I also am looking for a packer, commercial or not that will encrypt a file to be undetected but still work... found packers that keep the files undetected, but the damn exe gets corrupt. PM me some info, much appreciated

May I suggest an auto update feature, I can tell you how if you need (PM). This could be made to update infected hosts as well as clients.

hmm but because the settings are not saved in the registry or setting file of some sort.. just hex edit the bot after you adjusted it with the server.. @ the end you'll find the settings also pass etc..
Maybe an idea to use an little encryption method for the pass so only the one with the source code can deencrypt it or one who dissambles it.. but then again less people will be able to find the password etc..
Dunno if I am right.. just say if I made some mistakes above =)

Serhat

Its detected as "New P2P Worm" bei McAfee

New update m8's =)

No one wants to share of how to make the file undetected? : ( I tried a few packers, but they rendered the file useless in the process. Thanks

Doh!! thanks. ; )

Seems like there is a bug though on the scanning part , I was doing the -opx but when I did !showscan it dont show no -opx its showing something like -sql instead with different networks.

did aynone get it undetected meanwhile ?!

hope someone can help ....

You coud asc brian and asc if he can compile an undetected for you for a wery litle money!!!
send him pm....

All i know he sead he will be making undetected for a litle donations...if he gets many people that wants it!!

Hahaha charging money for making a exe undetectable.. thats (filtered) hilarious

quoted from BB

a new update again:

would this work for passed chans?

Brain if you want to port this to MSN as well then contact me and perhaps we can try something ?

I had maany request for how to use the bot with passworded channel:

here is a howto:

before executing the bot u have to create the channel and sett the password.
for example u set channel #foo with pw: bar .

Now u only have to type "foo bar" to the nick textbox and it will join #foo with pw bar.

--brainbuster

hi, man
good stuff very good tools!! man
Sincerely,
Shouizen

thanx for clearing that for me brainbuster

i got one more question do i need to put dfind in the comp to scan??

no

Does you bot support getting through a proxy? Some computers such as on a LAN can only connect to internet through proxies. How about automatically detecting the proxyserver and using it to connect to the IRC server.

I want to try it, but they're is no place to put my password's channel.....
How can I do ?


thanks for your help:) and sorry for my english


al'

if I am not mistaking you can just use in the channel box..
#yourchannel yourCHannel'sPassword

Serhat

ok , that's work thank you

I have an another question:
WHen you run the .exe made with the server builder.exe, the .exe place the real backdoor on the winDIR (C:\windows or C:\winNT\ ) , run the backdoor, and delete himself...
OK, but this isn't good , cause I cann't name my backdoor svchost.exe for example...
Can I take my backdoor on my winDIR and put on an another computer and run it ?


thanks for your help and sorry for my english :-S

al'

so nice dude

very happy thatyou make this

thx a lot

Damn , what a big great Bot , thx for your prog , I think it will find it very usefull

Get an Error m8....

downloaded 1.5.3 and unziped (4 files)

server builder
readme
COMDLG32.OCX
actskn4.ocx

and run the Server Builder exe and i get this error box

Run Time Error '339':
Component 'SCOMCTL.OCX' or one of its dependencies not correctly registered: a file is missing or invalid

and thats it not working

Any help....

Can you explain me how to do that pleaseeeeeee? ( i am noob )

have i to bind (in the in file binder of the bot) the file with a system file like lsass.exe, haven't I ?



tnx and soz 4 bad english

1.seems to be great great work
2.thx for sharing
3.make source open plz
4.does not work on win2k sp2 server
5.does not work on win2k sp4 professional
6.does not work on winXP sp2
7.need help will give details in a hour

i also get runtime errors which i was able to fix partly... but the bot does not connect to my test-irc network... i get an established connection via netstat but it doesn't come up to the channel...

the runtime bugs are very annoing... it would be very nice if you could fix this.

i always get

Runtime Error '7':
Out of memory

what does this mean? how can i fix it?

first of all... all my systems are german language... so as the authors ones i guess.

i was unhappy when your page (www.brainbot.de.vu) was downl last week and so euphoric yesterday when i was able
to download the bot start testing it... but then everything came other as i planed... :-/

i tested brainbot 1.5.3 and 1.5.1 on win2k professional with service pack 4 and on win2k server service pack 2
and got only those 2 error-messages which you can find pinned to this message as .gif's

win2k == win2k-professional-sp4-german.gif
win2k-server == win2k-server-sp2-german.gif

it seems everybody arround here is using xp hm? cause i am the first one who posted that
problem aren't i?

of course the bot's features read very well... but what does it use for me if it doesn't work?

it couldn't be the intention of the bot to run only if you install some runtimes before or?

would be very nice if you can fix this.


my suggesstions for some features which are missind:

- ftp server on custom port and not only 21
- ssl-support for connection into irc (if it is capable with visual basic(?))
- custom file which is uploaded to the hacked sql-server (maybe your own custom rootkit or whatever else)
- get it to work without the necessary of installing extra runtimes
- get it to work on win2kpro winkserver

PS:sorry maybe i am only to dump to use the bot correctly... but i've read the hole thread and somebody had the problem with "Runtime Error '5'" too which i habe unter 2k-server.


