Interview with Lockdown | Main Page | Trojan List | NoHack | SwatIt | Submit a virus |
Last update June 12, 2005
Join a LIVE discussion on GT Bot on DALNet #GTBot (New server)
Thanks to the joint effort of #NoHack @Ops and helpers for this information
FRAUD WARNING: It has come to our attention that certain people on the internet are marketing products and indicating they are connected with us somehow. Golcor and Trojaninfo DO NOT market any product. The only software we have ever recommended is swatit.If you have a new version of GT Bot, please send it to (DISABLED)
NEW Detect and clean Bots and Trojans off your computer using SWAT IT PRO with daily updates and new features.
Swat It is a Completely FREE program that scans your computer for Trojans, Worms, Bots and other Hacker programs. Swat It can detect and remove over 4000 different Trojan programs plus variants.
Featured: GT Bot Eblees
Join a LIVE discussion on GT Bot on DALNet #GTBot (New server)
For general overview of GT bots, visit
Lockdown Corp
To see a list of known bots go directly to the Links Table
NOTICE Due to the high volume of bots being released, Information on bots not listed here are by request only. Request information at golcor@trojaninfo.com.
The following bots have not been entered into the file listings:
GTBot.Virtual Slut
GT Bot Ariel
GT Bot Napster2k
GTBot.Angels
GTBot.Chancrack
GTBot.ChanNickServ4n
GTBot.ColdLife v4
GTBot.Dorota
GTBot.FluffyLynx
GTBot.Infonet
GTBot.Instyler
GTBot.Klez Cleaner
GTBot.MadTeaM
GTBot.Reklam2
GTBot.TheBoo03
GTBot.ModemBooster
Trojaninfo Labs have discovered GT Bot can contain extremely malicious code.
New GT Bots can exit the process if the hiding application is not found or does not have protection against accidental discovery. Many will warn the Bot master if anything is typed in the Bot-client. One Bot that was discovered tries to render the computer useless if anything is typed in the Bot-client by identifying the operating system then writes a batch containing either deltree /y or del /s /q dependent on the OS deleting drives c:\ through m:\ and finally it runs an endless loop causing the MS Dos window to keep re-opening.
DO NOT play with these Bots. If you discover one, or if one opens on your desktop, close it using the "X" at the top right hand corner. Never attempt to use a Bot for chat.
It should be noted that an increasing number of Bots being released do not edit the naming protocols for the list of wingates and nicknames. This can cause Trojan scanners to identify a newer variant of GT Bot as an older version due to the very nature of signaturing files. Most versions of GT Bot now contain auto updating so that when a variant becomes known, a new version is released, and the older Bots automatically update and old scripts deleted to avoid detection. The mIRC program it self has been hex edited to change the name of the default mirc.ini file, so the once reliable method of detecting GT Bot in this manner has become a thing of the past. In Most cases, GT Bot places its scripts and files in the same directory, so if you find one GT Bot file, hopefully this document can help you to weed out the others. Don't be alarmed if your Bot does not have exactly the same files as listed here, due to the changing Bots, a newer one may have been detected as an older version.
If you downloaded a version of the GTBot Trojan horse virus You can use the information here to help clean out the files it dropped. Originally named the Aristotles Trojan, this Trojan spawns a irc bot on your computer that can be controlled by other hackers.
If you did download a bot but did not run it, you are still okay just delete the bot file and no harm done
If you did run the file all is not lost, the following links provide a report of the trojan installation log, and can be used for information of the files you need to delete (keep in mind there are a few variants, get a #nohack op to help you if you get stuck): Do Not attempt to use the Bot-client, or type anything into it as new bots are now "booby trapped"
The first thing you need to do is run LockDown 2000 or their free scanner SwatIt. If you have an Antivirus installed, update it and scan your entire HD.
If you have first tried the above steps and they FAILED , then proceed to the following manual removal. If you do not have a purchased version of Lock Down, you can use the GT Bot version it identified to clean it by following the links below.
Manual
Removal
A basic rule of thumb was to locate a
mirc.ini file that is in a
place it is not supposed to be. Newer versions have made this method somewhat obsolete, however; some
versions still exists that use the old mirc.ini file.
Before you change the registry, we recommend you first make a back up. For instructions on this go to http://www.trojaninfo.com/reg.html
After you determine which version of the trojan you downloaded, select from the following list. Due to the offensive nature of some file names, file names that are not complete here are followed by and astrisk(*).
GT Bot 4Betà4Tech4 v2.0 WHVLXD.DAT File 1k WHVLXD.EXE File 24k gates.txt File 24k join.ini File 11k mirc.ini File 27k mirc2.ini File 37k mirc3.ini File 17k pr.ini File 34k remote.ini File 1k temp.exe File 436k temp.scr File 15k temp2.exe File 22k Back to Links Back to Top GT Bot Animal Porn ANIMAL.SCR File 1.2M GATES.TXT File 24k MIRC.INI File 27k MIRC2.INI File 38k MIRC3.INI File 17k PR.INI File 29k SETUP32.EXE File 640k TEMP.EXE File 436k TEMP.SCR File 15k TEMP2.EXE File 22k WHVLXD.DAT File 1k WHVLXD.EXE File 24k animal.scr.lnk File 1k Back to Links Back to Top GT Bot Anti_Net_Bus Anti_Net_Bus.exe File 641k WHVLXD.exe File 8k inf3.ini File 18k mirc.ini File 27k pr.ini File 29k remote.ini File 1k settings.exe File 436k stat4.ini File 8k temp2.exe File 29k Back to Links Back to Top GT Bot Antivirus CodeRed DskLoad.exe File 48k vscan2001.exe File 1.3M Critical/ Folder - cons1.dll File 25k deg326.dll File 23k expl32.exe File 579k explorer2.exe File 22k ins.dll File 9k mir436.dll File 46k mirc.ini File 3k moo.dll File 84k mstg1.dll File 7k scan31.dll File 7k updatex1.dll File 4k win32x.dll File 60k winexp32.dll File 59k winvar32.dll File 1k Back to Links Back to Top GT Bot B0rg Bot accessed.txt File 1k gates.txt File 24k mirc.ini File 28k mirc2.ini File 29k mirc3.ini File 19k mirc4.ini File 8k pr.ini File 30k remote.ini File 1k script1.ini File 4k temp.exe File 436k temp.scr File 17k temp2.exe File 22k Back to Links Back to Top GT Bot Baby-f-pic.jpg Variant SIZE DATE NAME 17733 Mar 17 21:20 MIRC3.INI 41570 Mar 17 21:20 Mirc2.ini 29856 Mar 17 21:20 PR.INI 446464 Mar 17 21:20 TEMP.EXE 22016 Mar 17 21:20 TEMP2.EXE 73303 Mar 17 21:20 Temp.scr 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 582151 Mar 17 21:20 baby-f-pic.jpg.exe 108 Mar 17 21:20 icmp.vbs 27689 Mar 17 21:20 mirc.ini 90112 Mar 17 21:20 moo.dll 12288 Mar 17 21:20 pepsi.exe 103 Mar 17 21:20 pepsi.vbs 1511 Mar 17 21:20 remote.ini Back to Links Back to Top GT Bot Billy SIZE DATE NAME 585885 Mar 17 21:20 billy.exe 72546 Mar 17 21:20 gu.exe 11699 Mar 17 21:20 mirc.ini 14976 Mar 17 21:20 rb.exe 625 Mar 17 21:20 script.ini 23 Mar 17 21:20 servers.txt 47127 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe 73530 Mar 17 21:20 tight.txt 446464 Mar 17 21:20 undelete.exe Back to Links Back to Top GT Bot Blaster SIZE DATE NAME 743861 Mar 17 21:20 Blaster.exe 29321 Mar 17 21:20 ODBC.ocx 4944 Mar 17 21:20 control.dat 8889 Mar 17 21:20 dpvsetup.dat 3083 Mar 17 21:20 mirc.ini 60 Mar 17 21:20 netstet.dat 8192 Mar 17 21:20 netstet.exe 305 Mar 17 21:20 remote.ini 12133 Mar 17 21:20 twain36.dat 18231 Mar 17 21:20 twunk_32.dat 446464 Mar 17 21:20 winipcnfg.exe Back to Links Back to Top GT Bot BlueSpyder&mimic BLuESpYdER.exe File 688k Igmp.exe File 9k chezz.ini File 2k control.ini File 2k db.ini File 1k dccsend.mrc File 1k download/ Folder - hehe.mrc File 1k hellfirezngt.ini File 12k icmp.vbs File 1k igmp.vbs File 1k igni.pif File 8k mimic.exe File 599k mimic.ini File 1k mimic.txt File 4k mirc.ini File 4k pepsi.exe File 12k pepsi.vbs File 1k remote.ini File 1k servers.ini File 1k windows.pif File 539k Back to Links Back to Top GT Bot Borg Mimic 7Yr0ldSammY* File 42k 7Yr0ldSammY* File 35k SchoolGirl* File 35k YoungGirl_Likes_To_S*> File 35k aliases.ini File 1k dalnet.txt File 10k dccsend.mrc File 1k files.txt File 1k liTl3gIrLyGiViNg* File 35k mirc.ini File 3k niks.txt File 2k reg.exe File 3k servers.ini File 1k something.exe File 22k spam.txt File 1k startup.vbs File 1k target.txt File 1k win32.exe File 1.3M zzz.dll File 36k Back to Links Back to Top GT Bot Bot SIZE DATE NAME 635647 Mar 17 21:20 BOT.EXE 108 Mar 17 21:20 ICMP.VBS 27684 Mar 17 21:20 MIRC.INI 17733 Mar 17 21:20 MIRC3.INI 90112 Mar 17 21:20 MOO.DLL 41222 Mar 17 21:20 Mirc2.ini 103 Mar 17 21:20 PEPSI.VBS 29917 Mar 17 21:20 PR.INI 1497 Mar 17 21:20 REMOTE.INI 446464 Mar 17 21:20 TEMP.EXE 22016 Mar 17 21:20 TEMP2.EXE 73303 Mar 17 21:20 Temp.scr 55 Mar 17 21:20 WHVLXD.DAT Back to Links Back to Top GT Bot Britney Spears BRITNEYSPEAR.scr File 1.0M BRITNEYSPEARS.SCR File 59k GATES.TXT File 24k MIRC2.INI File 38k PR.INI File 29k SYSTEM.EXE File 641k britneyspearss.exe File 1.9M remote.ini File 1k Already detected/ Folder - MIRC.INI File 27k MIRC3.INI File 17k TEMP.EXE File 436k TEMP.SCR File 15k TEMP2.EXE File 22k WHVLXD.EXE File 24k Back to Links Back to Top GT Bot CC Cracker & Verify SIZE DATE NAME 635647 Mar 17 21:20 BOT.EXE 108 Mar 17 21:20 ICMP.VBS 27684 Mar 17 21:20 MIRC.INI 17733 Mar 17 21:20 MIRC3.INI 90112 Mar 17 21:20 MOO.DLL 41222 Mar 17 21:20 Mirc2.ini 103 Mar 17 21:20 PEPSI.VBS 29917 Mar 17 21:20 PR.INI 1497 Mar 17 21:20 REMOTE.INI 446464 Mar 17 21:20 TEMP.EXE 22016 Mar 17 21:20 TEMP2.EXE 73303 Mar 17 21:20 Temp.scr 55 Mar 17 21:20 WHVLXD.DAT Back to Links Back to Top GT Bot China1 SIZE DATE NAME 26060 Mar 17 21:20 gates.txt 27845 Mar 17 21:20 mirc.ini 39810 Mar 17 21:20 mirc2.ini 18493 Mar 17 21:20 mirc3.ini 90112 Mar 17 21:20 moo.dll 29961 Mar 17 21:20 pr.ini 298 Mar 17 21:20 remote.ini 745927 Mar 17 21:20 setup.exe 446464 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot Cleaner New SIZE DATE NAME 728560 Mar 17 21:20 Cleanernew.exe 60736 Mar 17 21:20 FATSYS.INI 46052 Mar 17 21:20 MIRC.INI 47127 Mar 17 21:20 MSNDLL.DLL 11776 Mar 17 21:20 MSNINI.DLL 14976 Mar 17 21:20 RB.EXE 22016 Mar 17 21:20 SYSCHECK.EXE 610304 Mar 17 21:20 WSYSTEM.EXE 310 Mar 17 21:20 remote.ini Back to Links Back to Top GT Bot Cleaner11 SIZE DATE NAME 59 Mar 17 21:20 WHVLXD.DAT 8192 Mar 17 21:20 WHVLXD.exe 0 Mar 17 21:20 accessed.txt 591637 Mar 17 21:20 cleaner.11.exe 24448 Mar 17 21:20 gates.txt 