Ghost is a large RAT virus family, designed to annoy the victim by performing stupid useless operations, such as open/close CD-rom, turn off/on the monitor, etc. The virus in a non-destructive type of RAT. It can not damage the system, however some versions include a “keylogger” ability. Some personal information, such as passwords and bank account numbers can be lost. The author of this pest is a hacker called Lame_Joker. The pest is written in Visual Basic. Many variants (Ghost 2.0, Ghost 2.1, Ghost 2.2, Ghost 2.3, Ghost 2.4a, Ghost Mini-Server 2.3) appeared in the internet from October 2001 to August 2002. The place of origination is Israel.
From the publisher:
“The purpose of this program is to ANNOY THE VICTEM without giveing the ‘hacker’ the tools that could destroy or damage the victem’s computer… Open/Close you host’s CD-ROM drive, Hide/Show start button, Hide/Show startBar, Hide/Show taskIcons, Disable/Enable Ctrl+alt+del, Set a random background color, Logoff user, Force restart, send customed messages, Send host to a url, Blackout/Blackin host’s windows, Start host’s notepad, Chack ICQ UINs for online status, Prank host, Put a custome junk File on Host’s DeskTop ,Print crap on host’s printer, reset host’s mouse position and Hide/Show teskBar Clock. Pranks: Microsoft warning – Send the host a fake worning message from the Microsoft server telling it that an illegal Windows key number was detected installed on his system. Tip of the day – Let the host know about some interesting yet stupid tips/facts about himself.’
‘This server is undetected to most antivirus programs! Including Macaffe,Norton,The cleaner,AVP,Panda,Esafe(Antivirus) etc… Server is very small (31k), and was tested on Win9x/NT/ME/XP systems. In order to work, Microsoft VB runtime files must be installed on target PC (including winsock controls!)”
Ghost manual removal:
alpha.txt,binder.exe,ghost mini-server.txt,ghost.exe,ghostserver.exe,ghostservereditor.exe,mini-server.exe,readme.txt,server.exe,small server.bat,winsck_droper.exe