Month: November 2010

DNS Lookup Host Name IP Address yaritsme.no-ip.biz 173.244.219.84 api.ipinfodb.com 67.212.74.82 Download URLs http://67.212.74.82/v2/ip_query_country.php?key=86c9c734428c1230cba1356dcf99dc882bc229bf93fbd6491db4e8776d6d9a88&timezone=off (api.ipinfodb.com) Outgoing connection to remote server: yaritsme.no-ip.biz port 3080 Outgoing connection to remote server: api.ipinfodb.com TCP port 80 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerrun “Svihostupdater” = C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Svihostupdater” = C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Svihostupdater” =Read more...

DNS Lookup Host Name IP Address 26062009.no-ip.org 190.159.129.100 Outgoing connection to remote server: 26062009.no-ip.org TCP port 1111 Outgoing connection to remote server: 26062009.no-ip.org TCP port 1112 Outgoing connection to remote server: 26062009.no-ip.org TCP port 1112 Outgoing connection to remote server: 26062009.no-ip.org TCP port 1112 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareVB andRead more...

Remote Host Port Number 173.193.205.116 8014 193.143.121.198 80 200.234.203.76 80 69.163.250.145 80 69.50.197.244 80 78.46.49.226 80 85.17.94.148 80 89.238.149.67 80 92.241.184.111 80 91.203.146.65 7276 ircd here USER gtsufeod gtsufeod gtsufeod :ygzhjngb NICK aSFamvBfc MODE aSFamvBfc +xi JOIN #maxi USERHOST aSFamvBfc PONG :lols.nope.com MODE #maxi +smntu Now talking in #maxi Topic On: [ #maxi ] [Read more...

Remote Host Port Number 72.20.30.114 2265 NICK [USA-0142-XP] USER 0522020 “” “lol” :0522020 JOIN #wiiwii PONG :MrWiiWii.IRC.NET Remote Host Port Number 72.20.30.114 2232 USER BAIO 8 * :Blackout AIO IRC Bot NICK [COMPUTERNAME]952 JOIN #wiiwii PONG :MrWiiWii.IRC.NET (MoDz) !login #wiiwii ([ESP-2151-XP]) Hai BoSS! ([USA-7671-VIS]) Hai BoSS! (MoDz) !version ([ESP-2151-XP]) VanaDiuM iRC BOT v1.3.0. ([USA-7671-VIS]) VanaDiuMRead more...

Resolved : [XxX.Bo7MoD.Net] To [206.41.117.171] XxX.Bo7MoD.Net 3211 chanbot = #g Now talking in #g Topic On: [ #g ] [ !clear ] Topic By: [ A ]

DNS Lookup Host Name IP Address server1.unibaq.com ip.ipwhois.org.uk 195.3.145.182 dell-d3e62f7e26 10.1.7.2 UDP Connections Remote IP Address: Port: 7006 Send Datagram: packet(s) of size 7 Recv Datagram: 1866 packet(s) of size 0 Remote IP Address: 195.3.145.182 Port: 7006 Send Datagram: packet(s) of size 7 Send Datagram: 5 packet(s) of size 3 Send Datagram: packet(s) of sizeRead more...

DNS Lookup Host Name IP Address 0 127.0.0.1 institutoterra.org.br institutoterra.org.br 200.234.200.152 UDP Connections Remote IP Address: 127.0.0.1 Port: 1060 Send Datagram: 1495 packet(s) of size 1 Recv Datagram: 1495 packet(s) of size 1 Download URLs http://200.234.200.152/js/gtec.jpg (institutoterra.org.br) http://200.234.200.152/js/mtec.jpg (institutoterra.org.br) Outgoing connection to remote server: institutoterra.org.br TCP port 80 Outgoing connection to remote server: institutoterra.org.br TCPRead more...

load kernel drivers to hide activity Registry Changes by all processes Create or Open Changes Reads HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DisableUNCCheck” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “EnableExtensions” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DelayedExpansion” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DefaultColor” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “CompletionChar” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “PathCompletionChar” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “AutoRun” HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DisableUNCCheck” HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “EnableExtensions” HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DelayedExpansion” HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DefaultColor” HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “CompletionChar” HKEY_CURRENT_USERSoftwareMicrosoftCommandRead more...

Remote Host Port Number 109.169.40.186 9600 PASS (null) NICK {N}|USA|XP|COMPUTERNAME|615267 USER ktzwiz “” “ntfj” :COMPUTERNAME JOIN #baddy PRIVMSG #baddy :New Servant. Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Live Firawall = “%ProgramFiles%winlogon.exe” + UserFaultCheck = “%System%dumprep 0 -u” so that winlogon.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] +Read more...

DNS Lookup Host Name IP Address 0 127.0.0.1 vidaboa2009.pochta.ru vidaboa2009.pochta.ru 194.186.88.37 mt-canete.sites.uol.com.br mt-canete.sites.uol.com.br 200.147.33.17 UDP Connections Remote IP Address: 127.0.0.1 Port: 1183 Send Datagram: 2451 packet(s) of size 1 Recv Datagram: 2451 packet(s) of size 1 Download URLs http://194.186.88.37/borlndmm.dll (vidaboa2009.pochta.ru) http://194.186.88.37/expressos.cfg (vidaboa2009.pochta.ru) http://200.147.33.17/USB.txt (mt-canete.sites.uol.com.br) http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br) http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br) http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br) http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br) http://200.147.33.17/USB.txt (mt-canete.sites.uol.com.br) http://200.147.33.17/secdemo.txtRead more...