Ghost removal

Spyware Ghost Information
Name: Ghost Category: RAT Author: Lame_Joker Coded in: Visual Basic Dangerous: Yes

Ghost belongs to RAT spyware category.
Not related to Ghost 1.0 by Yu Guang Wai. It's presense means that your computer is infected with malicious software and is insecure.

Ghost description by Lame_Joker:

Vendor: ´The purpose of this application is to ANNOY THE VICTEM without giveing the ´hacker´ the utilitys that could destroy or damage the victem´s computer... Open/Close you host´s CD-ROM drive, Hide/Show start button, Hide/Show startBar, Hide/Show taskIcons, Disable/Enable Ctrl+alt+del, Set a random background color, Logoff user, Force restart, send customed messages, Send host to a url, Blackout/Blackin host´s windows, Start host´s notepad, Chack ICQ UINs for online status, Prank host, Put a custome junk File on Host´s DeskTop ,Print crap on host´s printer, reset host´s mouse position & Hide/Show teskBar Clock. Pranks: MS warning - Send the host a fake worning message from the MS server telling it that an illegal Windows key number was detected installed on his system. Tip of the day - Let the host know about some interesting yet stupid tips/facts about himself.´ ´This server is undetected to most antivirus applications! Including Macaffe,Norton,The cleaner,AVP,Panda,Esafe(Antivirus) etc... Server is very small (31k), & was tested on Win9x/NT/ME/XP platforms. In order to work, MS VB runtime any file must be installed on target PC (including winsock controls!)´ ===================== Ghost v2.3 - OnLine Hacking utility ===================== By using this application you agree to the following terms: 1) I (The man referred by the name of Lame_joker) will not be held responsible & will not accept responsibillity for the use of this application (Use it at your own risk!). This is also including all forms of damage or loss of data & hardware. 2) This Application is a freeware & that means you can copy it to any one you want as long As you keep all of the contents of this zip file along. How do I use this thing? 1st you need to find yourself a victim... then you send him the "server.exe" file (you might wanna edit it 1st...) the victim execute the file & walla! you can connect to his/hers IP number & annoy them to death! In this zip file you can find: Ghost.exe - The client side of ghost. Server.exe - The server part of ghost. Ghost server editor - Enables you to edit some of the settings in the Ghost server (Only for version 2.3) Binder.exe - Bind server with an exe for easy infestation. Winsck_Droper.exe - Installs "Mswinsck.ocx" on remote computer (try binding it with server!). Small Server.bat - Make server smaller using upx.exe, Edit before compressing! (you will not be able to do so after the server has been compressed!). ReadMe.txt - This text file. With ghost you can: Open/Close you host´s CD-ROM drive, Hide/Show start button, Hide/Show startBar, Hide/Show taskIcons, Disable/Enable Ctrl+alt+del, Logoff user, Force restart, send customed messages, Send host to a url, Blackout/Blackin host´s windows, Start host´s notepad, Prank host,Print crap on host´s printer, reset host´s mouse position , Hide/Show teskBar Clock, Disable host´s mouse, Disable host´s Keyboard & messup host´s windows colors,Spy on open windows,Close active windows, Open window, Flick keyboard lights, Control any file using file manager, Log keys, chat with host, Get data & ICQ numbers, Send key types. Pranks: MS warning - Send the host a fake warning message from the MS server telling it that an illegal Windows key number was detected installed on his system. Tip of the day - Let the host know about some interesting yet stupid tips/facts about himself. Insult machine - Let the person know what you really think about him ;) FAQ: Q:Why in some cases the server isn´t infecting the target system? A:could be a application running on memory blocking the server (Fire walls, task managers etc...) Q:Some times when I use WindowSpy it is caption is blank. A:The caption showen in WindowSpy is the caption of the current window host´s mouse position is at, might give you some ideas ;) Q:Client isn´t connecting. A:Are you sure the host was infected?, maybe to host is running a firewall on his system. Q:When active: the server is sending an error about "Mswinsck.ocx" A:Well..., Ghost client & Ghost Server are in need of "Mswinsck.ocx" to be installed in local & remote platforms, you can find it in the Ghost zip file, or use the "Winsck_droper.exe" to install it on remote computer (You can bind it with the server!) Q:When I try to connect to a victim I get this message: "Ghost X.X server´s are no longer supported by this client!" what is this all mean? A:The recent versions of Ghost has newer communication engine, & because of that the older versions of Ghost are no longer supported, & that means the server or the client might not function as they should... Q:How can I connect you? A:Email me: Lame_Joker@yahoo.com All rights reserved to Lame_joker, 2001 Have fun! :) Ghost Mini-Server: Date of release: 4.4.02 Server is very small (31k), & was tested on Win9x/NT/ME/XP platforms. In order to work, MS VB runtime any file must be installed on target PC (including winsock controls!) What is so different about this release? -The server is smaller then ever! -All the original server´s options are available (except for Chat and Pranks options) -Undetected! -XP compatible -Now made to be used as an attachment for "GodWill" like applications... -v2.3 engine bugs fixed! Options: Server startup port: 9696 Server startup keyname: Run_cd Server after infestation name: Run_cd Greetz: "Evil" for the idea :) Lame_Joker

This RAT is also known as:

•Backdoor.Ghost.20.
• Backdoor.Ghost.21.
• Backdoor.Ghost.22.
• Backdoor.Ghost.23.
• Backdoor.Ghost.24.
• Backdoor.Ghost.binder.
• Generic BackDoor.d.

>> Delete Ghost automatically - Download Spyware Doctor

Ghost Removal Instructions
Kill the following processes binder.exe, ghost.exe, ghostserver.exe, ghostservereditor.exe, mini-server.exe, server.exe, winsck_droper.exe
Remove the following files alpha.txt, binder.exe, ghost mini-server.txt, ghost.exe, ghostserver.exe, ghostservereditor.exe, mini-server.exe, readme.txt, server.exe, small server.bat, winsck_droper.exe.

Bookmark Ghost page

Previous Spyware: Remove Ghetto

Next Spyware: Remove Ghost 1.0