Month: November 2009

java1.webhop.net

Uncategorized

java1.webhop.net 89.148.0.52java2.webhop.net Outgoing connection to remote server: java1.webhop.net TCP port 443Outgoing connection to remote server: java1.webhop.net TCP port 443 Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{54AF1E87-2769-558F-34E9-EC1E2A442DD1} “StubPath” = C:WINDOWSsystem32widll.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “widll” = C:WINDOWSsystem32widll.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftAdvanced INF Setup “AdvpackLogFile”HKEY_LOCAL_MACHINESOFTWAREClassesHTTPshellopencommand “”HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{54AF1E87-2769-558F-34E9-EC1E2A442DD1} “StubPath”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “widll” File Changes by all processesNew Files C:WINDOWSsystem32widll.exeDeviceRasAcdOpened Files C:rxvtermc:PIUD.EXEC:WINDOWSsystem32widll.exeDeletedRead more...

shoock.dyndns.ws

Uncategorized

189.19.68.201:6667 Nick: AUT|m0d4|732363Username: zqtihakzServer Pass: analJoined Channel: ##AnaL## with Password a

irc.lulz.ee

Uncategorized

Remote Host Port Number64.89.27.36 51987 NICK pLagUe{USA}72995MODE pLagUe{USA}72995 -ixJOIN #treesPONG irc.lulz.eeUSER SkuZ * okTeaM UniX b0at 0.4PRIVMSG #trees :New PC Infected. Other details * The following port was open in the system: Port Protocol Process1052 TCP raidhost.exe (%Windir%raidhost.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + raidhost = “raidhost.exe” so thatRead more...

irc.ourdomain.bleh

Uncategorized

69.147.233.136:6667 NICK n-611470USER vupyrjg 0 0 :n-611470USERHOST n-611470MODE n-611470 -x+BJOIN #AlexBotNOTICE n-611470 :.VERSION mIRC v6.12 Khaled Mardam-Bey.PRIVMSG #AlexBot :[MAIN]: Status: Ready. Bot Uptime: 0d 0h 0m.PRIVMSG #AlexBot :[MAIN]: Bot ID: AlexBot.PRIVMSG #AlexBot :[Scn]: Exploit Statistics: NetBios: 0, NTPass: 0, Dcom135: 0, Dcom1025: 0, Dcom2: 0, MSSQL: 0, lsass: 0, Total: 0 in 0d 0h 0m.PRIVMSGRead more...

irc.joblow666.com

Uncategorized

Remote Host Port Number82.146.49.155 6667 PING :ircirc.servebeer.comJOIN ##[ENG]PONG :You have not registeredJOIN #secret videoNICK [ENG][COMPUTERNAME]23717 PASS video File System Modifications * The following file was created in the system: # Filename(s) File Size File Hash1 %AppData%taskmgrtaskmgr.exe[file and pathname of the sample #1] 83 456 bytes MD5: 0x39D08E3693F4C5AA84B90981348AC4B8SHA-1: 0x7A256A381FB118A43F2C9B4F068D1099A449BE3E * Note: o %AppData% is a variableRead more...

64.120.11.167(ogard’s 23k botnet)

Uncategorized

Remote Host Port Number193.242.108.49 8066.45.237.212 8064.120.11.167 5900 File System Modifications * The following files were created in the system: # Filename(s) File Size File Hash1 %UserProfile%update.exe 57 387 bytes MD5: 0xD037B4F37AF523C6F7CFB0BA122296A2SHA-1: 0x23CD0E21CF3C0693E2F4ECA7A2DB3B04E43D351E2 c:GardiTuxatbov.exe[file and pathname of the sample #1] 69 632 bytes MD5: 0x99CA8EFB12FB35FA09D10C595EB37DC8SHA-1: 0xA97BE1EBB176D74C6191D17774E1888330CE86FD3 c:GardiTuxatDesKTop.ini 62 bytes MD5: 0x7457A5DF1FF47C957ACF1FA000D7D9ADSHA-1: 0x69D2BBA827FD4DE0169419A0FDA280252B348514 * Note: o %UserProfile%Read more...

sk1.no-ip.info

Uncategorized

* Requested Host: sk1.no-ip.info* Resulting Address: 217.147.29.246 * Unknown Connections o Host By Name: + Requested Host: michael-f156cf7 + Resulting Address: 192.168.1.117 + Requested Host: sk1.no-ip.info + Resulting Address: 217.147.29.246 + Requested Host: www.whatismyip.com + Error Code: WSAHOST_NOT_FOUND + Requested Host: www.whatismyip.com + Resulting Address: 72.233.89.198 + Requested Host: checkip.dyndns.org + Error Code: WSAHOST_NOT_FOUND +Read more...

irc.botitos.net

Uncategorized

golpe.dyndns.org 190.121.67.127 * C&C Server: 190.121.67.127:6667 * Server Password: * Username: XP-3233 * Nickname: [DEU|00|P|61069] * Channel: #uNk (Password: test) * Channeltopic: :*.msn.msg hola!!! vas a mirar o no la foto? dale!!!! http://liz2009.fileave.com/foto.exe 😛 🙂 * IRC Data o User Name: XP-9745 o Host Name: * o Server Name: o Real Name: DWI-9625AC2E275 o Password:Read more...

DUBAI.irc.gov

Uncategorized

67.228.73.151 (4545) Invisible Users: 23Operators: 8 operator(s) onlineChannels: 3 channels formedClients: I have 22 clients and 1 serversLocal users: Current Local Users: 22 Max: 45Global users: Current Global Users: 30 Max: 53 Now talking in #2Topic On: [ #2 ] [ .find vnc-5900 100 5 0 189.x.x.x ]Topic By: [ systemerror ]Modes On: [#2 ]Read more...

kgameserv1.ns02.info (rage bot)

Uncategorized

67.202.81.97:6660Nick: [LiQ-Krew]22070Username: eaxaahbJoined Channel: #mscan with Password scanChannel Topic for Channel #mscan: “!scan 94 random 69.x.x.x 3 1”Private Message to Channel #mscan: “[RAGE SCAN:] range: 69.x.x.x/94 threads.”Private Message to User [LiQ-Krew]22070: “VERSION” * IRC Data o User Name: suvhrsg o Host Name: “fo8.net” o Server Name: o Real Name: suvhrsg o Nick Name: [nLh-VNC]uhenwu oRead more...