| Spybot (irc bot) removal| Spyware Spybot (irc bot) Information |
|---|
Name: Spybot (irc bot)
Category: Backdoor
Author: Mich
Dangerous: Yes |
Spybot (irc bot) is Backdoor which is malware.
Installing it is highly not recommended.
Spybot (irc bot) description by Mich: Creator: Spybot1.1 by MichOpensource irc botIRC: irc.babbels.com #dreams You can use this code however you want, as long as i am given credit in some way. This is the 1st real c application i´ve made so there´ll be some bugs in it. use at your own risk. Good luck & have fun! Features: - Key logger Online & offline key logger the offline key loggers only works if its define on in the source (settings.h) It shows the key that are pressed & the window where the were pressed. Some problems with upper & lowercase sometimes. - List processes Shows al running processes. You can kill a process. - AV/Firewall killer Kills a application if its name is in the killlist (settings.h) - DCC Send You can send a file to the bot with the normal dcc send option in mIRC (only tested it with mIRC6.03 get it from www.mirc.com) - Get File Download a file from the bot¯s pc I´ve made a special mIRC script for this (will only work with that script) - DCC Chat Just normal dcc chat option in mIRC all commands will also work here, use this if you want do giff a command that has a lot of output most irc servers will disconnect the bot if it forwards a lot of information. - List any file List al any file & dirs within your sears query example list c:\windows\*.exe will list al .exe any file in the windows dir - Hostmask match login When you do the login [password] commands the bot checks if your hostmask matches a hostmask in the trusted hosts list (settings.h). if not you cant login - Raw Commands (on connect & onjoin) Bot reads a list of raw commands when its connected or joins a channel Example: On join: MODE $CHAN +nts MODE $CHAN +k trojanforge On Connect MODE $NICK +I - Install server & make sure the startupkeys are not removed Install the server to systemdir & define file attributes to read-only system & hidden, option to melt the server (delete original filename). The server will check every 30 sec. If the startupkeys are still there if not it´ll write new ones Keys are: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - Computer info Gives some pc info including ip address - Topic commands Option to gif the bot a command with the topic (when the bot joins the channel) - Lists the passwords (only win 9x) - Execute, delete, rename file And make dir - Sendkeys - Open/close cd-rom - Reboot pc - Disconnect for x sec. - Reconnect - Quit - Raw commands Commands list Login password raw [raw command] (example: raw PRIVMSG #spybot1.1 :hello) list [path+filter] (example: list c:\*.*) delete [filename] (example: delete c:\windows\netstat.exe) execute [filename] rename [origenamfile] [newfile] (example: rename c:\windows\netstat.exe c:\windows\netstatbackup.bak) makedir [dirname] (example: makedir c:\test\ ) startkey logger (info: starts onlinekey logger & output´s to the channel\query\dcc chat) stopkey logger sendkeys [keys] (info: simulates keypresses, to simulate return hit ctrl+b (bold in mIRC) & for backspace ctrl+u (underlined in mIRC)) keyboardlights (info: flashes his keyboard lights 50x) info (info: gives some info) passwords (info: lists the ras passwords in win 9x) listprocesses (info: lists all running proccesses) killprocess [processname] (example: killprocess taskmgr.exe) NOTE: if with listprocesses the entire path shows up you must use it with killprocess to) reconnect disconnect [sec.] (info: disconnect the bot for x sec. if sec. isn´t given it disconnect the bot for 30mins.) quit (info: bot quits running) reboot cd-rom [0/1] (info: opens\close cd-rom. cd-rom 1 = open cd-rom 0 = close) DCC DCC chat and DCC send works with any normal irc client in mIRC the command is: /dcc chat [nickname] and: dcc send [nickname] for DCC get you must use the mirc script that´s in the zipfile "spybot.mrc" load it in mirc remotes /load -rs c:\unzipped\spybot1.1\spybot.mrc & type /dccget [nickname] [filename] example: /dccget victum c:\windows\system\keylogs.dll the file will be stored in the same dir as the script is MAKE SURE THE SAME FILENAME DOESNT EXISTS IN THAT DIR!! if its does exists the script will not warn you it just writes the new file at the end of the old the script isn´t telling you when the filetransfer is completed the bot does that maybe some day i going to make some userfriendly script for this :-) Encryption Support to encrypt the channel channelpass & loginpass So you cannot just hexedit the server & see it in plain text you must enable this option in spybot1.1.c to encrypt the date use the mirc script type in mirc: /encrypt [encryptkey] [information] example: /encrypt 81 #spybot this will output: tÃÃË┐¤Î it´ll copy the encrypted information to your clipboard make sure the key is the same as the decryptkey in settings.h Compiling I´ve only test it with lcc-win32 if you dont have it download it from www.q-software-solutions.com will probebly also work with VC++ if you´ve lcc just run "make spybot.bat" (make sure the lcc dir is c:\lcc\ ) You can pack it with UPX or fsg packer i use fsg & packet size is 10kb If you found bugs or have inquiry inquire them on www.trojanforge.net my nick there´s Michie Disclaimer Spybot is meant to be used for legal purposes only. Since it´s beyond the author´s control of what Spybot is used for, the author of Spybot cannot be held accountable for anything you do with this source.
This Backdoor is also known as: •Backdoor.SpyBot.gen.
>> Delete Spybot (irc bot) automatically - Download Spyware Doctor
| Spybot (irc bot) Removal Instructions |
|---|
Kill the following processes krupt.exe, spybot.exe, spybot1.1.exe | Remove the following files help!!.txt, krupt.exe, krupt.exe.bak, make spybot.bat, make with versioninfo.bat, readme.txt, recource.rc, recource.res, settings.h, settings11.h, spybot.c, spybot.exe, spybot.mrc, spybot.obj, spybot1.1.c, spybot1.1.exe, spybot1.1.obj, spybot1.2.c.
|
Bookmark Spybot (irc bot) page
|