Remote Host Port Number
217.70.188.30 3211
92.243.28.194 3211
95.142.163.184 3211
95.142.168.229 3211
USER VirUs “” “lol” :9813
NICK [USA][XP-SP2]315437
USER VirUs “” “lol” :7634
NICK [USA][XP-SP2]900959
USER VirUs “” “lol” :4049
NICK [USA][XP-SP2]032172
NICK [USA][XP-SP2]456089
USER VirUs “” “lol” :1467
NICK [USA][XP-SP2]687424
USER VirUs “” “lol” :6389
NICK [USA][XP-SP2]442067
USER VirUs “” “lol” :7908
NICK {NEW}[USA][XP-SP2]840515
NICK [USA][XP-SP2]850590
USER VirUs “” “lol” :1280
USER VirUs “” “lol” :1650
NICK [USA][XP-SP2]715179
USER VirUs “” “lol” :1926
NICK [USA][XP-SP2]517794
USER VirUs “” “lol” :1204
NICK [USA][XP-SP2]067432
USER VirUs “” “lol” :6317
JOIN #sWv6# VrX
NICK {NEW}[USA][XP-SP2]096612
USER VirUs “” “lol” :1717
NICK [USA][XP-SP2]356755
USER VirUs “” “lol” :2106
JOIN #sWv5# VrX
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows DriverUpdate = “%Temp%sWv6.exe”
so that sWv6.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Windows DriverUpdate = “%Temp%sWv6.exe”
so that sWv6.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
sWv6.exe %Temp%swv6.exe 61,440 bytes
infos about hosting:
http://whois.domaintools.com/95.142.168.229
http://whois.domaintools.com/92.243.28.194
http://whois.domaintools.com/217.70.188.30
monsieur sarkozy doit ouvrir les yeux car son governement a fait sortir la loi contre le p2p et de l’autre cote les botnets sont heberge en france c’est ridicule