IrcContact 2.0
(Backdoor.Win32.IrcContact.20)

by Impactus

Written in Visual C++

Released in August 2002

more versions 


			  	Irc Contact 2.0 by Impactus


Irc Contact is an IRC client (Trojan/BOT) that hiddenly connects to a specified IRC server when 
executed, and a simple IRC client like mIRC or pIRCH is enought to have full access to the bot.
Just send the user password or the master password to log on to the bot and it will answer you with many
commands that can be executed in the remote computer!

There are two levels of access: The user level and the Master level.
- The User Level can execute all commands except "Set", "User", "Bot",
  which consists in changing bot settings,
  modifying the access list and uninstalling, restart or shutting down the bot
- The Master Level can execute all commands

This zip file comes with 3 files:
1 - IrcContact.exe - The Trojan/BOT to be sent to the victim (You can rename it if you want!).
2 - IrcCFG.exe ----- The Configurator Tool, you can configure the trojan (IrcContact.exe) as you want.
3 - ReadMe.txt ----- The file you are reading!!
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Bot Commands:

<User password> 			- log on with user access, the "Set", "User" and "Bot" commands will be denied
<Master password>			- log on with master access, All following commands will be activated

cmdlist 		 		- Enumerate commands list, NOTE: all the following commands can be executed in DCC chat
cmdlist more 		 		- Enumerate more commands list,
 these commands were not included in "cmdlist" because the bot could be disconnected for flooding

\<command>		 		- This will execute an Irc Command on the bot. Ex: \join #IrcContact (will make the bot to join #IrcContact)
										       Ex: \privmsg #Ircc :IrcContact Really Rulez! 
											   (will make the bot to send a message to #IrcContact saying "Ircc Really Rulez!")

GetInfo			 		- Get Information about the remote computer (Windows version, Computer Name, UserName, CPU speed, etc..)
ExitWin <1 to 5>         		- Exit Windows: 1=Shutdown; 2=Reboot; 3=Logoff; 4=PowerOff; 5=Force ShutDown
Shell <Command>		 		- Execute a remote shell command (DOS command)
Notify  Pvts		 		- Notifies you whenever the bot receives a private message
	Wins		 		- Notifies you whenever the remote user changes the active window
Win	list		 		- List visible windows
	list all	 		- List all windows (visible and invisible)
	Activ <HWND>	 		- Activate window
	Kill <HWND>	 		- Kill window

User					-> "User" command requires master level access!
	list				- list currently logged users and retrieves the access level
	add <Nick> <Level>		- logs a user with a certain access level
	rem <ID>			- remove user (log out)
	
Set 					-> "Set" command requires master level access!
	nick <new nick>			- Change nickname
	name <new name>			- Change name
	ident <new ident>		- Change ident
	userpass <new userpass>		- Change user level password
	masterpass <new masterpass>	- Change master level password
	channel1 <new channel1>		- Change auto join channel1
	channel2 <new channel2>		- Change auto join channel2
	channel3 <new channel3>		- Change auto join channel3
	server <new server>		- Change server to connect
	serverport <new serverport>	- Change server port
	NickIdent <0 or 1>		- Enable or disable nick auto-identify
	NickPass <new NickPass>		- Change nickserv password (auto-identify sould be enabled)
	RejoinOnKick <0 or 1>		- Enable or disable bot Re-Join-on-Kick if kicked from a channel

Bot 					-> "Bot" command requires master level access!
	Restart <Quit msg>		- Restart bot
	Sleep <Quit msg>		- Shutdown bot.. but doesn't uninstall it!
	Kill <Quit msg>			- Completly removes the bot from the infected computer

Dir 	<directory> 			- List directory, this command is recomended to be done in DCC Chat mode or the bot may be disconnected for flooding!
Get 	<file> 				- Download a file through DCC
mv 	<Source file> <Dest file>	- Move file
cp 	<Source file> <Dest file>	- Copy file
del 	<file> 				- Delete file
Flood 	<IP> <Time in miliseconds> 	- Flood a remote host during a specified time,
                                            sometimes the bot may get a timeout quit because it may not respond to server pings while flooding!
	end				- stop flood
Ping 					- Ping remote machine
IP 					- Retrieve remote machine's IP Address
IPset 	<IP> 				- Sometimes, IP is not detected correctly, if you want to download files and you know the IP use this command to set it!
Log Off			 		- Log Off 

Note:
- All of these commands can be executed through a channel
- If you are logged on, the bot will auto accept any DCC Send or DCC chat
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

To uninstall IrcContact Trojan/BOT from your computer if IrcContact.exe was accidentally executed:
1 - Go to the registry key named HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, and delete de value that you specified
in the Runtime Pathname from the configuration tool.
2 - Reboot your computer
3 - Delete de file in <System dir>/<RuntimePathname>.exe (Ex: C:\Windows\System\winlogin.exe)

After this, no one will access your computer using IrcContact.

If you have any suggestions for the next
versions just drop me a line at [email protected]

I'm not responsible for what you do with this program and what the program causes.
So whatever you do, do it at you own risk!

Impactus


Server:
C:\WINDOWS\SYSTEM\winlogin.exe

size: 81.920 bytes

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "winlogin" 

Added:
c:\WINDOWS\SYSTEM\winlogin.dll
MegaSecurity