18786 Mar 17 21:20 inf3.ini 27955 Mar 17 21:20 mirc.ini 30066 Mar 17 21:20 pr.ini 127 Mar 17 21:20 remote.ini 446464 Mar 17 21:20 settings.exe 8072 Mar 17 21:20 stat4.ini 66612 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe 29508 Mar 17 21:20 vxd2.ini Back to Links Back to Top GT Bot Com Igmp.exe File 9k WHVLXD.DAT File 1k WHVLXD.exe File 8k download/ Folder - icmp.vbs File 1k igmp.vbs File 1k inf3.ini File 23k mirc.......ini File 27k mirc.ini File 30k moo.dll File 88k moodll.mrc File 2k pepsi.exe File 12k pepsi.vbs File 1k pr.ini File 21k remote.ini File 1k settings.exe File 589k stat4.ini File 14k temp.scr File 65k temp2.exe File 22k vxd2.ini File 29k Back to Links Back to Top GT Bot Aurora.d Folders added: 1 ---------------- c:\WINDOWS\SYSTEM\download Files added: 13 --------------- c:\WINDOWS\SYSTEM\auth.ini Date: 6/29/2002 2:12 AM Size: 64 bytes c:\WINDOWS\SYSTEM\cisco.ini Date: 6/29/2002 2:13 AM Size: 5,320 bytes c:\WINDOWS\SYSTEM\Explored.exe Date: 6/29/2002 7:08 PM Size: 1,644,032 bytes c:\WINDOWS\SYSTEM\externet Date: 7/1/2002 4:39 PM Size: 17,653 bytes c:\WINDOWS\SYSTEM\mirc.GID Date: 6/28/2002 11:10 PM Size: 29,132 bytes c:\WINDOWS\SYSTEM\mirc.ini Date: 6/1/2002 4:52 PM Size: 2,781 bytes c:\WINDOWS\SYSTEM\moo.dll Date: 6/10/2002 1:41 AM Size: 106,496 bytes c:\WINDOWS\SYSTEM\remote.ini Date: 6/1/2002 4:52 PM Size: 1,315 bytes c:\WINDOWS\SYSTEM\settings.ini Date: 6/1/2002 4:52 PM Size: 146 bytes c:\WINDOWS\SYSTEM\temp2.exe Date: 2/20/2001 8:21 PM Size: 22,016 bytes c:\WINDOWS\SYSTEM\web.txt Date: 7/1/2002 3:50 PM Size: 13,768 bytes c:\WINDOWS\SYSTEM\WHVLXD.dat Date: 6/29/2002 12:08 PM Size: 59 bytes c:\WINDOWS\SYSTEM\WHVLXD.EXE Date: 2/20/2001 8:22 PM Size: 24,576 bytes Registry ******** Keys ignored: 0 --------------- * (none) Values added: 2 --------------- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACNGU:T:\czvep\qbjaybnq\HapnUryy GbFraq\perqvg-purpxre.rkr" Type: REG_BINARY Data: 62, 00, 00, 00, 06, 00, 00, 00, C0, 30, 91, 05, BF, 09, C2, 01 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WHVLXD" Type: REG_SZ Data: C:\WINDOWS\SYSTEM\WHVLXD.exe Back to Links Back to Top GT Bot Bachir 13/10/2002 06:37 PM 930,068 Britney_spears_SS.exe 13/10/2002 06:44 PM 2,982 download.ini 13/10/2002 06:44 PM 116 ie6.dat 13/10/2002 06:44 PM 2,830 mirc.ini 13/10/2002 06:44 PM 106,496 moo.dll 13/10/2002 06:44 PM 219 remote.ini 13/10/2002 06:44 PM 59 WHVLXD.dat 13/10/2002 06:44 PM 20,257 WHVLXD.EXE 13/10/2002 06:44 PM 445 winboot.bin 13/10/2002 06:44 PM 3,172 wincfg 13/10/2002 06:44 PM 30 winconf.dat 13/10/2002 06:44 PM 12,685 winconf.mrc 13/10/2002 06:44 PM 586,752 Explored.exe 13/10/2002 06:44 PM 22,016 kernel33.exe Back to Links Back to Top GT Bot Bachir.a 13/10/2002 06:28 PM 2,982 download.ini 13/10/2002 06:29 PM 586,752 Explored.exe 13/10/2002 06:29 PM 116 ie6.dat 13/10/2002 06:30 PM 22,016 kernel33.exe 13/10/2002 06:33 PM 930,068 Microsoft.exe 13/10/2002 06:33 PM 2,830 mirc.ini 13/10/2002 06:33 PM 106,496 moo.dll 13/10/2002 06:33 PM 219 remote.ini 13/10/2002 06:33 PM 59 WHVLXD.dat 13/10/2002 06:33 PM 20,257 WHVLXD.EXE 13/10/2002 06:33 PM 445 winboot.bin 13/10/2002 06:33 PM 3,172 wincfg 13/10/2002 06:33 PM 12,685 winconf.mrc 13/10/2002 06:33 PM 30 winconf.dat Back to Links Back to Top GT Bot DALNet Cleaner SIZE DATE NAME 544233 Mar 17 21:20 DALNetCleaner.exe 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 29908 Mar 17 21:20 br10002.ocx 24720 Mar 17 21:20 gates.txt 27845 Mar 17 21:20 mirc.ini 74 Mar 17 21:20 remote.ini 446464 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe 38500 Mar 17 21:20 var200x.ocx 31953 Mar 17 21:20 voodoo102.ocx 35444 Mar 17 21:20 winupdate0232.ocx Back to Links Back to Top GT Bot DMSSetup-remover SIZE DATE NAME 582151 Mar 17 21:20 DMSsetup-remover.exe 17733 Mar 17 21:20 MIRC3.INI 41570 Mar 17 21:20 Mirc2.ini 29856 Mar 17 21:20 PR.INI 446464 Mar 17 21:20 TEMP.EXE 22016 Mar 17 21:20 TEMP2.EXE 73303 Mar 17 21:20 Temp.scr 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 108 Mar 17 21:20 icmp.vbs 27689 Mar 17 21:20 mirc.ini 90112 Mar 17 21:20 moo.dll 12288 Mar 17 21:20 pepsi.exe 103 Mar 17 21:20 pepsi.vbs 1511 Mar 17 21:20 remote.ini Back to Links Back to Top GT Bot Dimension Modified SIZE DATE NAME 17665 Mar 17 21:19 8yrOldGangRape.MPG.zip 14673 Mar 17 21:19 MIRC.INI 7024 Mar 17 21:19 MIRC2.INI 0 Mar 17 21:19 New Text Document.txt 22337 Mar 17 21:19 PR.INI 169 Mar 17 21:19 dccsend.mrc 124 Mar 17 21:19 files.txt 3099 Mar 17 21:19 niks.txt 2560 Mar 17 21:19 reg.exe 100 Mar 17 21:19 remote.ini 1788 Mar 17 21:19 script.ini 65 Mar 17 21:19 servers.ini 22016 Mar 17 21:19 something.exe 754 Mar 17 21:19 spam.txt 217 Mar 17 21:19 startup.vbs 136 Mar 17 21:19 target.txt 1339392 Mar 17 21:19 win32.exe 36352 Mar 17 21:19 zzz.dll Back to Links Back to Top GT Bot Dropper SpeedUp 2.3b speedup2_3b.exe Back to Links Back to Top GT Bot Dropper.a application.exe Back to Links Back to Top GT Bot Er3580mGe SIZE DATE NAME 24720 Mar 17 21:20 gates.txt 595274 Mar 17 21:20 gtsetup.exe 27853 Mar 17 21:20 mirc.ini 39872 Mar 17 21:20 mirc2.ini 17529 Mar 17 21:20 mirc3.ini 90112 Mar 17 21:20 moo.dll 29928 Mar 17 21:20 pr.ini 310 Mar 17 21:20 remote.ini 446464 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot FTP Finder SIZE DATE NAME 52 Mar 17 21:20 DIIrun.DAT 24576 Mar 17 21:20 DIIrun.EXE 