89.203.44.148:3211Nick: Virus-woyoogUsername: mfaijaServer Pass: VirusJoined Channel: ##v## with Password Virus Registry Modifications The following Registry Key was created:HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}The newly created Registry Value is:[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]StubPath = “c:RESTORES-1-5-21-1482476501-1644491937-682003330-1013msnmsngr.exe” so that msnmsngr.exe runs every time Windows starts The following directories were created:c:RESTOREc:RESTORES-1-5-21-1482476501-1644491937-682003330-1013
r0-n3.onecik.pl(kuwait botnet user)
Remote Host Port Number208.43.247.56 8066.252.13.221 32322NICK yjbuqsknJOIN #t4 l4mPRIVMSG #t4 :doneUSER yjbuqskn * 0 :COMPUTERNAMEMODE yjbuqskn +ix * The following port was open in the system: Port Protocol Process1051 TCP PerNet.exe (%Windir%PerNet.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + MSN = “%Windir%PerNet.exe” so that PerNet.exe runs every time Windows startsRead more...
ns2.statsfind.com
Remote Host Port Numberns2.statsfind.com 8080 PASS yesyesNICK [luk]434946USER asgpqdg 0 0 :[luk]434946USERHOST [luk]434946MODE [luk]434946 +xJOIN #lucky enigmaNICK [luk]163529USER zklylx 0 0 :[luk]163529USERHOST [luk]163529MODE [luk]163529 +xNICK [luk]820442USER uikxju 0 0 :[luk]820442USERHOST [luk]820442MODE [luk]820442 +xNICK [luk]956318USER vqffpa 0 0 :[luk]956318USERHOST [luk]956318MODE [luk]956318 +x Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices o HKEY_CURRENT_USERSoftwareMicrosoftOLE *Read more...
217.30.180.76 (Mouse’s net again)
Remote Host Port Number217.30.180.76 3305 NICK P|fjidpk0dwUSER z0zzhm589 * 0 :USA|XP|995USERHOST P|fjidpk0dwMODE P|fjidpk0dwJOIN #mm RSA There was an outbound traffic produced on port 3305:PASS secretpass * The following ports were open in the system: Port Protocol Process69 UDP unwise_.exe (%FontsDir%unwise_.exe)1052 TCP unwise_.exe (%FontsDir%unwise_.exe)23254 TCP unwise_.exe (%FontsDir%unwise_.exe) Registry Modifications * The following Registry Keys were created:Read more...
nanana.massme.net
Remote Host Port Numbernanana.massme.net 4244 PASS letmemeNICK [00|USA|346493]USER XP-2464 * 0 :COMPUTERNAME To mark the presence in the system, the following Mutex object was created:LiNbagGgsagThe following ports were open in the system:Port Protocol Process1033 TCP winsystem.exe (%Windir%winsystem.exe)1034 TCP winsystem.exe (%Windir%winsystem.exe) Registry Modifications The newly created Registry Value is:[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]Windows API Control Center = “winsystem.exe” so thatRead more...
botnet.gala.az
Outgoing ConnectionsTransport Protocol: TCPRemote Address: 174.132.181.28Remote Port: 6667 Nick: [AUT|00|P|78961]Username: XP-7547Server Pass: testJoined Channel: #SaMu with Password test Topic Deleted: :.open www.gala.azPrivate Message DeletedValue: :IRC!IRC@www.RoxNet.com PRIVMSG [USA|00|P|86483] :_CHAR(0x01)_VERSION_CHAR(0x01)_Value: :SecureServ!TS@stats.myaze.com PRIVMSG [USA|00|P|86483] :_CHAR(0x01)_VERSION_CHAR(0x01)_Notice Message DeletedValue: :www.RoxNet.com NOTICE AUTH :*** Looking up your hostname…Value: :www.RoxNet.com NOTICE AUTH :*** Found your hostnameValue: :www.RoxNet.com NOTICE [USA|00|P|86483] :Setting/removing of usermode(s)Read more...
proxim.ircgalaxy.pl
Remote Host Port Numberproxim.ircgalaxy.pl 65520 File System Modifications * The following files were modified: o [pathname with a string SHARE]msinfo32.exe o [pathname with a string SHARE]sapisvr.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwconn1.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwconn2.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwrmind.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwtutor.exe o %ProgramFiles%Internet ExplorerConnection Wizardinetwiz.exe o %ProgramFiles%Internet ExplorerConnection Wizardisignup.exe o %ProgramFiles%Internet Exploreriedw.exe o %ProgramFiles%MSNMSNIAmsniasvc.exeRead more...
nrm-sndbx01.osl.basefarm.net
Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Service Agent = “sup.exe” so that sup.exe runs every time Windows starts o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices] + Windows Service Agent = “sup.exe” so that sup.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows ServiceRead more...
shv4.ath.cx
shv4.ath.cx:6667 NICK USA|7008USER rzec 0 0 :USA|7008USERHOST USA|7008MODE USA|7008 -x+iJOIN #bote2MODE #bote2 +sntNOTICE USA|7008 :.VERSION mIRC v6.14 Khaled Mardam-Bey.PRIVMSG #bote2 :[MAIN]: Status: Ready. Bot Uptime: 0d 0h 0m.PRIVMSG #bote2 :[MAIN]: Bot ID: [.:xarbot:.].PRIVMSG #bote2 :[SCAN]: Exploit Statistics: VNC: 0, dcom2-135: 0, dcom2-445: 0, Total: 0 in 0d 0h 0m.PRIVMSG #bote2 :[MAIN]: Uptime: 0d 0h 2m.PRIVMSGRead more...
update.xxxlilly.com(hidden+crim lamers clan)
Requested Host: update.xxxlilly.comResulting Address: 67.23.23.11Connection Established: 0Socket: 0Outgoing ConnectionsIRC DataUser Name: XP-2425Host Name: *Server Name: Real Name: HOME-OFF-D5F0ACPassword: ownedNick Name: [N00|USA|421198]Non RFC Conform: 1ChannelName: #!m!Password: abcTopic Deleted: : Transport Protocol: TCPRemote Address: 67.23.23.11Remote Port: 1863Protocol: IRCConnection Established: 1Socket: 1656 Resolved : [update.xxxlilly.com] To [212.174.134.33]Resolved : [update.xxxlilly.com] To [67.23.23.11]Resolved : [update.xxxlilly.com] To [123.176.7.36] Create Mutex:Name: msnfixedOwned:Read more...