Month: October 2009

Remote Host Port Number67.43.232.35 10324 USER tntmej tntmej tntmej :kcmgivvvhwvccgbkNICK IeqiUsJyMODE IeqiUsJy +xiJOIN #kok6USERHOST IeqiUsJyMODE ##xddc +smntuMODE #xddc1 +smntuMODE #xddc2 +smntuMODE #kok6 +smntu * The following ports were open in the system: Port Protocol Process1052 TCP winamp.exe (%System%winamp.exe)17022 TCP winamp.exe (%System%winamp.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Winamp AgentRead more...

Remote Host Port Numberquasar.mooo.com 7000 NICK vinithapUSER arthur “” “quasar.mooo.com” :gunUSERHOST nickPART channelSILENCE +*!*@*,~*!*@*undernet.orgMODE vinithap +iwxMODE nick +iwxNICK jadanUSER mckayla “” “quasar.mooo.com” :zerosMODE jadan +iwxUSER arthur “” “lidingo.se.eu.undernet.org” :gunUSERHOST vinithapNICK :thiameMODE vinithap +iISON andrei Denisa devil Jumper liliana Linux maria mordor Petri play pOrn ReBe Robert Roberto sex sexy shaty unixUSER mod “” “lidingo.se.eu.undernet.org” :suzannaNICKRead more...

Remote Host Port Number67.215.1.206 8067.43.232.37 1863 USER ozzxfi ozzxfi ozzxfi :hcaacmswgsgesefnNICK NnKtdhMyVMODE NnKtdhMyV +xiJOIN #rstn3USERHOST NnKtdhMyVMODE ##xddc +smntuMODE #xddc1 +smntuMODE #xddc2 +smntuMODE #rstn3 +smntu * The following ports were open in the system: Port Protocol Process1054 TCP iexplore.exe (%System%iexplore.exe)1129 TCP iexplore.exe (%System%iexplore.exe)1130 TCP iexplore.exe (%System%iexplore.exe)22818 TCP iexplore.exe (%System%iexplore.exe) Registry Modifications * The following Registry KeyRead more...

64.85.167.174:6667 Nick: AUT|XP|SP3|00|3393Username: lfrmykServer Pass: 151515Joined Channel: #cumhur with Password 151515Private Message to User AUT|XP|SP3|00|3393: “VERSION” Now talking in #dezpotTopic On: [ #dezpot ] [ !vncstop !scan 94 1 !scan 94 1 190.x.x.x 3 1 210.x.x.x !msn ]Topic By: [ dezpot ]Modes On: [ #dezpot ] [ +mntf [5c#C15,5j#R5,12k#K10,12m#m10,5n#N15,8t#b]:10 ]ChanMode: KankilerimUser sets mode [-m]KankilerimUser) .msn.msgRead more...

89.203.44.148:3211Nick: Virus-woyoogUsername: mfaijaServer Pass: VirusJoined Channel: ##v## with Password Virus Registry Modifications The following Registry Key was created:HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}The newly created Registry Value is:[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]StubPath = “c:RESTORES-1-5-21-1482476501-1644491937-682003330-1013msnmsngr.exe” so that msnmsngr.exe runs every time Windows starts The following directories were created:c:RESTOREc:RESTORES-1-5-21-1482476501-1644491937-682003330-1013

Remote Host Port Number208.43.247.56 8066.252.13.221 32322NICK yjbuqsknJOIN #t4 l4mPRIVMSG #t4 :doneUSER yjbuqskn * 0 :COMPUTERNAMEMODE yjbuqskn +ix * The following port was open in the system: Port Protocol Process1051 TCP PerNet.exe (%Windir%PerNet.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + MSN = “%Windir%PerNet.exe” so that PerNet.exe runs every time Windows startsRead more...

Remote Host Port Numberns2.statsfind.com 8080 PASS yesyesNICK [luk]434946USER asgpqdg 0 0 :[luk]434946USERHOST [luk]434946MODE [luk]434946 +xJOIN #lucky enigmaNICK [luk]163529USER zklylx 0 0 :[luk]163529USERHOST [luk]163529MODE [luk]163529 +xNICK [luk]820442USER uikxju 0 0 :[luk]820442USERHOST [luk]820442MODE [luk]820442 +xNICK [luk]956318USER vqffpa 0 0 :[luk]956318USERHOST [luk]956318MODE [luk]956318 +x Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices o HKEY_CURRENT_USERSoftwareMicrosoftOLE *Read more...

Remote Host Port Number217.30.180.76 3305 NICK P|fjidpk0dwUSER z0zzhm589 * 0 :USA|XP|995USERHOST P|fjidpk0dwMODE P|fjidpk0dwJOIN #mm RSA There was an outbound traffic produced on port 3305:PASS secretpass * The following ports were open in the system: Port Protocol Process69 UDP unwise_.exe (%FontsDir%unwise_.exe)1052 TCP unwise_.exe (%FontsDir%unwise_.exe)23254 TCP unwise_.exe (%FontsDir%unwise_.exe) Registry Modifications * The following Registry Keys were created:Read more...

Remote Host Port Numbernanana.massme.net 4244 PASS letmemeNICK [00|USA|346493]USER XP-2464 * 0 :COMPUTERNAME To mark the presence in the system, the following Mutex object was created:LiNbagGgsagThe following ports were open in the system:Port Protocol Process1033 TCP winsystem.exe (%Windir%winsystem.exe)1034 TCP winsystem.exe (%Windir%winsystem.exe) Registry Modifications The newly created Registry Value is:[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]Windows API Control Center = “winsystem.exe” so thatRead more...

Outgoing ConnectionsTransport Protocol: TCPRemote Address: 174.132.181.28Remote Port: 6667 Nick: [AUT|00|P|78961]Username: XP-7547Server Pass: testJoined Channel: #SaMu with Password test Topic Deleted: :.open www.gala.azPrivate Message DeletedValue: :IRC!IRC@www.RoxNet.com PRIVMSG [USA|00|P|86483] :_CHAR(0x01)_VERSION_CHAR(0x01)_Value: :SecureServ!TS@stats.myaze.com PRIVMSG [USA|00|P|86483] :_CHAR(0x01)_VERSION_CHAR(0x01)_Notice Message DeletedValue: :www.RoxNet.com NOTICE AUTH :*** Looking up your hostname…Value: :www.RoxNet.com NOTICE AUTH :*** Found your hostnameValue: :www.RoxNet.com NOTICE [USA|00|P|86483] :Setting/removing of usermode(s)Read more...