[unisog] anyone else seeing lots of popup spam/malware?

Michael Ligh michael.hale at gmail.com
Wed Oct 26 17:00:17 GMT 2005


Hello,

I see hundreds of these daily, but not exactly as others experience them.
For example, the ones I see don't have a SRC port of 0. I'm also only
surveying a single IP address, rather than a whole network. Here are a few
from this morning:

Oct 26 08:00:57 fire kernel: IPTABLES DROP (IN): IN=eth1 OUT=
MAC=00:04:5a:7f:16:bb:00:0d:66:27:34:54:08:00
SRC=38.130.127.188<http://38.130.127.188>DST=
24.2.153.164 <http://24.2.153.164> LEN=819 TOS=0x00 PREC=0x20 TTL=113
ID=26936 PROTO=UDP SPT=26959 DPT=1026 LEN=799
Oct 26 08:11:44 fire kernel: IPTABLES DROP (IN): IN=eth1 OUT=
MAC=00:04:5a:7f:16:bb:00:0d:66:27:34:54:08:00
SRC=38.130.32.161<http://38.130.32.161>DST=
24.2.153.164 <http://24.2.153.164> LEN=1080 TOS=0x00 PREC=0x20 TTL=113
ID=25342 PROTO=UDP SPT=4724 DPT=1026 LEN=1060
Oct 26 08:39:42 fire kernel: IPTABLES DROP (IN): IN=eth1 OUT=
MAC=00:04:5a:7f:16:bb:00:0d:66:27:34:54:08:00
SRC=38.130.147.15<http://38.130.147.15>DST=
24.2.153.164 <http://24.2.153.164> LEN=1080 TOS=0x00 PREC=0x20 TTL=113
ID=25397 PROTO=UDP SPT=30436 DPT=1026 LEN=1060

Out of, say, 250 per day, a good 95% would be from a host (noting the
earlier remark that these are likely forged) from the 38.130/16 network. The
most common similarity is the payload, which points the user to
registrycleaner32.com <http://registrycleaner32.com>,
registrycleanerxp.com<http://registrycleanerxp.com>,
registrycleanergold.com <http://registrycleanergold.com>, etc. I attached a
small sample of the captures from a few weeks ago.

On 10/26/05, John Rowan Littell <littejo at earlham.edu> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Lo, Russell Fulton and the teakettle whistled in unison:
>
> > Over the last couple of weeks we have noticed an increasing amount of
> > UDP traffic with a source port of 0 and destination port of 102x (
> > x=5,6) packets are always a variation of this:
> [snip]
>
> Upon looking at our Argus logs, I do see a number of these. I can't
> confirm the payload, since I have Argus set to ignore that, but all
> the other characteristics match.
>
> Today I see about 100 unique source addresses for UDP port 0 packets
> coming
> in to our /16 and not quite 200 destination addresses, all corresponding
> to
> 102[4,5]. This out of around 1700 packets. I'm seeing a little more
> interleaving of different source IPs in the bursts -- during a typical
> burst of a few seconds length I see 2-3 source addresses trying a
> number of destination addresses (say, 20) on both destination ports.
> Bursts seem to come just over every 10 minutes and last no more than 2
> seconds. In fact, yesterday's bursts seem to have been targeting just
> one /24 subnet in our space; today they seem to have expanded to
> include a second /24 of ours.
>
> Is there any good reason not to block UDP port 0 packets on general
> principle?
>
> --rowan
>
> - --
> John "Rowan" Littell
> Systems Administrator
> Earlham College Computing Services
> http://www.earlham.edu/~littejo/
> 2005-10-26 09:50
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (Darwin)
> Comment: http://www.earlham.edu/~littejo/littejo.asc
>
> iQCVAwUBQ1+eVJdUNSJ2nf/5AQEKOQP+LKIGJ3S++NcrbOlxTHhHCjiH5Z2qG4Ms
> T/BuwKJuz6KIrxohb/YmlZhFPCDAE45d5hRnNG59gT1sJOCt5iWpMa/yilcO25aO
> xMM+rmjBU8hL/G4jRT15n/TDbQqxUUK7zrJxWC1zX6OBVw1L2RM1qCjF9BIp+f39
> Pk/Apj9Nbkw=
> =gkS3
> -----END PGP SIGNATURE-----
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20051026/523926c4/attachment-0001.htm
-------------- next part --------------
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2005.10.26 12:44:12 =~=~=~=~=~=~=~=~=~=~=~=
cat 38130
10/09-12:48:48.256403 38.130.223.20:25808 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:9524 IpLen:20 DgmLen:677
Len: 649
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC D3 2A 00 6D 4D 84 78 F0  ....O....*.mM.x.
A8 67 64 36 94 32 72 B3 00 00 00 00 01 00 00 00  .gd6.2r.........
