Search
Keyword: IRC_Generic
30597 Total Search |
Showing Results : 1 - 20
\ open\ddeexec\Application HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Cl4sses\ irc HKEY_LOCAL_MACHINE\Software
\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE
\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ command HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\GCI HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3 HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3\IRC HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3\ICQ It adds the following registry entries:
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE
\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ command HKEY_LOCAL_MACHINE\Software\Classes
\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ command HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ ddeexec HKEY_LOCAL_MACHINE
" "winpass" "main" "lan" "internet" "intranet" "student" "teacher" "staff" Backdoor Routine This worm connects to any of the following IRC server(s): oak.{BLOCKED}me.net {BLOCKED}.{BLOCKED}.179.100 ringc.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
propagate across networks: Vulnerability in Server Service Could Allow Remote Code Execution (958644) NOTES: This malware connects to a remote IRC server, once connected, it joins an IRC channel where it
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
Routine This worm connects to any of the following Internet Relay Chat (IRC) servers: {BLOCKED}.us.dal.net It adds an IRC script that automatically sends the following messages to everyone who accesses the
removable drives: {removable drive letter}:\{computer name}\{computer name}\{computer name}\hjd.exe Backdoor Routine This worm connects to any of the following IRC server(s): up.{BLOCKED}ays.in up.{BLOCKED
when accessing its IRC server: NICK: zwin-{random value}|{random number}| NOTES: This backdoor joins an IRC server where it sends and receives its backdoor commands: ddos.cat IRC Network It connects to
following port(s) where it listens for remote commands: 1866 It connects to any of the following IRC server(s): http://{BLOCKED}ution.nicaze.net It accesses a remote Internet Relay Chat (IRC) server where it
\wintask.exe (Note: %Windows% is the Windows folder, which is usually C:\Windows.) This report is generated via an automated analysis system. Backdoor:IRC/Evilbot (Microsoft); BackDoor-OG (McAfee); IRC Trojan
of the following IRC server(s): irc.{BLOCKED}ini.net HOSTS File Modification This worm modifies the affected system's HOSTS files to prevent a user from accessing the following websites:
following IRC server(s): irc.{BLOCKED}e.com NOTES: This worm drops copies of itself in the following folders used in peer-to-peer networks: {folder path}\kazaa\my shared folder\ {folder path}\kazaa lite\my
VirTool:Win32/DelfInject.gen!X (Microsoft); BackDoor-DOQ.gen.w (McAfee); IRC Trojan (Symantec); Packed.Win32.CPEX-based.d (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt); Trojan.IRC (FSecure)