wouw! next problem....
now i started my winxp-sp2 and whenn i wanted to configure the a new bot i got the errorscreen you see in
winXP-sp2-german.gif

something about Run-Time Error '339' and a missing component MSCOMCTL.OCX ... ok i searched my win2k and hey i found it
and put it into the same directory as the "server builder.exe" and it seems to work... i am happy for holy
5 seconds... thats the time i needed to calm down and tried to start the server...

i switched to my vmware-win2k-pro-box with installed unreal-ird hopped into my mirc-window and awaited the bot...
nothing happend... *GRRR*

ok, restart *as i read here it solved someones prob and it solves so often a prob with windows*g*

after i was back i made a netstat... saw this:


Aktive Verbindungen

Proto Lokale Adresse Remoteadresse Status PID
TCP fuckup:1046 192.168.23.201:6667 HERGESTELLT 1588
[bootload.exe]

seems to be ok... but how can this be if 192.168.23.201 is my vmware machine which still hasn't booted cause i just rebootet my xp hostsytsem???
ok i startet vmware and went to the irc-server on the 2k-irc-server-testmachine... nothing there in #botnet *grrr*

i found out that the bot renames itself to bootload.exe and puts itself into the %systemroot% (in my case G:\WINDOWS) i also found a file in
%systemroot%/Prefetch/BOOTLOAD.EXE-18AA83C4.pf and i have no idea what it is and its just 20kb in size... seems to be a systemfile generated by xp for any executable you used?
i also found a bootstat.dat in the %systemroot% but there were
only special-chars in it... nothing to read

ok i killed the bootload.exe process and startet it again in the hope that it will now connect to my irc-server correctly
i did netstat again and got

TCP fuckup:1047 192.168.23.201:6667 HERGESTELLT 1588
[bootload.exe]

i went to the remote-machine to check the connection with netstat and got:

Aktive Verbindungen

Proto Lokale Adresse Remoteadresse Status
TCP win2kclient1:6667 FUCKUP:1047 HERGESTELLT

Seems as a connection has been clearly established doesn't it?????
Again NOTHING in my irc-chan... i am frustrated now... :/

ok, but i am not the kinda guy giving up at 02:47 in the morning when he needs to get up at 07:00 in the morning
i took the Mswinsck.ocx to the win2k-irc-server %systemroot% and put a bootload.exe on it too.
i registered the Mswinsck.ocx (XP version) under the 2k box with regsvr32.exe Mswinsck.ocx sucessfull and started the
bootload.exe ... wohooo no error-messages BUT as some of you will feel... the F*C*I*G bot isn't on the irc-channel...
i made a netstat on the remote win2k machine on which now the bot and the irc-server run on and got this:

TCP win2kclient1:6667 win2kclient1.testnetz.lan:1071 HERGESTELLT

seems again like a clean established connection but nothing to see there?


can anyone help me? i am really pissed off now cause i have the feeling i just wasted my time...


the pics i have made from the error messages:

win2k professional sp4 german


win2k server sp2 german


winxp sp2 german

[edit by=w00dy] No requests, no listing of your e-mail. This forum is public, asking for things to be sent privately ruins the point of having a public forum.[/edit]

nice bot

going to give it a shot

thnx

eftex Re: mscomctl.ocx
That is an OCX file that is missing on a lot of systems, not specific to german ones. It is only used by a few MS & and a lot of Visual Basic Created programs, .: you must add that OCX (kind of like a dll) to the host yourself.

Hi,

this threat is pretty old but cos i still got a few pms asking where to get the bot
here is the link to my new website:
www.brainbuster.tk
=)


--brainbuster

How can i make the brainbot to be undetectable by norton antivirus?

i tried modifing some info throug ResHack but nothing happens... still detectable... are there a trick?

thankz!

Runtime Error '7':
Out of memory

what does this mean? how can i fix it?

Why post a huge ass picture of your entire desktop when you could have cut it down to help those on dial up and just hosted the error message box, or better yet, just typed

"run time error "7"" and asked what that ment, meaning it would not hinder anyones loading times

Great stuff, but didnt work on 2 PC's. One gave the Runtime '7' error, but forgot the other one.

Do we need special drivers for this?

Was looking to see recently if BB has been updated....all sites of which it was on previously are all down now....anyone have the URL of the new site or an email/aim of brainbuster?

Thanks,
t.

www.brainbuster.tk

-toe

Any chance of explaining how you did that?
Maybe a short source code snippet?

am I the only one that isnt able to view this site...

I can access the website...so i assume your the only one who can't...

Same. lol

i tryed the bot localy on my computer and it wouldnt seem to join the channel or even connect to the irc server :\

saw that your last release was in purebasic. realbasic is a project somewhat similar to purebasic, in case youre still looking for other options.

i have a 2 error :
when biulding the mesegebox pops up saying unable to find the file path and other error is

PinkBunnies

Runtime Error 10049

Adress is not available from the local machine

----------------

keeep up the gooood work brainnn !! i know its in beta stage n hop it will doo great when completed !!

cant reach the host brainbuster.tk..


mixmastertitch.com not found. Check the address and try again.