| ||||||||
| IrcContact removal
It's presense means that your computer is infected with malicious software and is insecure. IrcContact description by Impactus: Creator:
IrcContact 3.0 by Impactus
IrcContact is an IRC client (Trojan/BOT) that hiddenly connects to a specified IRC server when
launched, a simple IRC client like mIRC or pIRCH is enought to have full access to the bot.
Just send the person password or the master password to log on to the bot & it´ll answer you with many
commands that made to be launched in the remote computer.
There are two levels of access: The person level & the Master level.
- The User Level can execute all commands except "Set", "User", "Bot", which consists in changing bot settings,
modifying the access list & uninstalling, restart or shutting down the bot
- The Master Level can execute all commands
The command´s with asterisk symbol before are the new command´s added from IrcContact 2.0 to 3.0
Bot Commands:
- log on with person access, the "Set", "User" & "Bot" commands will be denied
- log on with master access, All following commands will be activated
cmdlist - Enumerate commands list, NOTE: all the following commands made to be launched in DCC chat
cmdlist more - Enumerate more commands list, these commands were not included in "cmdlist" because the bot could be disconnected for flooding
\ - This will execute an Irc Command on the bot. Ex: \join #IrcContact (will make the bot to join #IrcContact)
GetInfo - Get Data about the remote computer (Windows version, Computer Name, UserName, CPU speed, etc..)
ExitWin - Exit Windows: 1=Shutdown; 2=Reboot; 3=Logoff; 4=PowerOff; 5=Force ShutDown; *6=Crash
Shell - Execute a remote shell command (DOS command)
Notify Pvts - Notifies you whenever the bot receives a private message
Wins - Notifies you whenever the remote person changes the active window
* Chans - Notifies you whenever anybody send a message, join´s ,part´s or quit is a channel (where the bot is)
Win
list - List visible windows
list all - List all windows (visible & invisible)
Activ - Activate window
Kill - Kill window
User -> "User" command requires master level access!
list - list currently logged users & retrieves the access level
add - captures a person with a certain access level
rem - remove person (log out)
Set -> "Set" command requires master level access!
nick - Change nickname
name - Change name
ident - Change ident
userpass - Change person level password
masterpass - Change master level password
channel1 - Change auto join channel1
channel2 - Change auto join channel2
channel3 - Change auto join channel3
server - Change server to connect
serverport - Change server port
NickIdent - Enable or disable nick auto-identify
NickPass - Change nickserv password (auto-identify sould be enabled)
RejoinOnKick - Enable or disable bot Re-Join-on-Kick if kicked from a channel
Bot -> "Bot" command requires master level access!
Restart - Restart bot
Sleep - Shutdown bot.. but doesn´t uninstall it!
Kill - Completly removes the bot from the infected computer
Dir - List directory, this command is recomended to be done in DCC Chat mode or the bot may be disconnected for flooding!
Get - Download a file via DCC, * this command now support´s mask download any file, Ex: ´get C:\pictures\*.jpg´ -> will download all jpeg pictures in ´C:\pictures´
mv - Move file, *work´s using ´""´ Ex: mv "C:\original file.txt" C":\destination file.txt"
cp - Copy file, *work´s using ´""´
del - Delete file
Flood - Flood a remote host during a specified time, tometimes the bot may get a timeout quit because it may not respond to server pings while flooding!
end - stop flood
*randnick - Change to a random nick
*lanlist - List shares on lan
*DNS - Resolve IP or Hostname
*Find - search for any file, Ex: ´find C:\application any file *.ini´ -> will find all ini any file in ´C:\application any file´
*Viewfile - retrieve content of a file (this command work´s only in dcc chat to prevent the bot from being disconnected for flood)
*mkdir - Create directory
*rmdir - Remove directory
*setattr - Set attributes of a file, Ex: setattr C:\ircc.txt ASH -> changes the file attributes to: ´hidden´, ´archive´ & ´system´
*msg - send a message to with the text , destination made to be a nick or a channel
*proc
*list - list the processes running on the machine
*kill - kill a proccess
*spawn - spawn a process visibility made to be 0 for hidden & 1 for visible, Ex: proc spawn 1 notepad.exe -> will spawn the notepad.exe process visible
*genclone - generate clones
*killclones - Kill the clones generated by ´genclone´ command
*port
redir - redirect a port to a remote host in a determined remote port
appredir - redirect a port an program
*wget - download a file from an url & save it to
*wgetrun - same as before but run´s the file after downloading it
*msgbox - send a message box: the can be: 0 = NOICON; 1 = Exclamation; 2 = Inquiry; 3 = STOP; 4 = INFORMATION;
- the can be: 0 = OK; 1 = OkCancel; 2 = AbortRetryIgnore; 3 = YesNoCancel; 4 = YesNo; 5 = RetryCancel; 6 = CancelTryContinue;
- the title & the text must be between "", Ex: msgbox 4 3 "Welcome to ircc3" "Do you wanna continue?" -> displays a messagebox with
an Data icon, buttons Yes, No & Cancel, The title is "Welcome to ircc3" & the text is "Do you wanna continue?".
The choosen option will be returned to you
cancel - Cancel´s any Get or Find command that should be in progress.
Ping - Ping remote machine
IP - Retrieve remote machine´s IP Address
IPset - Sometimes, IP isn´t detected correctly, if you wanna download any file & you know the IP use this command to define it!
Log Off - Log Off
Note:
- All of these commands made to be launchedThis RAT is also known as: •Backdoor.IRC.Contact.• Backdoor.IrcContact.20. • Backdoor.IrcContact.30. >> Delete IrcContact automatically - Download Spyware Doctor
Bookmark IrcContact page
| |||||||
| © 2005-2008 www.spywaredb.com All rights reserved. webmaster@spywaredb.com |