Month: March 2010

www.MSNAREA.COM 173.208.34.249 membres.lycos.fr membres.lycos.fr 213.131.252.251 membres.multimania.fr membres.multimania.fr 213.131.252.251 Download URLs http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) C&C Server: 173.208.34.249:80 Server Password: Username: SP3-943 Nickname: [N00_DEU_XP_7839707]_CHAR(0x08)_ë@ Channel: (Password: ) Channeltopic: C&C Server: 173.208.34.249:81 Server Password: Username: SP3-720 Nickname: [00_DEU_XP_4068211] Channel: #xx32 (Password: ) Channeltopic: :.asc -SRead more...

Again JimyGJ botnet another lamer from kuksi the land of pidhi arushes – DNS Queries: Name Query Type Query Result Successful Protocol wiss.lulzimehodza.com DNS_TYPE_A 122.183.243.42 YES udp 122.183.243.42:12351 Nick: `tsnugx Username: `tsnugx Joined Channel: #.serve1 with Password kr Joined Channel: #.a with Password -s Channel Topic for Channel #.serve1: “.join #.dc |`adv.start lsass 75 3Read more...

Username: XP-4316 Nickname: [DEU|00|P|67741] Channel: #Amzo (Password: pakie) Channeltopic: :.msn.msg OMG! Who the fuck uploaded this of you? http://amzo.escriptirc.com/DSC120394.com C&C Server: 217.23.7.121:6667 Server Password: Username: XP-5137 Nickname: [DEU|00|P|97851] Channel: #Amzo (Password: pakie) Channeltopic: :.msn.msg OMG! Who the fuck uploaded this of you? http://amzo.escriptirc.com/DSC120394.com amzo.no-ip.biz 217.23.7.121 Opened listening TCP connection on port: 113 C&C Server: 217.23.7.121:6667Read more...

82.146.52.194:7000 Nick: [AUT|3531|XP] Username: 7646 Joined Channel: #phayte

irc.absurd-irc.net 66.225.223.91 C&C Server: 66.225.223.91:7000 Server Password: Username: XP-9382 Nickname: [DEU|00|P|00101] Channel: #roxusisahalogod## (Password: pimppimp) Channeltopic: : Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “winlogin” = winlogin.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “winlogin” = winlogin.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:roxusbotv2.exe” = c:roxusbotv2.exe:*:Enabled:winlogin HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active” = [REG_DWORD, value: 00000001] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsRead more...

sk1.no-ip.biz 94.190.69.58 Opened listening TCP connection on port: 113 C&C Server: 94.190.69.58:4244 Server Password: Username: rdjbw Nickname: XP|00|DEU|SP3|0724 Channel: #nzm# (Password: ) Channeltopic: Outgoing connection to remote server: sk1.no-ip.biz TCP port 4244 C&C Server: 94.190.69.58:4244 Server Password: Username: lfdaj Nickname: XP|00|DEU|SP3|1563 Channel: #nzm# (Password: ) Channeltopic:

gozaptos.no-ip.biz 89.46.32.153 gozaptos.no-ip.biz Opened listening TCP connection on port: 113 C&C Server: 89.46.32.153:6667 Server Password: Username: pfuecrx Nickname: n-585953 Channel: #amb (Password: 13249) Channeltopic: :none Outgoing connection to remote server: 255.255.255.255 TCP port 6667 Outgoing connection to remote server: gozaptos.no-ip.biz TCP port 6667 C&C Server: 89.46.32.153:6667 Server Password: Username: szafwmsz Nickname: n-891350 Channel: #amb (Password:Read more...

C&C Server: 82.146.51.202:6667 Server Password: Username: 5429 Nickname: [DEU|2308|XP] Channel: #ShaDow (Password: 200500) Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftGDIPlus “FontCachePath” = C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdaten HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “LS Services” = C:DOKUME~1ADMINI~1LOKALE~1Templsservs.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “InstallRoot” HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “CLRLoadLogDir” HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “OnlyUseLatestCLR” HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “GCStressStart” HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “GCStressStartAtJit” HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “DisableConfigCache” HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “CacheLocation” HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “DownloadCacheQuotaInKB” HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “EnableLog” HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionRead more...

alias l0v3ly { if ($1 = nr) { return f.unicat.org } if ($1 = np) { return 9890 } if ($1 = nc) { return ##e## } if ($1 = nx) { return ##e } if ($1 = nk) { return hell } if ($1 = nl) { return 90410059 } mirc bot with alotRead more...

Remote Host Port Number bs.zbv2dns.com.es 1234 NICK n[USA|XP]7557631 USER 3542 “” “lol” :3542 JOIN #bb# NICK [USA|XP]5386840 USER 3879 “” “lol” :3879 * To mark the presence in the system, the following Mutex object was created: o SN5JSN868L * The following ports were open in the system: Port Protocol Process 1034 TCP msnmgr.exe (%Windir%msnmgr.exe) 1035Read more...