566556 Mar 17 21:20 ftpsitefinder.exe 24720 Mar 17 21:20 gate.txt 39002 Mar 17 21:20 mic2.ini 17721 Mar 17 21:20 mic3.ini 27739 Mar 17 21:20 mirc.ini 29569 Mar 17 21:20 p.ini 694 Mar 17 21:20 rem0te.ini 446464 Mar 17 21:20 s.EXE 15045 Mar 17 21:20 s.scr 22016 Mar 17 21:20 s2.exe Back to Links Back to Top GT Bot Fake AV Setup SIZE DATE NAME 17784 Mar 17 21:20 MIRC3.INI 41224 Mar 17 21:20 Mirc2.ini 29848 Mar 17 21:20 PR.INI 446464 Mar 17 21:20 TEMP.EXE 22016 Mar 17 21:20 TEMP2.EXE 73303 Mar 17 21:20 Temp.scr 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 108 Mar 17 21:20 icmp.vbs 27641 Mar 17 21:20 mirc.ini 90112 Mar 17 21:20 moo.dll 12288 Mar 17 21:20 pepsi.exe 103 Mar 17 21:20 pepsi.vbs 1509 Mar 17 21:20 remote.ini 628858 Mar 17 21:20 setup.exe Back to Links Back to Top GT Bot Fake Cleaner Cleaner.exe File 624k MIRC3.INI File 17k Mirc2.ini File 40k PR.INI File 29k TEMP.EXE File 436k TEMP2.EXE File 22k Temp.scr File 72k WHVLXD.DAT File 1k WHVLXD.EXE File 24k icmp.vbs File 1k mirc.ini File 27k moo.dll File 88k pepsi.exe File 12k pepsi.vbs File 1k remote.ini File 2k Back to Links Back to Top GT Bot Fake Cleaner1.4.1 SIZE DATE NAME 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 559284 Mar 17 21:20 cleaner14.1.exe 37 Mar 17 21:20 fserver.txt 28179 Mar 17 21:20 mirc.ini 39821 Mar 17 21:20 mirc2.ini 17504 Mar 17 21:20 mirc3.ini 90112 Mar 17 21:20 moo.dll 29680 Mar 17 21:20 pr.ini 283 Mar 17 21:20 remote.ini 51 Mar 17 21:20 servers.ini 446464 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot Fake Cleaner3.2 SIZE DATE NAME 26060 Mar 17 21:20 gates.txt 27845 Mar 17 21:20 mirc.ini 39810 Mar 17 21:20 mirc2.ini 18493 Mar 17 21:20 mirc3.ini 90112 Mar 17 21:20 moo.dll 29961 Mar 17 21:20 pr.ini 298 Mar 17 21:20 remote.ini 745927 Mar 17 21:20 setup.exe 446464 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot Fake Cleaner4.1 SIZE DATE NAME 610443 Mar 17 21:20 Unpackedcleaner4.1.exe 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 559243 Mar 17 21:20 cleaner4.1.exe 37 Mar 17 21:20 fserver.txt 28122 Mar 17 21:20 mirc.ini 39821 Mar 17 21:20 mirc2.ini 17504 Mar 17 21:20 mirc3.ini 90112 Mar 17 21:20 moo.dll 29680 Mar 17 21:20 pr.ini 283 Mar 17 21:20 remote.ini 51 Mar 17 21:20 servers.ini 446464 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot Fake Modem Uncap SIZE DATE NAME 52 Mar 17 21:20 DIIrun.DAT 24576 Mar 17 21:20 DIIrun.EXE 24720 Mar 17 21:20 gate.txt 39002 Mar 17 21:20 mic2.ini 17721 Mar 17 21:20 mic3.ini 27740 Mar 17 21:20 mirc.ini 566539 Mar 17 21:20 modemuncaper.exe 29567 Mar 17 21:20 p.ini 694 Mar 17 21:20 rem0te.ini 446464 Mar 17 21:20 s.EXE 15045 Mar 17 21:20 s.scr 22016 Mar 17 21:20 s2.exe Back to Links Back to Top GT Bot Fake NetBus Mailer SIZE DATE NAME 744167 Mar 17 21:20 Netbus.exe 29321 Mar 17 21:20 ODBC.ocx 4944 Mar 17 21:20 control.dat 8889 Mar 17 21:20 dpvsetup.dat 3073 Mar 17 21:20 mirc.ini 305 Mar 17 21:20 remote.ini 12133 Mar 17 21:20 twain36.dat 18231 Mar 17 21:20 twunk_32.dat 446464 Mar 17 21:20 winipcnfg.exe Back to Links Back to Top GT Bot Fake Norton AntiVirus GATES.TXT File 24k MIRC.INI File 27k MIRC2.INI File 38k MIRC3.INI File 17k Norten.zip File 484k PR.INI File 29k REMOTE.INI File 1k TEMP.EXE File 436k TEMP.SCR File 15k TEMP2.EXE File 22k WHVLXD.EXE File 24k Back to Links Back to Top GT Bot Fake Trojan Remover SIZE DATE NAME 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 24720 Mar 17 21:20 gates.txt 27798 Mar 17 21:20 mirc.ini 39015 Mar 17 21:20 mirc2.ini 17733 Mar 17 21:20 mirc3.ini 29667 Mar 17 21:20 pr.ini 288 Mar 17 21:20 remote.ini 532840 Mar 17 21:20 remover.exe 446464 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot False Cleaner SIZE DATE NAME 26060 Mar 17 21:20 gates.txt 27845 Mar 17 21:20 mirc.ini 39810 Mar 17 21:20 mirc2.ini 18493 Mar 17 21:20 mirc3.ini 90112 Mar 17 21:20 moo.dll 29961 Mar 17 21:20 pr.ini 298 Mar 17 21:20 remote.ini 745927 Mar 17 21:20 setup.exe 446464 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot Free Bnc SIZE DATE NAME 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 532840 Mar 17 21:20 free_bnc.exe 24720 Mar 17 21:20 gates.txt 27798 Mar 17 21:20 mirc.ini 39015 Mar 17 21:20 mirc2.ini 17733 Mar 17 21:20 mirc3.ini 29667 Mar 17 21:20 pr.ini 288 Mar 17 21:20 remote.ini 446464 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot Frozen Bot SIZE DATE NAME 807369 May 28 23:45 Nohack Virus Scan2 Setup.exe 64 May 28 23:45 SystemCONF98i.dat 24576 May 28 23:45 SystemCONF98i.exe 60307 May 28 23:45 TrueSYS.zip 52539 May 28 23:44 all.exe 97 May 28 23:44 bug.vbs 0 May 28 23:44 bw98.cab 2487 May 28 23:44 flood.ini 108 May 28 23:44 icmp.vbs 4406 May 28 23:44 index.html 813 May 28 23:44 ircd.conf 266752 May 28 23:44 ircd.exe 55 May 28 23:44 ircd.motd 9 May 28 23:44 ircd.pid 22016 May 28 23:44 mannager98a.exe 11500 May 28 23:44 mirc.ini 90112 May 28 23:44 moo.dll 446464 May 28 23:45 newkernal982i.exe 12288 May 28 23:45 pepsi.exe 103 May 28 23:45 pepsi.vbs 55364 May 28 23:45 spNT.fat32 151 May 28 23:45 w98se.cab 47127 May 28 23:45 winddowslogs Back to Links Back to Top GT Bot Fuckaduck WHVLXD.DAT File 1k WHVLXD.EXE File 24k gates.txt File 24k mirc.ini File 27k mirc2.ini File 38k mirc3.ini File 17k pr.ini File 29k remote.ini File 1k script.ini File 13k temp.scr File 15k temp2.exe File 22k Back to Links Back to Top GT Bot GW-Flood SIZE DATE NAME 28800 Mar 17 21:19 Gw.jpg 1706 Mar 17 21:19 TMP2.