> Spyware Encyclopedia Page 82 > Lithium

Lithium removal

Spyware Lithium Information
Name: Lithium Category: RAT Author: Olympus Coded in: Delphi, Visual C++ Dangerous: Yes

Lithium is RAT which is malware.
Installing it is highly not recommended.

Lithium description by Olympus:

Vendor: ´This is the 1st public beta release, expect bugs (report all to me - Please note that many of the planned features have not yet been implemented in this release - Server cfg gui is a placeholder - The remote port scanner server scanner plugin is extremely syntax sensitive... easily crashes the server; informationspy will fix this in the next version.. dont use it unless you have read scan_readme.txt - Known bugs: server cfg doesnt display plugin names, ICQ notify doesnt work on some connections, show/hide window doesnt work on some machines, server scanner reports 0mhz for 9x machines, screen capture compression is bad, screen capture anti-aliasing only works on 5% increments (a mathematical mystery), hide/show cursor don´t work´ 1.02: Vendor: ´- Made connection statistics a utility window - Added popup menu to file search - Captures can now be saved as JPEG - ICQ notify now forwards a list of all IPs - Added advanced execute file window - Added msg+kick client - Added remove plugin function - Added static IP notification - Built Delphi EXEs with runtime packages´ 1.03: Vendor: ´This is the 1st public beta release, expect bugs (report all to me - Please note that many of the planned features have not yet been implemented in this release - Server cfg gui is a placeholder - The remote port scanner server scanner plugin is extremely syntax sensitive... easily crashes the server; informationspy will fix this in the next version.. dont use it unless you have read scan_readme.txt - Known bugs: server cfg doesnt display plugin names, ICQ notify doesnt work on some connections, show/hide window doesnt work on some machines, server scanner reports 0mhz for 9x machines, screen capture compression is bad, screen capture anti-aliasing only works on 5% increments (a mathematical mystery), hide/show cursor don´t work´ Lithium Version History v1.02 New Features - - Added static scripting variables: $sv_windir, $sv_sysdir, $sv_tempdir, $sv_clientdir, $sv_username, $sv_compname, $sv_serverip, $sv_serverport, $sv_serveraddr, $sv_serverid, $sv_serverver, $sv_serverpass, $sv_connected, $sv_connecting - Added new client cset vars: fileexp.editbox, any fileearch.editbox - Added new scripting functions: deletefile, copyfile, movefile, fileexists, readfiletobuffer, writebuffertofile - Added fake message box on server start - Added options to disable guest account & queries - Added save passwords/info to file - Added ability to change autostart keyname - Added remote dos shell - Added more buttons to key logger sendkeys - Added sendkeys to window - Added regrab screen on refresh option to screen capture - Added CGI notify - Added download file from URL - Added a few more variables to data plugin - Made hide cursor *better*, though it still doesn´t work well - Server now actually deletes itself on remove - Directories are now deleted recursively - Added right & left up/down mouse events to screen capture (w00t), just click in the captured picture & the click will be simulated server-side v1.03 New Features - - Added gray-scaling to screen capture - Added ICQ pager message option to edit server - Added multiple operations to file browser/search - Added directory/multiple file downloading Changes - - Changed ICQ pager script address - Numerous client changes - Remove batch file is no longer created in root dir Bug Fixes - - Fixed file transfer negotiation bugs *completely* - Shell edit´s now cleared when cls char is received - Stabilized & optimized TCP & UDP port forward services - Fixed 2K/XP server-side screen capture delay (in anti-aliasing mode) - If client is run without supporting any file, the default colors are now properly define (this ones for you, megasecurity.org folk) - Floppy is no longer accessed on drive list Olympus

This RAT is also known as:

•Backdoor.Lithium.10.
• Backdoor.Lithium.10.b5.
• Backdoor.Lithium.101.
• Backdoor.Lithium.101.b.
• Backdoor.Lithium.102.

>> Delete Lithium automatically - Download Spyware Doctor

Lithium Removal Instructions
Kill the following processes lithium.exe, lithiumserver.exe, serveredit.exe, sin.exe, uncompressedlithiumserver.exe, unpacked 1.01b lithiumserver.exe
Unregister the following DLLs and reboot cli_capture.dll, srv_capture.dll, srv_funstuff.dll, srv_multimedia.dll, srv_portscan.dll, srv_pwinfo.dll.
Remove the following files capture.lte, cli_capture.dll, default.ltf, events.lsf, example.lsf, funstuff.lte, history.txt, lithium.exe, lithiumserver.exe, multimedia.lte, multimedreadme.txt, portscan.lte, portscan2.txt, pwinfo.lte, readme.txt, scan_readme.txt, scripting.txt, serveredit.exe, serverlist.css, serverlist.pl, settings.lsf, sin.exe, srv_capture.dll, srv_funstuff.dll, srv_multimedia.dll, srv_portscan.dll, srv_pwinfo.dll, uncompressed.txt, uncompressedlithiumserver.exe, unpacked 1.01b lithiumserver.exe.

Bookmark Lithium page

Previous Spyware: Remove Litestorm.c - igmp flooder

Next Spyware: Remove Lithium 1.00