exe". This is the registry key that provides the ability to load the server portion whenever the PC is started.

Provided below, is an example of what the default registry entry would look like:

Step 4.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.

Step 5.
Exit the Registry

Step 6.
Click START | SHUTDOWN. Choose "Restart in MS-DOS mode" and click OK.

Step 7.
After the computer has restarted, change to the WINDOWS\SYSTEM directory (e.g. CD WINDOWS\SYSTEM) and delete the "nssx.exe" file (e.g. DEL nssx.exe).

Step 8.
Press CTRL-ALT-DEL and allow Windows to restart.

Congratulations, NetSphere has now been removed from your system.

While Commodon Communications does not participate in or condone the activities of hacking. We recognize the need to educate persons who express an interest so they can better identify the activities associated and to better protect themselves and/or their organization. If you're interested in purchasing software for the purpose of learning the subject of hacking and Internet Security click here to visit our online store.