00 00 00 00 00 00 FF FF FF FF 39 02 00 00 00 00  ..........9.....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
ED 01 00 00 00 00 00 00 ED 01 00 00 43 72 69 74  ............Crit
69 63 61 6C 20 53 79 73 74 65 6D 20 45 72 72 6F  ical System Erro
72 21 0D 0A 0D 0A 54 68 65 20 4D 69 63 72 6F 73  r!....The Micros
6F 66 74 20 57 69 6E 64 6F 77 73 20 72 65 67 69  oft Windows regi
73 74 72 79 20 61 70 70 65 61 72 73 20 74 6F 20  stry appears to 
62 65 20 69 6E 66 65 63 74 65 64 20 61 6E 64 2F  be infected and/
6F 72 20 63 6F 72 72 75 70 74 65 64 2E 0D 0A 50  or corrupted...P
6C 65 61 73 65 20 67 6F 20 74 6F 20 74 68 65 20  lease go to the 
4D 69 63 72 6F 73 6F 66 74 20 52 65 67 69 73 74  Microsoft Regist
72 79 20 52 65 70 61 69 72 20 74 6F 6F 6C 20 61  ry Repair tool a
74 20 77 77 77 2E 6D 73 72 65 67 69 73 74 72 79  t www.msregistry
63 6C 65 61 6E 65 72 2E 63 6F 6D 20 74 6F 20 73  cleaner.com to s
63 61 6E 20 61 6E 64 20 72 65 70 61 69 72 20 74  can and repair t
68 65 20 73 79 73 74 65 6D 20 72 65 67 69 73 74  he system regist
72 79 2E 0D 0A 0D 0A 55 52 4C 3A 20 77 77 77 2E  ry.....URL: www.
6D 73 72 65 67 69 73 74 72 79 63 6C 65 61 6E 65  msregistrycleane
72 2E 63 6F 6D 0D 0A 53 65 76 65 72 69 74 79 3A  r.com..Severity:
20 45 78 74 72 65 6D 65 0D 0A 53 79 6D 70 74 6F   Extreme..Sympto
6D 73 3A 20 4D 65 73 73 61 67 65 73 20 73 75 63  ms: Messages suc
68 20 61 73 20 74 68 65 73 65 2C 20 61 73 20 77  h as these, as w
65 6C 6C 20 61 73 20 62 75 66 66 65 72 20 6F 76  ell as buffer ov
65 72 66 6C 6F 77 20 65 78 70 6C 6F 69 74 20 61  erflow exploit a
6C 6C 6F 77 69 6E 67 20 6D 61 6C 69 63 69 6F 75  llowing maliciou
73 20 75 73 65 72 73 20 74 6F 20 67 61 69 6E 20  s users to gain 
61 63 63 65 73 73 20 74 6F 20 79 6F 75 72 20 63  access to your c
6F 6D 70 75 74 65 72 2E 0D 0A 0D 0A 43 75 72 65  omputer.....Cure
3A 20 44 6F 77 6E 6C 6F 61 64 20 74 68 65 20 73  : Download the s
63 61 6E 6E 65 72 20 61 6E 64 20 61 6C 6C 6F 77  canner and allow
20 69 74 20 74 6F 20 63 6C 65 61 6E 20 61 6E 64   it to clean and
20 72 65 70 61 69 72 20 79 6F 75 72 20 4D 69 63   repair your Mic
72 6F 73 6F 66 74 20 57 69 6E 64 6F 77 73 20 72  rosoft Windows r
65 67 69 73 74 72 79 2E 00                       egistry..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-12:53:50.000829 38.130.212.138:27214 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:65197 IpLen:20 DgmLen:661
Len: 633
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 2E 2F 77 99 5A D4 F9 2D  ....O..../w.Z..-
75 FC C0 85 54 A0 B5 45 00 00 00 00 01 00 00 00  u...T..E........
00 00 00 00 00 00 FF FF FF FF 29 02 00 00 00 00  ..........).....
0C 00 00 00 00 00 00 00 0C 00 00 00 4D 53 20 52  ............MS R
65 67 69 73 74 72 79 00 0C 00 00 00 00 00 00 00  egistry.........
0C 00 00 00 57 69 6E 64 6F 77 73 20 55 73 65 00  ....Windows Use.
ED 01 00 00 00 00 00 00 ED 01 00 00 43 72 69 74  ............Crit
69 63 61 6C 20 53 79 73 74 65 6D 20 45 72 72 6F  ical System Erro
72 21 0D 0A 0D 0A 54 68 65 20 4D 69 63 72 6F 73  r!....The Micros
6F 66 74 20 57 69 6E 64 6F 77 73 20 72 65 67 69  oft Windows regi
73 74 72 79 20 61 70 70 65 61 72 73 20 74 6F 20  stry appears to 
62 65 20 69 6E 66 65 63 74 65 64 20 61 6E 64 2F  be infected and/
6F 72 20 63 6F 72 72 75 70 74 65 64 2E 0D 0A 50  or corrupted...P
6C 65 61 73 65 20 67 6F 20 74 6F 20 74 68 65 20  lease go to the 
4D 69 63 72 6F 73 6F 66 74 20 52 65 67 69 73 74  Microsoft Regist
72 79 20 52 65 70 61 69 72 20 74 6F 6F 6C 20 61  ry Repair tool a
74 20 77 77 77 2E 6D 73 72 65 67 69 73 74 72 79  t www.msregistry
63 6C 65 61 6E 65 72 2E 63 6F 6D 20 74 6F 20 73  cleaner.com to s
63 61 6E 20 61 6E 64 20 72 65 70 61 69 72 20 74  can and repair t
68 65 20 73 79 73 74 65 6D 20 72 65 67 69 73 74  he system regist
72 79 2E 0D 0A 0D 0A 55 52 4C 3A 20 77 77 77 2E  ry.....URL: www.
6D 73 72 65 67 69 73 74 72 79 63 6C 65 61 6E 65  msregistrycleane
72 2E 63 6F 6D 0D 0A 53 65 76 65 72 69 74 79 3A  r.com..Severity:
20 45 78 74 72 65 6D 65 0D 0A 53 79 6D 70 74 6F   Extreme..Sympto
6D 73 3A 20 4D 65 73 73 61 67 65 73 20 73 75 63  ms: Messages suc
68 20 61 73 20 74 68 65 73 65 2C 20 61 73 20 77  h as these, as w
65 6C 6C 20 61 73 20 62 75 66 66 65 72 20 6F 76  ell as buffer ov
65 72 66 6C 6F 77 20 65 78 70 6C 6F 69 74 20 61  erflow exploit a
6C 6C 6F 77 69 6E 67 20 6D 61 6C 69 63 69 6F 75  llowing maliciou
73 20 75 73 65 72 73 20 74 6F 20 67 61 69 6E 20  s users to gain 
61 63 63 65 73 73 20 74 6F 20 79 6F 75 72 20 63  access to your c
6F 6D 70 75 74 65 72 2E 0D 0A 0D 0A 43 75 72 65  omputer.....Cure
3A 20 44 6F 77 6E 6C 6F 61 64 20 74 68 65 20 73  : Download the s
63 61 6E 6E 65 72 20 61 6E 64 20 61 6C 6C 6F 77  canner and allow
20 69 74 20 74 6F 20 63 6C 65 61 6E 20 61 6E 64   it to clean and
20 72 65 70 61 69 72 20 79 6F 75 72 20 4D 69 63   repair your Mic
72 6F 73 6F 66 74 20 57 69 6E 64 6F 77 73 20 72  rosoft Windows r
65 67 69 73 74 72 79 2E 00                       egistry..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-13:17:01.541058 38.130.72.124:20734 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:30516 IpLen:20 DgmLen:1079
Len: 1051
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 29 65 0B BF CB 43 9B 32  ....O...)e...C.2
61 B0 D7 3D A3 21 7F DB 00 00 00 00 01 00 00 00  a..=.!..........
00 00 00 00 00 00 FF FF FF FF CB 03 00 00 00 00  ................
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
7F 03 00 00 00 00 00 00 7F 03 00 00 57 49 4E 44  ............WIND
4F 57 53 20 45 52 52 4F 52 20 4D 45 53 53 41 47  OWS ERROR MESSAG
45 20 2D 20 52 45 47 49 53 54 52 59 20 44 41 4D  E - REGISTRY DAM
41 4E 47 45 44 0D 0A 0D 0A 0D 0A 59 6F 75 72 20  ANGED......Your 
57 69 6E 64 6F 77 73 20 72 65 67 69 73 74 72 79  Windows registry
20 69 73 20 63 6F 72 72 75 70 74 65 64 20 61 6E   is corrupted an
64 20 6E 65 65 64 73 20 74 6F 20 62 65 20 63 6C  d needs to be cl
65 61 6E 65 64 20 69 6D 6D 65 64 69 61 74 65 6C  eaned immediatel
79 2E 0D 0A 0D 0A 0D 0A 43 6F 6D 70 72 6F 6D 69  y.......Compromi
73 65 64 20 72 65 67 69 73 74 72 79 20 66 69 6C  sed registry fil
65 73 20 63 61 6E 20 6C 65 61 64 20 74 6F 20 74  es can lead to t
68 65 20 66 6F 6C 6C 6F 77 69 6E 67 3A 0D 0A 0D  he following:...