$$$ 1708 Mar 17 21:19 TMP3.$$$ 28157 Mar 17 21:19 TMP4.$$$ 1704 Mar 17 21:19 TMP6.$$$ 55 Mar 17 21:19 WHVLXD.DAT 24576 Mar 17 21:19 WHVLXD.EXE 13719 Mar 17 21:19 flooder.ini 24720 Mar 17 21:19 gates.txt 28159 Mar 17 21:19 mirc.ini 39015 Mar 17 21:19 mirc2.ini 17733 Mar 17 21:19 mirc3.ini 4946 Mar 17 21:19 mirc32.ini 933 Mar 17 21:19 mlrc.ini 29856 Mar 17 21:19 pr.ini 384 Mar 17 21:19 read me or you wont get this to work!.rtf 1706 Mar 17 21:19 remote.ini 446464 Mar 17 21:19 temp.exe 15045 Mar 17 21:19 temp.scr 22016 Mar 17 21:19 temp2.exe Back to Links Back to Top GT Bot Gay Teens SIZE DATE NAME 55 Mar 17 21:20 ZDFJEW.DAT 24576 Mar 17 21:20 ZDFJEW.EXE 24720 Mar 17 21:20 gates.txt 876632 Mar 17 21:20 gay_teens.exe 27800 Mar 17 21:20 mirc.ini 39010 Mar 17 21:20 mirc2.ini 17714 Mar 17 21:20 mirc3.ini 29651 Mar 17 21:20 pr.ini 305 Mar 17 21:20 remote.ini 18 Mar 17 21:20 servers.txt 1682432 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot HideWindow file2.exe Back to Links Back to Top GT Bot HoneyPot SIZE DATE NAME 1016 Mar 17 21:19 accessed.txt 24448 Mar 17 21:19 gates.txt 28023 Mar 17 21:19 mirc.ini 29499 Mar 17 21:19 mirc2.ini 18946 Mar 17 21:19 mirc3.ini 4946 Mar 17 21:19 mirc32.ini 8057 Mar 17 21:19 mirc4.ini 933 Mar 17 21:19 mlrc.ini 30224 Mar 17 21:19 pr.ini 94 Mar 17 21:19 remote.ini 4429 Mar 17 21:19 script1.ini 446464 Mar 17 21:19 temp.exe 17386 Mar 17 21:19 temp.scr 53248 Mar 17 21:19 temp2.exe 307 Mar 17 21:19 wrnet.txt Back to Links Back to Top GT Bot Internet Booster SIZE DATE NAME 55 Mar 17 21:20 ZDFJEW.DAT 24576 Mar 17 21:20 ZDFJEW.EXE 24720 Mar 17 21:20 gates.txt 876632 Mar 17 21:20 internetbooster.exe 27800 Mar 17 21:20 mirc.ini 39010 Mar 17 21:20 mirc2.ini 17714 Mar 17 21:20 mirc3.ini 29651 Mar 17 21:20 pr.ini 305 Mar 17 21:20 remote.ini 18 Mar 17 21:20 servers.txt 1682432 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot JONBlaze SIZE DATE NAME 22016 Mar 17 21:20 Temp2.exe 4554 Mar 17 21:20 http.ini 2231 Mar 17 21:20 key.txt 12884 Mar 17 21:20 mirc.ini 18561 Mar 17 21:20 mirc3.ini 90112 Mar 17 21:20 moo.dll 589708 Mar 17 21:20 s1etup.exe 30572 Mar 17 21:20 script.ini 452608 Mar 17 21:20 system.exe 7081 Mar 17 21:20 temp.scr Back to Links Back to Top GT Bot Kokorecci MIRC.INI File 3k MSVBVM60.DLL File 1.3M alias1.ini File 1k aliases.ini File 1k dalnet.txt File 304k mirc.exe File 1.5M popups.ini File 1k reklam.txt File 1k remote.ini File 1k script.ini File 3k script1.ini File 1k sex.exe File 60k sys.hta File 1k system.exe File 20k tray.ico File 1k xxvideo.exe File 1.9M download/ Folder - Back to Links Back to Top GT Bot Link MIRC3.INI File 17k TEMP2.EXE File 22k Temp.scr File 72k WHVLXD.DAT File 1k WHVLXD.EXE File 24k cleaner.exe File 617k icmp.vbs File 1k igmp.vbs File 1k mirc.ini File 27k mirc2.ini File 40k moo.dll File 88k pepsi.exe File 12k pepsi.vbs File 1k pr.ini File 30k remote.ini File 4k share.vbs File 1k temp.exe File 436k Back to Links Back to Top GT Bot Movie1 ARIAL COM 443,392 04/06/02 12:50p arial.com CN EXE 26,929 07/06/02 12:50a cn.exe COMAND EXE 28,441 23/05/02 12:15a comand.exe FONTER EXE 28,934 23/05/02 12:18a fonter.exe FONTI EXE 11,889 10/05/02 1:45a fonti.exe TIMEFUCK EXE 8,465 12/05/02 2:50p timefuck.exe VARDE EXE 137 23/05/02 12:32a varde.exe MIRC INI 3,634 23/05/02 12:32a mirc.ini SYSTEM COM 40,960 25/04/99 10:48p system.com WAV EXE 23 23/05/02 12:01a wav.exe ARIALF~1 EXE 61,952 23/05/02 12:11a arialfont.exe ARIALI EXE 23,011 07/06/02 1:29a ariali.exe C:\windows\fonts\fonts> Back to Links Back to Top GT Bot Mine SXF GATES.TXT WHVLXD.DAT MIRC.INI detected by Trend antivirus as IRC_GTMINE_INI MIRC2.INI detected by Trend antivirus as IRC_GTMINE_INI2 MIRC3.INI detected by Trend antivirus as IRC_GTMINE_INI3 PR.INI detected by Trend antivirus as IRC_GTMINE_PR TEMP.EXE TEMP.SCR TEMP2.EXE WHVLXD.EXE detected by Trend antivirus as TROJ_GTMINE REMOTE.INI It creates the following registry entry so that the Trojan executes upon system start up: HKLM\Software\Microsoft\CurrentVersion\Run\WHVLXD = %system%\WHVLXD.EXE GT Bot M Mimic Igmp.exe File 9k control.ini File 3k db.ini File 1k dccsend.mrc File 1k hehe.mrc File 1k mimic.txt File 5k mirc.ini File 3k moo.dll File 46k pepsi.exe File 12k reg.asm File 1k reg.exe File 3k reg.ini File 1k reg.obj File 1k remote.ini File 2k servers.ini File 1k temp.exe File 442k temp2.exe File 22k winini32.exe File 601k zzz.zzz File 32k Back to Links Back to Top GT Bot MC mimic CHEZZ.INI File 2k CONTROL.INI File 2k DB.INI File 1k DCCSEND.MRC File 1k DOWNLOAD/ Folder - HEHE.MRC File 1k ICMP.VBS File 1k IGMP.VBS File 1k IGNI.PIF File 8k INSTALL.PIF File 7k Igmp.exe File 9k MIMIC.EXE File 599k MIMIC.INI File 1k MIMIC.TXT File 4k MIRC.INI File 3k PEPSI.EXE File 12k PEPSI.VBS File 1k REMOTE.INI File 1k SERVERS.INI File 1k hellfirezngt.ini File 12k Back to Links Back to Top GT Bot Microsoft Gg.bat Seced.bat - Hiding Application. Nt32.ini - Mirc.ini replacement. Ocxdll.exe - Renamed and hex edited mirc32.exe binary. Psexec - Script in plain text. Ws_ftp - Script in plain text. Flashfxp - Script in plain text. Gates.txt - List of wingates to load flood clones. Back to Links Back to Top GT Bot Napster2 MIRC.INI File 27k MIRC2.INI File 29k MIRC3.INI File 19k MIRC4.INI File 8k PR.INI File 21k SCRIPT.INI File 4k SCRIPT1.INI File 4k SCRIPT2.INI File 1k TEMP.EXE File 436k TEMP.SCR File 15k TEMP2.EXE File 22k WHVLXD.DAT File 1k WHVLXD.EXE File 24k accessed.txt File 0k gates.txt File 24k remote.ini File 1k Back to Links Back to Top GT Bot NewDimension 8yrOldGangRape.MPG.zip File 17k IGMP.EXE File 5k YoMama.txt File 14k icmp.vbs File 1k igmp.vbs File 1k info.vbs File 1k info.x File 1k mastercommands.txt File 4k mirc.ini File 14k mirc2.ini File 7k pepsi.exe File 7k pr.ini File 22k re.exe File 15k remote.ini File 1k script.ini File 9k special.ini File 3k startup.vbs File 1k temp.exe File 436k temp2.exe File 22k Back to Links Back to Top GT Bot News Servers.txt File 1k Temp.scr File 46k Temp2.exe File 22k Tight.txt File 73k addrbk.ini File 0k mirc.ini File 39k mirc3.ini File 28k script.ini File 1k undelete.exe File 436k download/ Folder - logs/ Folder - sounds/ Folder - Back to Links Back to Top GT Bot Nohack NoHack.exe File 42k WHVLXD.DAT File 1k WHVLXD.exe File 8k bot.exe File 1.1M inf3.ini File 18k mirc.ini File 27k pr.ini File 29k remote.ini File 1k settings.exe File 436k stat4.ini File 8k temp.scr File 65k temp2.exe File 22k vxd2.ini File 29k download/ Folder - Back to Links Back to Top GT Bot NuSpam MIRC.INI File 2k MSVBVM60.DLL File 1.3M alias1.ini File 1k aliases.ini File 1k dalnet.txt File 14k mirc.exe File 1.2M nick.txt File 1k popups.ini File 1k remote.ini File 1k script.ini File 3k script1.ini File 1k script2.ini File 1k script3.ini File 1k script4.ini File 1k system.exe File 20k download/ Folder - Back to Links Back to Top GT Bot OThree Fonts.bat File 1k Fonts.fnt File 436k Fonts.reg File 1k Fonts.vbs File 1k Protect.reg File 1k YoMama.txt File 16k a.basic.ini File 30k a.basic2.ini File 6k a.scanclone.ini File 30k basic.fnt File 3k dos.ini File 4k igmp.exe File 5k pepsi.exe File 7k r.basic.ini File 15k r.scanclone.ini File 10k remote.ini File 1k restart.lnk File 1k servers.ini File 1k shit.fnt File 1k shut.lnk File 1k slave.fnt File 9k startup.vbs File 1k sub7.ini File 9k upyes.fnt File 15k zzz.fnt File 26k Back to Links Back to Top GT Bot Patchit nPatch-IT.exe File 892k serial.txt File 1k {F7146Q0-31EGD-1Q5-8AE11-F08295EE} Folder - dist.ocx File 6k krypt.dll File 94k mirc.ini File 12k mscdi.ins File 1k mscdi.ocx File 107k msocx.dll File 46k rb.exe File 31k script.ini File 1k syschk.exe File 91k wSys.exe File 435k download/ Folder - Back to Links Back to Top GT Bot PhornoScript SIZE DATE NAME 198 Mar 17 21:20 ALIASES.INI 2327 Mar 17 21:20 CONTROL.INI 3290 Mar 17 21:20 FLOOD.TXT 11191 Mar 17 21:20 FULLNAME.TXT 2857 Mar 17 21:20 MIRC.INI 7036 Mar 17 21:20 NICKS.TXT 1679872 Mar 17 21:20 PHORNO.EXE 853819 Mar 17 21:20 PhornoScript.exe 515 Mar 17 21:20 REMOTE.INI 18733 Mar 17 21:20 SCRIPT.TXT 58 Mar 17 21:20 SECRET.ICO 2436 Mar 17 21:20 SERVERS.INI 1684 Mar 17 21:20 START.INI 37600 Mar 17 21:20 Uninstal.exe Back to Links Back to Top GT Bot Porn Zip SIZE DATE NAME 115760 Mar 17 21:20 HotSex.exe 650381 Mar 17 21:20 Porn.exe 643414 Mar 17 21:20 Porn.zip 875 Mar 17 21:20 aliases.ini 73000 Mar 17 21:20 dalnet.txt 169 Mar 17 21:20 dccsend.mrc 10 Mar 17 21:20 files.txt 2946 Mar 17 21:20 mirc.ini 2340 Mar 17 21:20 niks.txt 53 Mar 17 21:20 servers.ini 22016 Mar 17 21:20 something.exe 122 Mar 17 21:20 spam.txt 27 Mar 17 21:20 target.txt 1339392 Mar 17 21:20 win32.exe 36352 Mar 17 21:20 zzz.zzz Back to Links Back to Top GT Bot Q8 Dragons SIZE DATE NAME 3281 Mar 17 21:20 Asycfiit.com 565480 Mar 17 21:20 BinLaden.mpg.exe 443392 Mar 17 21:20 Cmmgr32.com 20480 Mar 17 21:20 User33.com 77190 Mar 17 21:20 adspack.exe 14976 Mar 17 21:20 forcad.exe 30185 Mar 17 21:20 psys.dll 596 Mar 17 21:20 uslscan.com Back to Links Back to Top GT Bot Quench SIZE DATE NAME 26060 Mar 17 21:20 gates.txt 27845 Mar 17 21:20 mirc.ini 39810 Mar 17 21:20 mirc2.ini 18493 Mar 17 21:20 mirc3.ini 90112 Mar 17 21:20 moo.dll 29961 Mar 17 21:20 pr.ini 298 Mar 17 21:20 remote.ini 745927 Mar 17 21:20 setup.exe 446464 Mar 17 21:20 temp.exe 15045 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot QuickSilver SIZE DATE NAME 656454 Mar 17 21:20 Quick-Silver-Set-Up.exe 59 Mar 17 21:20 WHVLXD.DAT 8192 Mar 17 21:20 WHVLXD.exe 102 Mar 17 21:20 accessed.txt 24448 Mar 17 21:20 gates.txt 18786 Mar 17 21:20 inf3.ini 27522 Mar 17 21:20 mirc.ini 30114 Mar 17 21:20 pr.ini 121 Mar 17 21:20 remote.ini 446464 Mar 17 21:20 settings.exe 8073 Mar 17 21:20 stat4.ini 29508 Mar 17 21:20 vxd2.ini Back to Links Back to Top Bot RAR Corrupt SIZE DATE NAME 736383 Mar 17 21:20 gt.rar Back to Links Back to Top GT Bot Redcode SIZE DATE NAME 22016 Mar 17 21:20 Temp2.exe 55 Mar 17 21:20 Whvlxd.dat 24576 Mar 17 21:20 Whvlxd.exe 25786 Mar 17 21:20 gates.txt 108 Mar 17 21:20 icmp.vbs 28080 Mar 17 21:20 mirc.ini 29526 Mar 17 21:20 mirc2.ini 18559 Mar 17 21:20 mirc3.ini 11999 Mar 17 21:20 mirc4.ini 90112 Mar 17 21:20 moo.dll 12288 Mar 17 21:20 pepsi.exe 103 Mar 17 21:20 pepsi.vbs 30038 Mar 17 21:20 pr.ini 135 Mar 17 21:20 readme.txt 613888 Mar 17 21:20 redcodesetup.exe 13 Mar 17 21:20 remote.ini 4429 Mar 17 21:20 script1.ini 446464 Mar 17 21:20 temp.exe 17386 Mar 17 21:20 temp.scr Back to Links Back to Top GT Bot ScourExchange BACKUP.zip File 1.0M EXPL32.EXE File 580k EXPLORER.SCR File 17k MIRC.INI File 3k Remove.bat File 1k ScourExchange.lnk File 1k ScourExchangeSetup.EXE File 472k ScourExchangeSetupor..