Search
Keyword: irc generic
following mutexes to ensure that only one of its copies runs at any one time: 0ze2thz285hezj1hG42 Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}n.{BLOCKED}eople.net It
copy. Backdoor Routine This Worm connects to any of the following IRC server(s): w4h{BLOCKED}3488h.net 39f{BLOCKED}ewhd.net 489{BLOCKED}deem.net a{BLOCKED}m.in However, as of this writing, the said sites
of the following IRC server(s): irc.{BLOCKED}ini.net HOSTS File Modification This worm modifies the affected system's HOSTS files to prevent a user from accessing the following websites:
files. It avoids infecting files that contain the following strings in their names: PSTO WC32 WCUN WINC Backdoor Routine This file infector connects to any of the following IRC server(s):
" Backdoor Routine This file infector connects to any of the following IRC server(s): {BLOCKED}c.{BLOCKED}ef.pl HOSTS File Modification This file infector adds the following strings to the Windows HOSTS file:
worm connects to any of the following IRC server(s): {BLOCKED}r.ircdevils.net
removable drives: {removable drive letter}:\{computer name}\{computer name}\{computer name}\hjd.exe Backdoor Routine This worm connects to any of the following IRC server(s): up.{BLOCKED}ays.in up.{BLOCKED
Backdoor Routine This worm connects to any of the following Internet Relay Chat (IRC) servers: s27.{BLOCKED}ids.su It joins any of the following IRC channel(s): ##ops It executes the following commands from
Monitor 3\netmon.exe WinPcap\rpcapd.exe WireShark\rawshark.exe It connects to a remote IRC server where it receives the following commands from a remote malicious user: down_exec IM IMSTOP start-scan
does not infect files with certain characteristics. It also searches for target script files for iframe infection. Infected script files are detected as HTML_IFRAME.SMV. It connects to certain IRC
does not infect files with certain characteristics. It also searches for target script files for iframe infection. Infected script files are detected as HTML_IFRAME.SMV. It connects to certain IRC
automated analysis system. Backdoor:Win32/Bifrose.FL (Microsoft); BackDoor-CEP.svr (McAfee); IRC Trojan (Symantec); Trojan.Win32.Buzus.vc (Kaspersky); Trojan.Win32.Generic.pak!cobra (Sunbelt); ERROR (FSecure)
automated analysis system. Backdoor:Win32/Bifrose.gen!C (Microsoft); IRC Trojan (Symantec); Trojan.Win32.Buzus.Gen (Sunbelt); Trojan horse BackDoor.Generic9.AEGJ (AVG)
\svchost.exe Backdoor Routine This backdoor opens the following ports: 6667 It connects to any of the following Internet Relay Chat (IRC) servers: xxxxxtsghxxxxx.info It joins any of the following IRC channel(s
Create/Terminate Processes Create/Terminate/Scan Thread Join IRC Send Private Messages Delete Files Download Files Download Routine This Trojan accesses websites to download the following files:
{645FF040-5081-101B-9F08-00AA002F954E}\tmpmon-t829058.xtc ;garbage characters useautoplay=1 ;garbage characters Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}-0.level4-co2-as30938.su {BLOCKED
View list of processes running on the system Bind standard input/output of the command interpreter to assigned TCP port Bind standard input/ output of the command interpreter to data from certain IRC
View list of processes running on the system Bind standard input/output of the command interpreter to assigned TCP port Bind standard input/ output of the command interpreter to data from certain IRC
(McAfee); IRC Trojan (Symantec); Trojan-Spy.Win32.Delf.uo (Kaspersky); BehavesLike.Win32.Malware.eah (mx-v) (Sunbelt); Trojan horse PSW.Generic4.UTB (AVG)
Chat (IRC) servers: {BLOCKED}5.{BLOCKED}8.5.139 It joins any of the following IRC channel(s): #ng Other Details This worm connects to the following URL(s) to get the affected system's IP address: