Remote Host Port Number
67.210.170.178 4676
USER dpvaji dpvaji dpvaji :gcgdshoooukvmzmx
NICK d[TjTDCXB]b
Other details
* The following port was open in the system:
Port Protocol Process
1055 TCP winamp.exe (%System%winamp.exe)
Registry Modifications
* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Winamp Agent = “%System%winamp.exe”
so that winamp.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
winamp.exe %System%winamp.exe 77 824 bytes
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 %System%bghb.bat 120 bytes MD5: 0x2A58B76D232E852A9332DE132FA59030
SHA-1: 0x7003C9B6F38AA74E554EB2C06E93EEC8A1294D8F (not available)
2 %System%obiaku.bat 122 bytes MD5: 0xA1B944665DF17574A0FE023FED75B763
SHA-1: 0x5550A6715A10666D01569655166DC8C928842C9A (not available)
3 %System%winamp.exe 95 744 bytes MD5: 0x19AD756AF282A3AF98DC50F3C40E51B0
SHA-1: 0xCB9CDB763C9B98DBF2016F47D30E4DA02D9E22EC Net-Worm.Spybot [PCTools]
W32.Spybot.Worm [Symantec]
P2P-Worm.Win32.Palevo.tsk [Kaspersky Lab]
W32/Palevo [McAfee]
Mal/Resdro-A [Sophos]
Backdoor:Win32/Rbot.RY [Microsoft]
P2P-Worm.Win32.Palevo [Ikarus]
Win-Trojan/Agent.95744.DJ [AhnLab]