Month: December 2009

irc.gizemdolu.net 95.168.170.114i3ED6DCB3.versanet.de 62.214.220.179Opened listening TCP connection on port: 113 * C&C Server: 95.168.170.114:6667 * Server Password: * Username: Perihan881 * Nickname: Cansu-66 * Channel: #X (Password: s1k1k) * Channeltopic: irc.gizemdolu.net 95.168.170.114 * C&C Server: 95.168.170.114:6667 * Server Password: * Username: XP-8319 * Nickname: [DEU|00|P|37213] * Channel: #imbot (Password: test) * Channeltopic: : Registry Changes byRead more...

irc.reserstyle.net 208.98.34.150 * C&C Server: 208.98.34.150:6667 * Server Password: * Username: cfdvpakl * Nickname: L2-j|[[ * Channel: #diablocrewsc (Password: diablo) * Channeltopic: Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows System” = C:ProgrammeGemeinsame DateienSystemsystem.exeHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:ProgrammeGemeinsame DateienSystemsystem.exe” = C:ProgrammeGemeinsame DateienSystemsystem.exe:*:Enabled:Windows SystemReads HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”Enums File Changes by all processesNew Files C:ProgrammeGemeinsame DateienSystemsystem.exeC:ProgrammeGemeinsame DateienSystemsystem.exeDeviceRasAcdOpened FilesRead more...

NICK [00|USA|587663]USER XP-3162 * 0 :COMPUTERNAMEMODE [00|USA|587663] -ixJOIN #test.bMODE #test.b -ix Other details * To mark the presence in the system, the following Mutex object was created: o aS3V6Nu * The following port was open in the system: Port Protocol Process1036 TCP service.exe (%Windir%service.exe) * The following Host Name was requested from a host database:Read more...

Remote Host Port Number 174.37.240.240 1995 66.252.5.60 6161 NICK XPJnl3Q USER laMer “” “gt10.smo7he.com” : You Think i aughty USERHOST XPJnl3Q JOIN #kwt-team #191# MODE #kwt-team hosting infos: http://whois.domaintools.com/66.252.5.60

labfixer.mamadody.mobi 66.252.13.204Opened listening TCP connection on port: 113 * C&C Server: 66.252.13.204:15656 * Server Password: * Username: laMer * Nickname: XP|ibzcwN * Channel: (Password: ) * Channeltopic: * C&C Server: 66.252.13.204:15656 * Server Password: * Username: laMer * Nickname: :XPDzsU49 * Channel: #tcp# (Password: d0s) * Channeltopic: :!clear Registry Changes by all processesCreate or OpenRead more...

Remote Host Port Number194.109.20.90 6664bircd.w0rms.ro 200869.16.172.40 666869.16.172.40 7000 NICK jonasgUSER truman “” “194.109.20.90” :minedUSERHOST nickPART channelUSER truman “” “bircd.w0rms.ro” :minedSILENCE +*!*@*,~*!*@*undernet.orgMODE jonasg +iwxNICK soowonaUSER tandy “” “194.109.20.90” :alexUSER tandy “” “bircd.w0rms.ro” :alexMODE soowona +iwxMODE nick +iwxUSER tandy “” “69.16.172.40” :alex * There was application-defined hook procedure installed into the hook chain (e.g. to monitor keystrokes).Read more...

Remote Host Port Numberirc.seslichat5.com 6664 NICK USA|80748USER qyleek 0 0 :USA|80748USERHOST USA|80748MODE USA|80748 -xJOIN #zxc zxcNICK USA|75655USER snzef 0 0 :USA|75655USERHOST USA|75655MODE USA|75655 -xNICK USA|15845USER nbhjmi 0 0 :USA|15845USERHOST USA|15845MODE USA|15845 -xNICK USA|12043USER glhnnaw 0 0 :USA|12043USERHOST USA|12043MODE USA|12043 -xNICK USA|76159USER opqoge 0 0 :USA|76159USERHOST USA|76159MODE USA|76159 -x Other details * To mark the presenceRead more...

Remote Host Port Numberxdcc.h4ck.biz 53381 NICK UteetorUSER Uteetor Esmyia 127.0.0.1 :OsulusJOIN #mic#privmsg #mic# New install..NICK AlamUSER Alam Erosas 127.0.0.1 :AsernerNICK BisolfrUSER Bisolfr Edesim 127.0.0.1 :Frimsed * The following ports were open in the system: Port Protocol Process1033 TCP tcpipx.exe (%Windir%tcpipx.exe)1034 TCP tcpipx.exe (%Windir%tcpipx.exe)1035 TCP tcpipx.exe (%Windir%tcpipx.exe) * The following Host Name was requested from aRead more...

PASS cih4n1313NICK USA|XP|SP2|00|0059USER ivchk 0 0 :..4CodeD .8By …1zerX.-…Virus.USERHOST USA|XP|SP2|00|0059MODE USA|XP|SP2|00|0059 -x+iJOIN #Botistan cih4n1313NOTICE USA|XP|SP2|00|0059 :.VERSION mIRC v6.21 Khaled Mardam-Bey.PRIVMSG #Botistan :.8,1-VrX- Bot ID: 915860.PRIVMSG #Botistan :.8,1-VrX- Uptime: 0d 0h 2m.PRIVMSG #Botistan :-.4.procs..- Failed to terminate process: PROCESS_NAME_TO_TERMINATE The following port was open in the system: Port Protocol Process 1041 TCP zjeecr.exe (%System%zjeecr.exe) Other detailsRead more...

xx.sqlteam.info 83.68.16.6xx.enterhere.biz * C&C Server: 83.68.16.6:5190 * Server Password: * Username: jwnzny * Nickname: qRRfqWVX * Channel: (Password: ) * Channeltopic: * C&C Server: 83.68.16.6:5190 * Server Password: * Username: jwnzny * Nickname: qRRfqWVX * Channel: #las6 (Password: ) * Channeltopic: : Registry Changes by all processesCreate or Open Changes HKEY_CURRENT_USERSoftwarebcrypt “i” = [REG_DWORD, value:Read more...