A Remote Administration Tool is a special kind of hacker spyware, used for remote access and control of other people’s computers. The attacker infects the PC via the e-mail or File and Print Sharing. A “server” allows him to connect via a “client” on his own machine. The functions of a RAT may vary, depending on the needs of the hacker. Some RATs can’t really harm your PC and the only purpose they were made for is hooliganism. But some versions can steal vital information, delete files and even crash your system. You can guess by the name of this pest that its prime function is annoying the victim. Several versions (Poltergeist 1.0, Poltergeist 1.1b) appeared in the internet from July 2003 to February 2004. The author is a hacker called Trainwreck. He wrote this pest in Visual Basic programming language.
From the publisher:
“Poltergeist is a Client/Server side Trojan. It comes with one Client and two Server’s, the Server.exe and the server-scr.scr both are the same only the extensions are diffrent. You’ll have to use the Client to connect to the remote machine where the Server is running, but you need the IP adress of the remote computer in order to connect. Options ——- -I will explain some options here just to make things clear. One of the options is screen capture when you capture a screen, the screenshot will be saved in a map called “Trainwreck” wich is located in the same folder where your Client.exe is. -An other option is coding if you dont you dont understand what exactly happends then read this on. You’ll be able to code your own things in Batch code or VBS scripting the choice is up to you, when your code is done you can compile that script and it will be compiled on the computer where the Server is running, all you have to do next is press on the execute button and your script will get executed. -Keylogger, this option logs the keystrokes of the person wich runs the Server.exe, you can save the log file by pressing on the “Save Log” button, your log will be saved at your C: HardDisk ( C:\KeyLog ) the file is called “KeyLog.txt”. -Guess this are the most important things to discuss the other options are most self explanatory. from the doc:
‘FAQ’s about Poltergeist
-Reconnect doenst work?
When you just pressed on the disconnect button and want to reconnect immdiatly you’ll see in the statusbar that your not connected, this is because it can take up to 6 min to clear the ports and set them open again to listen for incoming data. All you have to do is just wait a little bit.
-Why does it gives an error when i press on the “X” to close the Client.exe This isnt really an error, when you press the “X” to close the program and forgot to press on the disconnect button first, then it will first send a string to the server that the client is closing connection otherwise you wouldn’t be able te reconnect to the server when the client gets closed with out saying to the Server.exe that your closing the connection, so its just meant for safety.
-For some more FAQ’s check out the trojan and you’ll see an option that has some more awnsers for your question.”
Poltergeist manual removal: