Remote Host Port Number 201.40.117.44 6667 NICK n-123107 USER enuiknr 0 0 :n-123107 USERHOST n-123107 MODE n-123107 -x+B JOIN #teste NICK n-813308 USER natauv 0 0 :n-813308 USERHOST n-813308 MODE n-813308 -x+B Other details * The following ports were open in the system: Port Protocol Process 113 TCP rgysir.exe (%System%rgysir.exe) 1054 TCP rgysir.exe (%System%rgysir.exe) RegistryRead more...

Remote Host Port Number 62.193.249.122 3305 PASS secretpass NICK P|j6sobrsdi USER bho4k240z * 0 :USA|XP|822 USERHOST P|j6sobrsdi MODE P|j6sobrsdi JOIN #mm RSA Other details * The following ports were open in the system: Port Protocol Process 69 UDP unwise_.exe (%FontsDir%unwise_.exe) 1055 TCP unwise_.exe (%FontsDir%unwise_.exe) 1146 TCP unwise_.exe (%FontsDir%unwise_.exe) 1149 TCP unwise_.exe (%FontsDir%unwise_.exe) 1150 TCP unwise_.exeRead more...

Remote Host Port Number 204.0.5.41 80 204.0.5.42 80 204.0.5.48 80 204.0.5.50 80 204.0.5.51 80 204.0.5.57 80 216.178.38.103 80 216.178.38.168 80 63.135.86.23 80 63.135.86.39 80 216.246.77.59 1234 PASS xxx NICK NEW-[USA|00|P|92609] USER XP-5012 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|92609] -ix JOIN #jakarta test JOIN #USA PONG irc.priv8net.com * The data identified by the following URLs was thenRead more...

Remote Host Port Number 94.76.225.88 1234 NICK n[USA|XP]6843869 USER 7028 “” “lol” :7028 JOIN #!l! PONG :2.priv8net.com a litle update here: sto.leshatuki.com 201.140.27.83 C&C Server: 201.140.27.83:1234 Server Password: Username: 1046 Nickname: n[DEU|XP]2202206 Channel: #!l! (Password: ) Channeltopic: C&C Server: 201.140.27.83:1234 Server Password: Username: 0593 Nickname: [DEU|XP]9257441 Channel: #!l! (Password: ) Channeltopic: Registry Modifications * TheRead more...

Remote Host Port Number 64.32.13.143 6667 MODE {XPUSA550829} -ix JOIN #imagesnice PONG irc.priv8net.com Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Services = “service.exe” so that service.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update = “%Temp%service.exe” so that service.exe runs every time Windows starts Memory Modifications *Read more...

202.73.11.63 (6667) Current Local Users: 68 Max: 14 Current Global Users: 68 Max: 146 #kimi# 28 #boot# 2 #lnx 1 #!x! #vnc?# 1

n.main-update.com:81 #newbin# http://share-friend.com/n/phto-jpg-2010-05-29.scr

Remote Host Port Number 91.211.117.87 4723 NICK n{USA|XP}jjywrvd USER n{USA|XP}jjywrvd 0 0 :n{USA|XP}jjywrvd JOIN #E# Registry Modifications * The following Registry Key was created: o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionApp * The following Registry Keys were deleted: o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBoot o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalAppMgmt o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBase o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBoot Bus Extender o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBoot file system o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalCryptSvc o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalDcomLaunch o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmadminRead more...

n3w.metraiciono.com 74.82.57.113 * C&C Server: 74.82.57.113:6567 PASS pr1v4d0onl1n3r * Server Password: * Username: XP-5152 * Nickname: [SI|DEU|00|P|69152] * Channel: #salvando# (Password: c1rc0s0leil) * Channeltopic: :- MODE [SI|USA|00|P|84975] -ix JOIN #n3wb0t# c1rc0s0leil PRIVMSG #n3wb0t# :[Dl]: File download: 104.1KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_06333.exe @ 104.1KB/sec. QUIT [Update]: Updating to new bin. NICK [SI|USA|00|P|37304] USER XP-5387 * 0 :COMPUTERNAME MODERead more...

Remote Host Port Number 204.0.5.41 80 204.0.5.42 80 204.0.5.43 80 204.0.5.48 80 204.0.5.51 80 207.38.101.12 80 216.178.38.103 80 216.178.38.168 80 63.135.86.21 80 63.135.86.37 80 64.202.120.49 81 ircd here PASS xxx JOIN #XXL test PONG 22 MOTD NICK NEW-[USA|00|P|16828] USER XP-8033 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|16828] -ix * The data identified by the following URLs wasRead more...