Month: July 2010

210.170.62.106

Remote Host Port Number 204.0.5.42 80 204.0.5.58 80 204.0.5.59 80 216.178.38.103 80 216.178.38.168 80 63.135.86.25 80 63.135.86.39 80 63.215.202.6 80 63.215.202.9 80 64.208.138.221 80 210.170.62.106 2345 PASS xxx JOIN #!gf! test MODE NEW-[USA|00|P|62925] -ix NICK NEW-[USA|00|P|62925] USER XP-2516 * 0 :COMPUTERNAME PONG irc.priv8net.com * The data identified by the following URLs was then requested from

66.225.241.182

Remote Host Port Number 204.0.5.41 80 204.0.5.48 80 204.0.5.56 80 204.0.5.58 80 216.178.38.168 80 63.135.80.58 80 63.135.86.21 80 63.135.86.30 80 63.215.202.6 80 64.208.138.218 80 66.225.241.182 2345 PASS xxx NICK NEW-[USA|00|P|20395] USER XP-6912 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|20395] -ix JOIN #!gf! test PONG 22 MOTD JOIN #USA * The data identified by the following URLs was

fix.winware.info

Remote Host Port Number fix.winware.info 3482 NICK {NEW}[USA][XP-SP2]785275 USER 2736 “” “lol” :2736 JOIN #zxt NICK [USA][XP-SP2]054542 USER 8053 “” “lol” :8053 NICK [USA][XP-SP2]607001 USER 2802 “” “lol” :2802 (DiGiGoth) ;udp 88.228.140.151 80 10 ([USA][XP-SP3]283124)UDP Flood Started ([CAN][VS-SP2]535032) UDP Flood Started ([USA][XP-SP2]738296) UDP Flood Started ([POL][XP-SP3]293661) UDP Flood Started ([FIN][XP-SP2]233285) UDP Flood Started ([ARG][XP-SP3]568580) UDP

75.102.25.96

Network Activity Connections DNS Lookup Host Name IP Address 0 127.0.0.1 browseusers.myspace.com browseusers.myspace.com 216.178.38.168 x.myspacecdn.com x.myspacecdn.com 212.201.100.169 myspace.ivwbox.de myspace.ivwbox.de 193.46.63.103 www.google-analytics.com www.google-analytics.com 72.14.221.101 js.myspacecdn.com js.myspacecdn.com 212.201.100.176 cms.myspacecdn.com cms.myspacecdn.com 212.201.100.169 qs.ivwbox.de qs.ivwbox.de 193.46.63.90 pagead2.googlesyndication.com pagead2.googlesyndication.com 209.85.135.167 googleads.g.doubleclick.net googleads.g.doubleclick.net 209.85.135.155 b.myspace.com c3.ac-images.myspacecdn.com b.myspace.com 63.135.80.58 c2.ac-images.myspacecdn.com c2.ac-images.myspacecdn.com 212.201.100.144 c4.ac-images.myspacecdn.com c3.ac-images.myspacecdn.com 212.201.100.134 c1.ac-images.myspacecdn.com c4.ac-images.myspacecdn.com 212.201.100.149 c1.ac-images.myspacecdn.com 212.201.100.144 delb.opt.fimserve.com desk.opt.fimserve.com

91.121.13.139

Remote Host Port Number 204.0.5.41 80 204.0.5.42 80 204.0.5.48 80 204.0.5.59 80 216.178.38.103 80 216.178.38.168 80 63.135.86.23 80 63.135.86.25 80 63.215.202.6 80 64.208.137.251 80 91.121.13.139 1234 PASS xxx NICK NEW-[USA|00|P|56391] USER XP-8966 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|56391] -ix JOIN #!wm! test PONG 22 MOTD * The data identified by the following URLs was then requested

irc.metraiciono.com

irc.metraiciono.com 95.211.84.164 PASS pr1v4d0onl1n3r * C&C Server: 95.211.84.164:6567 * Server Password: * Username: XP-2195 * Nickname: [SI|DEU|00|P|04611] * Channel: #canal1# (Password: c1rc0s0leil) * Channeltopic: :- Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Ci Servs” = Sontiwin.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “Ci Servs” = Sontiwin.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:updbin.exe” = c:updbin.exe:*:Enabled:Ci Servs HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” =

zero.translate-google-content.com(30k net)

zero.translate-google-content.com 8888 radio.mody.biz 8888 Resolved : [zero.translate-google-content.com] To [173.234.65.32] Resolved : [radio.mody.biz] To [173.234.65.0] There are 0 users and 29967 invisible on 3 servers channels formed I have 5 clients and 0 servers – Current Local Users: 5 Max: 29983 Current Global Users: 29967 Max: 30149 chanels: ##RaSTi25-s## #1# #2# #3# #chan1 #chan2 OgarD changes

210.170.62.106

Remote Host Port Number 208.50.81.138 80 208.50.81.144 80 208.50.81.160 80 208.50.81.161 80 216.178.38.168 80 63.135.80.58 80 63.135.86.23 80 63.135.86.37 80 64.208.138.220 80 64.236.79.122 80 210.170.62.106 2345 PASS xxx MODE NEW-[USA|00|P|57813] -ix JOIN #!gf! test NICK NEW-[USA|00|P|57813] USER XP-1197 * 0 :COMPUTERNAME PONG irc.priv8net.com * The data identified by the following URLs was then requested from

92.243.0.110

Remote Host Port Number 92.243.0.110 4949 PASS Virus NICK VirUs-eduzfbbr USER VirUs “” “duf” : 8Coded 8VirUs.. JOIN #FEB4# Virus * The following directories were created: o c:NORTON o c:NORTONU-34543ANTI-9998887776-23234532-565 Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{64KLC5K0-4OPM-00WE-AAX8-27EF1D183366} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{64KLC5K0-4OPM-00WE-AAX8-27EF1D183366}] +