by Positron
Written in Delphi, compressed with UPX
Features: ; ; - SpyBot compatible commands, ; ; - AV/FW killer, ; ; - CD-Key Stealer, ; ; - Mydoom spreader, ; ; - NetBIOS spreader, ; ; - Encrypted strings in EXE, ; ; - Web-server (http://xxx.xxx.xxx.xxx:Port), ; ; - API search engine by CRC32 (used only for important APIs), ; ; - KeyLogger (Keylog file can be download from webserver too), ; ; - P2P spreader (Kazaa, Edonkey, Morpheus, XoloX, ShareAza, LimeWire, ; ; - Prepend all .exe files in shared dirs if they are smaller than 5MB, ; ; - Support DCC SEND, DCC GET, DCC CHAT and topic commands. ; ; v0.58 -LogOut when BOT disconnect fixed, -!logout command added, -GetNick and DownloadFile functions are fixed, -!rawclones command fixed, -almost all strings are encrypted in compiled .exe, -!redirect and !stopredirect commands are added. Positron GhostBot: dropped file: c:\WINDOWS\ape1xnN5.exe size: 35.128 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PVIEW95" data: C:\WINDOWS\ape1xnN5.exe does (try to) connect to an IRC server tested on Windows XP 15 November 2004MegaSecurity