Warning: The mIRC Add-On Hellfirez Multi Exploit Scan (Netsnooper) i a trojan itself, the mIRC Script can be used to control a user with the help of CTCP commands... (if you are interested: http://websites.ntl.com/~gavin.holmes/hellfirez.htm) The trojan is the file hell.mrc the best is to remove it in mIRC with the command : /unload -rs hell.mrc then check the file mirc.ini .. if the seciton rfiles still contains the entry nX=hell.mrc then remove it.. In addition to this you shall delete the file hell.mrc .. ok, deletion would be enough, but this way we keep the files clean. ;) Whenever a User connects a server the following people get informed: HeLLfiReZ, |ToX|, LEENtech, firefox^_^, SaintAegros and {x3d} If you find a remote control tool server installed on another PC, the following Informations get send to the channel #nivag: victim's nick, IP, channel, trojan, port of trojaners All chats you are doing are send and loggen in the channel #Hellsnooper. There you can read all chats of a Hellfire User. The following commands can be used to control a Hellfire user: The parameters are the same as the normal commands have.. /ctcp hpart part channel /ctcp hkick kick someone /ctcp hban set a ban /ctcp hop give someone @ (hdop to take OP) /ctcp hvoice give someone +v (hdvoice = -v ) /ctcp hjoin let the victim join a channel /ctcp hquit the infected quits the server /ctcp hinvite the victim invites someone to a channel /ctcp hmsg Let him write someone a msg /ctcp hsend lets him dcc send a file I think thats enough reverse engineering.. Be aware : The infected cannot hide ;) Cu SnakeByte [SnakeByte@kryptocrew.de]