> File 1.3M explorer2.exe File 22k remote.ini File 1k scourexchange gt bot.zip File 3.7M script.ini File 1k script1.ini File 2k sget10-blue.bmp File 1k sget10.mrc File 15k worms!.zip File 146k worms!/ Folder - BACKGROU.BMP File 12k SWITCHBA.BMP File 5k background.bmp File 12k buttons.bmp File 28k status.jpg File 58k switchbar.bmp File 5k toolbar.jpg File 95k worms.thm Back to Links Back to Top GT Bot Sexpics-Ritzz DropperPorn.exe File 635k HotSex.exe File 113k Install.exe File 96k TMP2.$$$ File 1k aliases.ini File 1k dalnet.txt File 71k dccsend.mrc File 1k files.txt File 1k mirc.ini File 3k niks.txt File 2k outlookhelp.vbs File 1k script.ini File 1k servers.ini File 1k something.exe File 22k spam.txt File 1k target.txt File 1k win32.exe File 1.3M winhlp.exe File 96k zzz.zzz File 36k Back to Links Back to Top GT Bot Sexy Sexy.exe File mirc.ini File 11k os1.exe File 20k os1.txt File 1k os2.exe File 433k os2.ini File 1k os2.scr File 46k os2.txt File 76k rb.exe File 15k download/ Folder - Back to Links Back to Top GT Bot Share Spread Drivers/ Folder iserver.bat File 1k Microsoft batch file wserver.exe File 907k setup.exe (original name) Winnt/ Folder system32/ Folder aliases.ini File 1k modified aliases mIRC file bnc.mrc File 4k mIRC script cscan.dat File 3k mIRC script download.ini File 4k config file Explored.exe File 534k mIRC program (Packed with UPX) ie6.dat File 1k config file (server and channel info) Infect217.121.100.126.vbs File 1k visual basic script kernel33.exe File 22k Hide Window program (Packed with UPX) mirc.ini File 3k config file moo.dll File 104k mIRC extension file (Modified) PipeCmdSrv.exe File 16k server application remote.ini File 1k config file share.bat File 1k Microsoft batch file share.dat File 4k mIRC script skill.vxd File 1k share.bat text file webget.mrc File 3k mIRC script winboot.bin File 1k wincfg text file wincfg File 4k mIRC script winconf.dat File 1k winconf.mrc text file winconf.mrc File 15k mIRC script Back to Links Back to Top GT Bot Speed SIZE DATE NAME 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 24720 Mar 17 21:20 gates.txt 28137 Mar 17 21:20 mirc.ini 34991 Mar 17 21:20 mirc2.ini 17972 Mar 17 21:20 mirc3.ini 29860 Mar 17 21:20 pr.ini 340 Mar 17 21:20 remote.ini 87 Mar 17 21:20 servers.ini 543799 Mar 17 21:20 speed.exe 446464 Mar 17 21:20 temp.exe 40838 Mar 17 21:20 temp.scr 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot TheBoo03 mirc.ini file 25k moveis.exe file 651k pt file 1k remote.ini file 1k temp2.exe file 20k temp.scr file 47k win.bat file 24k win.exe file 540k download folder - Back to Links Back to Top GT Bot Tweak exe Bnc.inf File 7k Bnc.ini File 1k Mirc2.ini File 32k Mirc3.ini File 13k Mirc4.ini File 29k Moo.dll File 84k Syschk.exe File 103k Temp.scr File 17k bind.ini File 5k mirc.ini File 18k pr.ini File 34k remote.ini File 1k tweak.exe File 1.3M winupdate.exe File 1.6M Back to Links Back to Top GT Bot Uncapper IRC DDOS VSF EXPL32.EXE File 580k EXPLORER.scr File 46k explorer2.exe File 22k gtupdatesetup.exe File 968k mirc.ini File 3k remote.ini File 1k scanner.mrc File 7k script.ini File 61k script1.ini File 10k script2.ini File 2k script3.ini File 2k uncapper.exe File 48k uninstal.log File 2k updater.ini File 4k Back to Links Back to Top GT Bot Virus-Cleaner SIZE DATE NAME 2238 Mar 17 21:20 Fstats.ico 610304 Mar 17 21:20 Settings.exe 729705 Mar 17 21:20 Virus-Cleaner.exe 59 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 65725 Mar 17 21:20 fatsys.ini 24720 Mar 17 21:20 gates.txt 2574 Mar 17 21:20 mirc.ini 28424 Mar 17 21:20 msdossettings.ini 22016 Mar 17 21:20 msnhlp32.exe 11776 Mar 17 21:20 msnini.dll 54774 Mar 17 21:20 namesserver.ini 14976 Mar 17 21:20 rb.exe 88 Mar 17 21:20 remote.ini 47129 Mar 17 21:20 tempsettings.scr Back to Links Back to Top GT Bot WarezSearch WHVLXD.DAT File 1k WHVLXD.EXE File 24k Warez_SearchV6.exe File 509k Warez_SearchV6unpacked.exe File 526k gates.txt File 24k mirc.ini File 27k mirc2.ini File 38k mirc3.ini File 17k pr.ini File 29k remote.ini File 1k temp.exe File 436k temp.scr File 15k temp2.exe File 22k win.ini File 1k Back to Links Back to Top GT Bot Winbooster times_new_roman/ Folder - WinBooster.exe File 657k accessed.txt File 1k mirc.ini File 27k mirc2.ini File 26k mirc3.ini File 19k mirc4.ini File 7k pr.ini File 26k remote.ini File 1k temp.exe File 436k temp.scr File 17k temp2.exe File 22k Back to Links Back to Top GT Bot Windows Update WHVLXD.DAT file 1k WHVLXD.EXE file 24k mirc.ini file 28k mirc2.ini file 34k mirc3.ini file 18k pr.ini file 29k remote.ini file 1k servers.ini file 1k temp.exe file 436k temp.scr file 15k temp2.exe file 22k windowsupdater.exe file 511k Back to Links Back to Top GT Bot X tr8 win.ini File 1k windows.zip File 709k fonts/ Folder - MIRC.INI File 3k alias1.ini File 1k aliases.ini File 1k arial.exe File 1.5M dalnet.txt File 11k download/ Folder - popups.ini File 1k reklam.txt File 1k remote.ini File 2k script.ini File 3k script1.ini File 1k server.txt File 1k tray.ico File 1k Back to Links Back to Top GT Bot XXX SIZE DATE NAME 2620 Mar 17 21:20 Dalnet1.txt 20480 Mar 17 21:20 WINSOK.exe 676677 Mar 17 21:20 XXX.exe 563993 Mar 17 21:20 cleaner4.zip 2707 Mar 17 21:20 inviter.ini 2639 Mar 17 21:20 mirc.ini 42 Mar 17 21:20 msg.txt 9730 Mar 17 21:20 ok.ini 5841 Mar 17 21:20 ok2.ini 23030 Mar 17 21:20 scripti2.ini 21 Mar 17 21:20 serv20.txt 45 Mar 17 21:20 servers.ini 446464 Mar 17 21:20 settings.exe 17810 Mar 17 21:20 src.txt 26928 Mar 17 21:20 wendows.ini 26319 Mar 17 21:20 wendows2.ini 22016 Mar 17 21:20 temp2.exe Back to Links Back to Top GT Bot Z0ne SIZE DATE NAME 580985 Mar 17 21:20 11SETUP.EXE 17470 Mar 17 21:20 INF3.INI 27690 Mar 17 21:20 MIRC.INI 29906 Mar 17 21:20 PR.INI 72 Mar 17 21:20 REMOTE.INI 446464 Mar 17 21:20 SETTINGS.EXE 8072 Mar 17 21:20 STAT4.INI 66612 Mar 17 21:20 TEMP.SCR 22016 Mar 17 21:20 TEMP2.EXE 29508 Mar 17 21:20 VXD2.INI 59 Mar 17 21:20 WHVLXD.DAT 8192 Mar 17 21:20 WHVLXD.EXE Back to Links Back to Top GT Bot _avi32 {F7146Q0-31EGD-1Q5-8AE11-S08FY295EE}/ Folder - dist.ocx File 6k krypt.dll File 94k mirc.ini File 12k mscdi.ins File 1k mscdi.ocx File 106k msocx.dll File 46k rb.exe File 31k script.ini File 1k syschk.exe File 91k wSys.exe File 435k download/ Folder - Back to Links Back to Top GT Bot baby-f-pic.jpg SIZE DATE NAME 17733 Mar 17 21:20 MIRC3.INI 41570 Mar 17 21:20 Mirc2.ini 29846 Mar 17 21:20 PR.INI 446464 Mar 17 21:20 TEMP.EXE 22016 Mar 17 21:20 TEMP2.EXE 73303 Mar 17 21:20 Temp.scr 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 580132 Mar 17 21:20 baby-f-pic.jpg.exe 108 Mar 17 21:20 icmp.vbs 27689 Mar 17 21:20 mirc.ini 90112 Mar 17 21:20 moo.dll 12288 Mar 17 21:20 pepsi.exe 103 Mar 17 21:20 pepsi.vbs 1514 Mar 17 21:20 remote.ini Back to Links Back to Top GT Bot cc-verify-and-cracker SIZE DATE NAME 17733 Mar 17 21:20 MIRC3.INI 41315 Mar 17 21:20 Mirc2.ini 29891 Mar 17 21:20 PR.INI 446464 Mar 17 21:20 TEMP.EXE 22016 Mar 17 21:20 TEMP2.EXE 73303 Mar 17 21:20 Temp.scr 55 Mar 17 21:20 WHVLXD.DAT 24576 Mar 17 21:20 WHVLXD.EXE 576001 Mar 17 21:20 cc-verify-and-cracker.exe 108 Mar 17 21:20 icmp.vbs 27695 Mar 17 21:20 mirc.ini 90112 Mar 17 21:20 moo.dll 12288 Mar 17 21:20 pepsi.exe 103 Mar 17 21:20 pepsi.vbs 1494 Mar 17 21:20 remote.ini Back to Links Back to Top GT Bot fake0cleanerbot Cleaner.exe File 42k Install.exe File 96k Setup.exe File 625k SYSTEM/ Folder - MIRC3.INI File 17k Mirc2.ini File 40k PR.INI File 29k TEMP.EXE File 436k TEMP2.EXE File 22k Temp.scr File 72k WHVLXD.DAT File 1k WHVLXD.EXE File 24k icmp.vbs File 1k mirc.ini File 55k moo.dll File 88k pepsi.exe File 12k pepsi.vbs File 1k remote.ini File 1k Back to Links Back to Top GT Bot morefakecleaner MIRC3.INI File 17k Mirc2.ini File 40k PR.INI File 29k Setup.exe File 625k TEMP.EXE File 436k TEMP2.EXE File 22k Temp.scr File 72k TheCleaner.exe File 42k WHVLXD.DAT File 1k WHVLXD.EXE File 24k icmp.vbs File 1k mirc.ini File 55k moo.dll File 88k pepsi.exe File 12k pepsi.vbs File 1k remote.ini File 1k Back to Links Back to Top GT Bot wSys Patchit.zip File 822k dist.ocx File 6k krypt.dll File 94k mirc.ini File 12k mscdi.ins File 1k mscdi.ocx File 108k msocx.dll File 46k rb.exe File 31k script.ini File 1k syschk.exe File 91k wSys.exe File 435k download/ Folder - Back to Links Back to Top GT Bot wSys32 Moo.dll File 84k Syschk.exe File 103k accessed.txt File 1k bind.ini File 1k bnc.inf File 6k bnc.ini File 1k gates.txt File 24k mirc.ini File 18k mirc2.ini File 29k mirc3.ini File 18k mirc4.ini File 32k pr.ini File 29k remote.ini File 1k temp.scr File 17k title.dll File 54k wSys32.exe File 1.6M Back to Links Back to Top GT Bot zSys32 zSys32(1).exe File 651k Back to Links Back to Top GT Bot 20139.txt File 1k GT Bot.a.exe File 22k GT Bot.b.scr File 15k GT Bot.c.ini File 27k GT Bot.d.ini File 38k GT Bot.e.ini File 17k GT Bot.f.ini File 29k WHVLXD.DAT File 1k gates.txt File 24k Back to Links Back to Top GT Spam Bot FreeXXXvideo_Dedector.exe File 60k MIRC.INI File 3k alias1.ini File 1k aliases.ini File 1k cracker.exe File 1.5M dalnet.txt File 203k download/ Folder - popups.ini File 1k reklam.txt File 1k remote.ini File 1k script.ini File 3k script1.ini File 1k spambot2.zip File 855k tray.ico File 1k Back to Links Back to Top GT bot Chezz 540/ Folder - Fonts.bat File 1k Fonts.fnt File 436k Fonts.reg File 1k Fonts.vbs File 1k IGMP.EXE File 5k Protect.reg File 1k YoMama.txt File 14k dos.ini File 2k info.vbs File 1k mirc.ini File 15k mirc2.ini File 6k pepsi.exe File 7k pr.ini File 24k remote.ini File 1k restart.lnk File 1k shut.lnk File 1k startup.vbs File 1k upyes.fnt File 15k zzz.fnt File 26k 541/ Folder - Fonts.bat File 1k Fonts.fnt File 436k Fonts.reg File 1k Fonts.vbs File 1k IGMP.EXE File 5k YoMama.txt File 14k dos.ini File 2k infload.fnt File 15k info.vbs File 1k mirc.ini File 14k mirc2.ini File 6k pepsi.exe File 7k pr.ini File 24k protect.reg File 1k remote.ini File 1k restart.lnk File 1k shut.lnk File 1k startup.vbs File 1k upyes.fnt File 15k Back to Links Back to Top Litmus 2.0 Irc DDOS Bot Registry ******** Keys ignored: 0 --------------- * (none) Values added: 2 --------------- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACNGU:P:\JVAQBJF\Qrfxgbc\j32-erzbiny.rkr" Type: REG_BINARY Data: 66, 00, 00, 00, 06, 00, 00, 00, 60, A5, 51, F3, 26, 0C, C2, 01 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "LTM2" Type: REG_SZ Data: C:\WINDOWS\litmus\MSGSRV32.exe ------------------------------------------------------------ Disk contents ************* Folders added: 1 ---------------- c:\WINDOWS\litmus Files added: 1 -------------- c:\WINDOWS\litmus\MSGSRV32.exe Date: 6/4/2002 6:19 PM Size: 36,384 bytes Back to Links Back to Top