Vektor
2009-08-06
21:19:07
|
| Quote | I edited your post and I censored your links because links to trojans are not allowed on this forum. Next time use the report form instead, it sends a message to our opchat private for TE network members only.
Yahoo ID Locker v1.2.0.exe is the same trojan I posted info about before, it connects to irc://hashcheri.elitte-squad.ro:1111/#cluj .
All other .exe's are the same trojan written in VB (compiled: C:\Users\Tiberius\Desktop\hwu\hwu.vbp) , a trojan that saves %windir%\winservice.exe and %windir%\mswinsck.ock and adds itself to startup (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run). The botnet server is a DC hub, shadowhub.dyndns.org:6575 , bots have this prefix: #(-xShut-)- (example: #(-xShut-)-EeEPJcKh ) and this $MyINFO: $MyINFO $ALL mp3 <++ V:0.699,M:A,H:3/4/4,S:15> � $ $LAN(T1)�$$ � $| (example: $MyINFO $ALL #(-xShut-)-EeEPJcKh mp3 <++ V:0.699,M:A,H:3/4/4,S:15>$ $LAN(T1)�$$57879367894$| ).
BTW I found DDoS bots in dchub://dchub.hacker.lv:4012 with your IP sending $CTM's with a te-home.net address in them.
| dchub.hacker.lv:4012 wrote: | [01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111
[01:28] Connection request from ophub.te-home.net:41111 |
|
| Quote: | | [01:29] <OpChat> REPORT: user 'gfdgfdgdfgfd' IP= '81.196.95.96' HOST='' Reason='flooder'. |
|
| dchub.hacker.lv:4012 wrote: | [01:30] <-=Drakonyich=-> is kicking gfdgfdgdfgfd because: Relax, man ! _ban_1w
[01:31] <-=Drakonyich=-> is kicking gfdhfghfghgf because: Relax, man ! _ban_1w
[01:31] <-=Drakonyich=-> is kicking gfhfgh because: Relax, man ! _ban_1w
[01:31] <-=Drakonyich=-> is kicking fdhgfhgfhgf because: Relax, man ! _ban_1w
[01:32] <-=Drakonyich=-> is kicking fghrtytry because: Relax, man ! _ban_1w
[01:32] <-=Drakonyich=-> is kicking fdgert because: Relax, man ! _ban_1w
[01:32] <-=Drakonyich=-> is kicking gfdhfghgf because: Relax, man ! _ban_1w
[01:33] <-=Drakonyich=-> is kicking sfgfdgfdgdf because: Relax, man ! _ban_1w
[01:33] <-=Drakonyich=-> is kicking gfdhgfghgf because: Relax, man ! _ban_1w
[01:33] <-=Drakonyich=-> is kicking gfdghdfhfghgf because: Relax, man ! an_1w
[01:34] <-=Drakonyich=-> is kicking fghrty because: Relax, man ! _ban_1w
[01:35] <-=Drakonyich=-> is kicking gsdfgfdhggf because: Relax, man ! _ban_1w
[01:35] <-=Drakonyich=-> is kicking gfdhgfhfhgf because: Relax, man ! _ban_1w
[01:35] <-=Drakonyich=-> is kicking ertert because: Relax, man ! _ban_1w
[01:35] <-=Drakonyich=-> is kicking dfgdfg because: Relax, man ! _ban_1w
[01:36] <-=Drakonyich=-> is kicking asdqwe because: Relax, man ! _ban_1w
[01:36] <-=Drakonyich=-> is kicking wqeqwe because: Relax, man ! _ban_1w
[01:36] <-=Drakonyich=-> is kicking tryrty because: Relax, man ! _ban_1w
[01:36] <-=Drakonyich=-> is kicking fghrtyhg because: Relax, man ! _ban_1w |
|
Did you wrote those nicks manually? Don't answer to that. I banned your IP (81.196.95.96) and I deleted your account. However, I'm not gonna ban a good anonymizer as Tor because of a fool who uses DDoS bots. I'm sure you'll use it to read my response as you used it to register this account and to post this message.
As I said to someone on this forum, Tor can hide your IP but it cannot hide your stupidity. |
|
