proxim.ircgalaxy.pl

Remote Host Port Number
proxim.ircgalaxy.pl 65520

NICK zttwuhgs
USER t020501 . . :-Service Pack 2
JOIN &virtu

* The following files were modified:
o [pathname with a string SHARE]msinfo32.exe
o [pathname with a string SHARE]sapisvr.exe
o %ProgramFiles%Internet ExplorerConnection Wizardicwconn1.exe
o %ProgramFiles%Internet ExplorerConnection Wizardicwconn2.exe
o %ProgramFiles%Internet ExplorerConnection Wizardicwrmind.exe
o %ProgramFiles%Internet ExplorerConnection Wizardicwtutor.exe
o %ProgramFiles%Internet ExplorerConnection Wizardinetwiz.exe
o %ProgramFiles%Internet ExplorerConnection Wizardisignup.exe
o %ProgramFiles%Internet Exploreriedw.exe
o %ProgramFiles%Internet ExplorerIEXPLORE.EXE
o %ProgramFiles%MSNMSNIAmsniasvc.exe
o %ProgramFiles%MSNMSNIAprestp.exe
o %ProgramFiles%MSNMsnInstallermsninst.exe
o %ProgramFiles%NetMeetingcb32.exe
o %ProgramFiles%NetMeetingconf.exe
o %ProgramFiles%NetMeetingwb32.exe
o %ProgramFiles%Outlook Expressmsimn.exe
o %ProgramFiles%Outlook Expressoemig50.exe
o %ProgramFiles%Outlook Expresssetup50.exe
o %ProgramFiles%Outlook Expresswab.exe
o %ProgramFiles%Outlook Expresswabmig.exe
o %ProgramFiles%Web PublishWPWIZ.EXE
o %ProgramFiles%Windows Media Playermigrate.exe
o %ProgramFiles%Windows Media Playermplayer2.exe
o %ProgramFiles%Windows Media Playersetup_wm.exe
o %ProgramFiles%Windows Media Playerwmplayer.exe
o %ProgramFiles%Windows NTAccessorieswordpad.exe
o %ProgramFiles%Windows NTdialer.exe
o %ProgramFiles%Windows NThypertrm.exe
o %ProgramFiles%Windows NTPinballPINBALL.EXE
o %Windir%CacheAdobe Reader 6.0.1ENUBIGsetup.exe
o %Windir%hh.exe
o %Windir%infunregmp2.exe
o %Windir%Installer{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}places.exe
o %Windir%Microsoft.NETFrameworkNETFXSBS10.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727aspnet_compiler.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727aspnet_regbrowsers.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727aspnet_regsql.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727CasPol.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727dfsvc.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727IEExec.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727InstallUtil.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727jsc.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727MSBuild.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727RegAsm.exe
o %Windir%Microsoft.NETFrameworkv2.0.50727RegSvcs.exe
o %Windir%msagentagentsvr.exe
o %Windir%muimuisetup.exe
o %Windir%NOTEPAD.EXE
o %Windir%pchealthhelpctrbinariesHelpCtr.exe
o %Windir%pchealthhelpctrbinariesHelpHost.exe
o %Windir%pchealthhelpctrbinariesHelpSvc.exe
o %Windir%pchealthhelpctrbinariesHscUpd.exe
o %Windir%pchealthhelpctrbinariesmsconfig.exe
o %Windir%pchealthhelpctrbinariesnotiflag.exe
o %Windir%pchealthUploadLBBinariesUploadM.exe
o %Windir%regedit.exe
o %System%accwiz.exe
o %System%actmovie.exe
o %System%ahui.exe
o %System%arp.exe
o %System%asr_fmt.exe
o %System%asr_ldm.exe
o %System%asr_pfu.exe
o %System%at.exe
o %System%atmadm.exe
o %System%attrib.exe
o %System%auditusr.exe
o %System%blastcln.exe
o %System%bootcfg.exe
o %System%bootok.exe
o %System%bootvrfy.exe
o %System%cacls.exe
o %System%calc.exe
o %System%charmap.exe
o %System%chkdsk.exe
o %System%chkntfs.exe
o %System%cidaemon.exe
o %System%cipher.exe
o %System%cisvc.exe
o %System%ckcnv.exe
o %System%cleanmgr.exe
o %System%clean_all.exe
o %System%cliconfg.exe
o %System%clipbrd.exe
o %System%clipsrv.exe
o %System%cmd.exe
o %System%cmdl32.exe
o %System%cmmon32.exe
o %System%cmstp.exe
o %System%Comcomrepl.exe
o %System%Comcomrereg.exe
o %System%comp.exe
o %System%compact.exe
o %System%conime.exe
o %System%control.exe
o %System%convert.exe
o %System%cscript.exe
o %System%ctfmon.exe
o %System%dcomcnfg.exe

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 98 304 bytes

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash Alias
1 [file and pathname of the sample #1] 25 600 bytes MD5: 0xC7D6018F97B218831C7509F1AE87754D
SHA-1: 0x4222E0820D9A10BBDC929BEB0144F201E0761A39 Worm.Win32.Nachi [PCTools]
W32.Virut.B [Symantec]
Net-Worm.Win32.Welchia.s [Kaspersky Lab]
W32/Nachi.worm.a [McAfee]
PE_VIRUT.D [Trend Micro]
Mal/TibsPak, W32/Vetor-A [Sophos]
Virus:Win32/Virut.AK [Microsoft]
Win32/Virut.D [AhnLab]

Categories: Uncategorized