0A 31 2E 20 43 6F 6D 70 6C 65 74 65 20 61 63 63  .1. Complete acc
65 73 73 20 6F 66 20 79 6F 75 72 20 50 43 20 62  ess of your PC b
79 20 68 61 63 6B 65 72 73 0D 0A 32 2E 20 53 6C  y hackers..2. Sl
6F 77 20 73 70 65 65 64 73 20 72 65 73 75 6C 74  ow speeds result
69 6E 67 20 69 6E 20 73 6C 6F 77 20 64 6F 77 6E  ing in slow down
6C 6F 61 64 73 20 6F 66 20 69 6E 74 65 72 6E 65  loads of interne
74 20 66 69 6C 65 73 0D 0A 33 2E 20 54 68 65 20  t files..3. The 
63 6F 6D 70 72 6F 6D 69 73 65 20 6F 66 20 70 65  compromise of pe
72 73 6F 6E 61 6C 20 69 6E 66 6F 72 6D 61 74 69  rsonal informati
6F 6E 20 73 74 6F 72 65 64 20 6F 6E 20 79 6F 75  on stored on you
72 20 63 6F 6D 70 75 74 65 72 0D 0A 34 2E 20 43  r computer..4. C
6F 6D 70 6C 65 74 65 20 73 79 73 74 65 6D 20 66  omplete system f
61 69 6C 75 72 65 20 72 65 73 75 6C 74 69 6E 67  ailure resulting
20 69 6E 20 74 68 65 20 6E 65 65 64 20 66 6F 72   in the need for
20 61 20 63 6F 6D 70 6C 65 74 65 20 72 65 69 6E   a complete rein
73 74 61 6C 6C 20 6F 66 20 79 6F 75 72 20 68 61  stall of your ha
72 64 20 64 72 69 76 65 2E 0D 0A 0D 0A 54 6F 20  rd drive.....To 
66 69 78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D  fix this problem
3A 0D 0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74  :....1. Open Int
65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A  ernet Explorer..
32 2E 20 49 6E 20 74 68 65 20 55 52 4C 20 46 69  2. In the URL Fi
65 6C 64 20 74 79 70 65 20 2D 20 20 77 77 77 2E  eld type -  www.
72 65 67 69 73 74 72 79 63 6C 65 61 6E 65 72 78  registrycleanerx
70 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  p.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65 61  www.registryclea
6E 65 72 78 70 2E 63 6F 6D 20 61 6E 64 20 69 6E  nerxp.com and in
73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C 65 61  stall the ..clea
6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F 75 20  ner program you 
77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69 76 65  will not receive
20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69 6E 64   any more remind
65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73 20 6C  ers or pop-ups l
69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D 0A 0D  ike this one....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .               
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65   www.registrycle
61 6E 65 72 78 70 2E 63 6F 6D 00                 anerxp.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-13:52:19.612785 38.130.102.194:8433 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:17604 IpLen:20 DgmLen:1080
Len: 1052
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC D2 F8 8B A2 3D BA D1 4C  ....O.......=..L
AE BE F1 99 E0 AC 38 12 00 00 00 00 01 00 00 00  ......8.........
00 00 00 00 00 00 FF FF FF FF CC 03 00 00 00 00  ................
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
80 03 00 00 00 00 00 00 80 03 00 00 57 49 4E 44  ............WIND
4F 57 53 20 45 52 52 4F 52 20 4D 45 53 53 41 47  OWS ERROR MESSAG
45 20 2D 20 52 45 47 49 53 54 52 59 20 44 41 4D  E - REGISTRY DAM
41 4E 47 45 44 0D 0A 0D 0A 0D 0A 59 6F 75 72 20  ANGED......Your 
57 69 6E 64 6F 77 73 20 72 65 67 69 73 74 72 79  Windows registry
20 69 73 20 63 6F 72 72 75 70 74 65 64 20 61 6E   is corrupted an
64 20 6E 65 65 64 73 20 74 6F 20 62 65 20 63 6C  d needs to be cl
65 61 6E 65 64 20 69 6D 6D 65 64 69 61 74 65 6C  eaned immediatel
79 2E 0D 0A 0D 0A 0D 0A 43 6F 6D 70 72 6F 6D 69  y.......Compromi
73 65 64 20 72 65 67 69 73 74 72 79 20 66 69 6C  sed registry fil
65 73 20 63 61 6E 20 6C 65 61 64 20 74 6F 20 74  es can lead to t
68 65 20 66 6F 6C 6C 6F 77 69 6E 67 3A 0D 0A 0D  he following:...
0A 31 2E 20 43 6F 6D 70 6C 65 74 65 20 61 63 63  .1. Complete acc
65 73 73 20 6F 66 20 79 6F 75 72 20 50 43 20 62  ess of your PC b
79 20 68 61 63 6B 65 72 73 0D 0A 32 2E 20 53 6C  y hackers..2. Sl
6F 77 20 73 70 65 65 64 73 20 72 65 73 75 6C 74  ow speeds result
69 6E 67 20 69 6E 20 73 6C 6F 77 20 64 6F 77 6E  ing in slow down
6C 6F 61 64 73 20 6F 66 20 69 6E 74 65 72 6E 65  loads of interne
74 20 66 69 6C 65 73 0D 0A 33 2E 20 54 68 65 20  t files..3. The 
63 6F 6D 70 72 6F 6D 69 73 65 20 6F 66 20 70 65  compromise of pe
72 73 6F 6E 61 6C 20 69 6E 66 6F 72 6D 61 74 69  rsonal informati
6F 6E 20 73 74 6F 72 65 64 20 6F 6E 20 79 6F 75  on stored on you
72 20 63 6F 6D 70 75 74 65 72 0D 0A 34 2E 20 43  r computer..4. C
6F 6D 70 6C 65 74 65 20 73 79 73 74 65 6D 20 66  omplete system f
61 69 6C 75 72 65 20 72 65 73 75 6C 74 69 6E 67  ailure resulting
20 69 6E 20 74 68 65 20 6E 65 65 64 20 66 6F 72   in the need for
20 61 20 63 6F 6D 70 6C 65 74 65 20 72 65 69 6E   a complete rein
73 74 61 6C 6C 20 6F 66 20 79 6F 75 72 20 68 61  stall of your ha
72 64 20 64 72 69 76 65 2E 0D 0A 0D 0A 54 6F 20  rd drive.....To 
66 69 78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D  fix this problem
3A 0D 0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74  :....1. Open Int
65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A  ernet Explorer..
32 2E 20 49 6E 20 74 68 65 20 55 52 4C 20 46 69  2. In the URL Fi
65 6C 64 20 74 79 70 65 20 2D 20 20 77 77 77 2E  eld type -  www.
72 65 67 69 73 74 72 79 63 6C 65 61 6E 65 72 78  registrycleanerx
70 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  p.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65 61  www.registryclea
6E 65 72 78 70 2E 63 6F 6D 20 61 6E 64 20 69 6E  nerxp.com and in
73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C 65 61  stall the ..clea
6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F 75 20  ner program you 
77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69 76 65  will not receive
20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69 6E 64   any more remind
65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73 20 6C  ers or pop-ups l
69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D 0A 0D  ike this one....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .               
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 77 77 77 2E 72 65 67 69 73 74 72 79 63 6C    www.registrycl
65 61 6E 65 72 78 70 2E 63 6F 6D 00              eanerxp.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-13:59:18.609984 38.130.143.103:30791 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:25797 IpLen:20 DgmLen:661
Len: 633
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC A6 8E 49 86 3C 99 47 F6  ....O.....I.<.G.
68 51 72 42 BA C6 3B DE 00 00 00 00 01 00 00 00  hQrB..;.........
00 00 00 00 00 00 FF FF FF FF 29 02 00 00 00 00  ..........).....
0C 00 00 00 00 00 00 00 0C 00 00 00 4D 53 20 52  ............MS R
65 67 69 73 74 72 79 00 0C 00 00 00 00 00 00 00  egistry.........
0C 00 00 00 57 69 6E 64 6F 77 73 20 55 73 65 00  ....Windows Use.
ED 01 00 00 00 00 00 00 ED 01 00 00 43 72 69 74  ............Crit
69 63 61 6C 20 53 79 73 74 65 6D 20 45 72 72 6F  ical System Erro
72 21 0D 0A 0D 0A 54 68 65 20 4D 69 63 72 6F 73  r!....The Micros
6F 66 74 20 57 69 6E 64 6F 77 73 20 72 65 67 69  oft Windows regi
73 74 72 79 20 61 70 70 65 61 72 73 20 74 6F 20  stry appears to 
62 65 20 69 6E 66 65 63 74 65 64 20 61 6E 64 2F  be infected and/
6F 72 20 63 6F 72 72 75 70 74 65 64 2E 0D 0A 50  or corrupted...P
6C 65 61 73 65 20 67 6F 20 74 6F 20 74 68 65 20  lease go to the 
4D 69 63 72 6F 73 6F 66 74 20 52 65 67 69 73 74  Microsoft Regist
72 79 20 52 65 70 61 69 72 20 74 6F 6F 6C 20 61  ry Repair tool a
74 20 77 77 77 2E 6D 73 72 65 67 69 73 74 72 79  t www.msregistry
63 6C 65 61 6E 65 72 2E 63 6F 6D 20 74 6F 20 73  cleaner.com to s
63 61 6E 20 61 6E 64 20 72 65 70 61 69 72 20 74  can and repair t
68 65 20 73 79 73 74 65 6D 20 72 65 67 69 73 74  he system regist
72 79 2E 0D 0A 0D 0A 55 52 4C 3A 20 77 77 77 2E  ry.....URL: www.
6D 73 72 65 67 69 73 74 72 79 63 6C 65 61 6E 65  msregistrycleane
72 2E 63 6F 6D 0D 0A 53 65 76 65 72 69 74 79 3A  r.com..Severity:
20 45 78 74 72 65 6D 65 0D 0A 53 79 6D 70 74 6F   Extreme..Sympto
6D 73 3A 20 4D 65 73 73 61 67 65 73 20 73 75 63  ms: Messages suc
68 20 61 73 20 74 68 65 73 65 2C 20 61 73 20 77  h as these, as w
65 6C 6C 20 61 73 20 62 75 66 66 65 72 20 6F 76  ell as buffer ov
65 72 66 6C 6F 77 20 65 78 70 6C 6F 69 74 20 61  erflow exploit a
6C 6C 6F 77 69 6E 67 20 6D 61 6C 69 63 69 6F 75  llowing maliciou
73 20 75 73 65 72 73 20 74 6F 20 67 61 69 6E 20  s users to gain 
61 63 63 65 73 73 20 74 6F 20 79 6F 75 72 20 63  access to your c
6F 6D 70 75 74 65 72 2E 0D 0A 0D 0A 43 75 72 65  omputer.....Cure
3A 20 44 6F 77 6E 6C 6F 61 64 20 74 68 65 20 73  : Download the s
63 61 6E 6E 65 72 20 61 6E 64 20 61 6C 6C 6F 77  canner and allow
20 69 74 20 74 6F 20 63 6C 65 61 6E 20 61 6E 64   it to clean and
20 72 65 70 61 69 72 20 79 6F 75 72 20 4D 69 63   repair your Mic
72 6F 73 6F 66 74 20 57 69 6E 64 6F 77 73 20 72  rosoft Windows r
65 67 69 73 74 72 79 2E 00                       egistry..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-14:01:29.025105 38.130.9.197:29888 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:30620 IpLen:20 DgmLen:1079
Len: 1051
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 65 4D 0B 86 FC 0E 40 32  ....O...eM.... at 2
37 70 F1 0E 19 CC 2A A3 00 00 00 00 01 00 00 00  7p....*.........
00 00 00 00 00 00 FF FF FF FF CB 03 00 00 00 00  ................
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
7F 03 00 00 00 00 00 00 7F 03 00 00 57 49 4E 44  ............WIND
4F 57 53 20 45 52 52 4F 52 20 4D 45 53 53 41 47  OWS ERROR MESSAG
45 20 2D 20 52 45 47 49 53 54 52 59 20 44 41 4D  E - REGISTRY DAM
41 4E 47 45 44 0D 0A 0D 0A 0D 0A 59 6F 75 72 20  ANGED......Your 
57 69 6E 64 6F 77 73 20 72 65 67 69 73 74 72 79  Windows registry
20 69 73 20 63 6F 72 72 75 70 74 65 64 20 61 6E   is corrupted an
64 20 6E 65 65 64 73 20 74 6F 20 62 65 20 63 6C  d needs to be cl
65 61 6E 65 64 20 69 6D 6D 65 64 69 61 74 65 6C  eaned immediatel
79 2E 0D 0A 0D 0A 0D 0A 43 6F 6D 70 72 6F 6D 69  y.......Compromi
73 65 64 20 72 65 67 69 73 74 72 79 20 66 69 6C  sed registry fil
65 73 20 63 61 6E 20 6C 65 61 64 20 74 6F 20 74  es can lead to t
68 65 20 66 6F 6C 6C 6F 77 69 6E 67 3A 0D 0A 0D  he following:...
0A 31 2E 20 43 6F 6D 70 6C 65 74 65 20 61 63 63  .1. Complete acc
65 73 73 20 6F 66 20 79 6F 75 72 20 50 43 20 62  ess of your PC b
79 20 68 61 63 6B 65 72 73 0D 0A 32 2E 20 53 6C  y hackers..2. Sl
6F 77 20 73 70 65 65 64 73 20 72 65 73 75 6C 74  ow speeds result
69 6E 67 20 69 6E 20 73 6C 6F 77 20 64 6F 77 6E  ing in slow down
6C 6F 61 64 73 20 6F 66 20 69 6E 74 65 72 6E 65  loads of interne
74 20 66 69 6C 65 73 0D 0A 33 2E 20 54 68 65 20  t files..3. The 
63 6F 6D 70 72 6F 6D 69 73 65 20 6F 66 20 70 65  compromise of pe
72 73 6F 6E 61 6C 20 69 6E 66 6F 72 6D 61 74 69  rsonal informati
6F 6E 20 73 74 6F 72 65 64 20 6F 6E 20 79 6F 75  on stored on you
72 20 63 6F 6D 70 75 74 65 72 0D 0A 34 2E 20 43  r computer..4. C
6F 6D 70 6C 65 74 65 20 73 79 73 74 65 6D 20 66  omplete system f
61 69 6C 75 72 65 20 72 65 73 75 6C 74 69 6E 67  ailure resulting
20 69 6E 20 74 68 65 20 6E 65 65 64 20 66 6F 72   in the need for
20 61 20 63 6F 6D 70 6C 65 74 65 20 72 65 69 6E   a complete rein
73 74 61 6C 6C 20 6F 66 20 79 6F 75 72 20 68 61  stall of your ha
72 64 20 64 72 69 76 65 2E 0D 0A 0D 0A 54 6F 20  rd drive.....To 
66 69 78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D  fix this problem
3A 0D 0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74  :....1. Open Int
65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A  ernet Explorer..
32 2E 20 49 6E 20 74 68 65 20 55 52 4C 20 46 69  2. In the URL Fi
65 6C 64 20 74 79 70 65 20 2D 20 20 77 77 77 2E  eld type -  www.
72 65 67 69 73 74 72 79 63 6C 65 61 6E 65 72 78  registrycleanerx
70 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  p.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65 61  www.registryclea
6E 65 72 78 70 2E 63 6F 6D 20 61 6E 64 20 69 6E  nerxp.com and in
73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C 65 61  stall the ..clea
6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F 75 20  ner program you 
77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69 76 65  will not receive
20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69 6E 64   any more remind
65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73 20 6C  ers or pop-ups l
69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D 0A 0D  ike this one....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .               
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65   www.registrycle
61 6E 65 72 78 70 2E 63 6F 6D 00                 anerxp.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-14:19:57.655041 38.130.22.198:9015 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:20850 IpLen:20 DgmLen:661
Len: 633
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 10 8C 7F D9 EA BC BF 10  ....O...........
82 C3 81 34 A5 AC 97 6C 00 00 00 00 01 00 00 00  ...4...l........
00 00 00 00 00 00 FF FF FF FF 29 02 00 00 00 00  ..........).....
0C 00 00 00 00 00 00 00 0C 00 00 00 4D 53 20 52  ............MS R
65 67 69 73 74 72 79 00 0C 00 00 00 00 00 00 00  egistry.........
0C 00 00 00 57 69 6E 64 6F 77 73 20 55 73 65 00  ....Windows Use.
ED 01 00 00 00 00 00 00 ED 01 00 00 43 72 69 74  ............Crit
69 63 61 6C 20 53 79 73 74 65 6D 20 45 72 72 6F  ical System Erro
72 21 0D 0A 0D 0A 54 68 65 20 4D 69 63 72 6F 73  r!....The Micros
6F 66 74 20 57 69 6E 64 6F 77 73 20 72 65 67 69  oft Windows regi
73 74 72 79 20 61 70 70 65 61 72 73 20 74 6F 20  stry appears to 
62 65 20 69 6E 66 65 63 74 65 64 20 61 6E 64 2F  be infected and/
6F 72 20 63 6F 72 72 75 70 74 65 64 2E 0D 0A 50  or corrupted...P
6C 65 61 73 65 20 67 6F 20 74 6F 20 74 68 65 20  lease go to the 
4D 69 63 72 6F 73 6F 66 74 20 52 65 67 69 73 74  Microsoft Regist
72 79 20 52 65 70 61 69 72 20 74 6F 6F 6C 20 61  ry Repair tool a
74 20 77 77 77 2E 6D 73 72 65 67 69 73 74 72 79  t www.msregistry
63 6C 65 61 6E 65 72 2E 63 6F 6D 20 74 6F 20 73  cleaner.com to s
63 61 6E 20 61 6E 64 20 72 65 70 61 69 72 20 74  can and repair t
68 65 20 73 79 73 74 65 6D 20 72 65 67 69 73 74  he system regist
72 79 2E 0D 0A 0D 0A 55 52 4C 3A 20 77 77 77 2E  ry.....URL: www.
6D 73 72 65 67 69 73 74 72 79 63 6C 65 61 6E 65  msregistrycleane
72 2E 63 6F 6D 0D 0A 53 65 76 65 72 69 74 79 3A  r.com..Severity:
20 45 78 74 72 65 6D 65 0D 0A 53 79 6D 70 74 6F   Extreme..Sympto
6D 73 3A 20 4D 65 73 73 61 67 65 73 20 73 75 63  ms: Messages suc
68 20 61 73 20 74 68 65 73 65 2C 20 61 73 20 77  h as these, as w
65 6C 6C 20 61 73 20 62 75 66 66 65 72 20 6F 76  ell as buffer ov
65 72 66 6C 6F 77 20 65 78 70 6C 6F 69 74 20 61  erflow exploit a
6C 6C 6F 77 69 6E 67 20 6D 61 6C 69 63 69 6F 75  llowing maliciou
73 20 75 73 65 72 73 20 74 6F 20 67 61 69 6E 20  s users to gain 
61 63 63 65 73 73 20 74 6F 20 79 6F 75 72 20 63  access to your c
6F 6D 70 75 74 65 72 2E 0D 0A 0D 0A 43 75 72 65  omputer.....Cure
3A 20 44 6F 77 6E 6C 6F 61 64 20 74 68 65 20 73  : Download the s
63 61 6E 6E 65 72 20 61 6E 64 20 61 6C 6C 6F 77  canner and allow
20 69 74 20 74 6F 20 63 6C 65 61 6E 20 61 6E 64   it to clean and
20 72 65 70 61 69 72 20 79 6F 75 72 20 4D 69 63   repair your Mic
72 6F 73 6F 66 74 20 57 69 6E 64 6F 77 73 20 72  rosoft Windows r
65 67 69 73 74 72 79 2E 00                       egistry..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-14:20:16.098784 38.130.14.189:5879 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:17743 IpLen:20 DgmLen:1080
Len: 1052
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC F2 EC 32 6D 88 B9 8B 71  ....O.....2m...q
21 8D 01 78 C7 34 FC D9 00 00 00 00 01 00 00 00  !..x.4..........
00 00 00 00 00 00 FF FF FF FF CC 03 00 00 00 00  ................
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
80 03 00 00 00 00 00 00 80 03 00 00 57 49 4E 44  ............WIND
4F 57 53 20 45 52 52 4F 52 20 4D 45 53 53 41 47  OWS ERROR MESSAG
45 20 2D 20 52 45 47 49 53 54 52 59 20 44 41 4D  E - REGISTRY DAM
41 4E 47 45 44 0D 0A 0D 0A 0D 0A 59 6F 75 72 20  ANGED......Your 
57 69 6E 64 6F 77 73 20 72 65 67 69 73 74 72 79  Windows registry
20 69 73 20 63 6F 72 72 75 70 74 65 64 20 61 6E   is corrupted an
64 20 6E 65 65 64 73 20 74 6F 20 62 65 20 63 6C  d needs to be cl
65 61 6E 65 64 20 69 6D 6D 65 64 69 61 74 65 6C  eaned immediatel
79 2E 0D 0A 0D 0A 0D 0A 43 6F 6D 70 72 6F 6D 69  y.......Compromi
73 65 64 20 72 65 67 69 73 74 72 79 20 66 69 6C  sed registry fil
65 73 20 63 61 6E 20 6C 65 61 64 20 74 6F 20 74  es can lead to t
68 65 20 66 6F 6C 6C 6F 77 69 6E 67 3A 0D 0A 0D  he following:...
0A 31 2E 20 43 6F 6D 70 6C 65 74 65 20 61 63 63  .1. Complete acc
65 73 73 20 6F 66 20 79 6F 75 72 20 50 43 20 62  ess of your PC b
79 20 68 61 63 6B 65 72 73 0D 0A 32 2E 20 53 6C  y hackers..2. Sl
6F 77 20 73 70 65 65 64 73 20 72 65 73 75 6C 74  ow speeds result
69 6E 67 20 69 6E 20 73 6C 6F 77 20 64 6F 77 6E  ing in slow down
6C 6F 61 64 73 20 6F 66 20 69 6E 74 65 72 6E 65  loads of interne
74 20 66 69 6C 65 73 0D 0A 33 2E 20 54 68 65 20  t files..3. The 
63 6F 6D 70 72 6F 6D 69 73 65 20 6F 66 20 70 65  compromise of pe
72 73 6F 6E 61 6C 20 69 6E 66 6F 72 6D 61 74 69  rsonal informati
6F 6E 20 73 74 6F 72 65 64 20 6F 6E 20 79 6F 75  on stored on you
72 20 63 6F 6D 70 75 74 65 72 0D 0A 34 2E 20 43  r computer..4. C
6F 6D 70 6C 65 74 65 20 73 79 73 74 65 6D 20 66  omplete system f
61 69 6C 75 72 65 20 72 65 73 75 6C 74 69 6E 67  ailure resulting
20 69 6E 20 74 68 65 20 6E 65 65 64 20 66 6F 72   in the need for
20 61 20 63 6F 6D 70 6C 65 74 65 20 72 65 69 6E   a complete rein
73 74 61 6C 6C 20 6F 66 20 79 6F 75 72 20 68 61  stall of your ha
72 64 20 64 72 69 76 65 2E 0D 0A 0D 0A 54 6F 20  rd drive.....To 
66 69 78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D  fix this problem
3A 0D 0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74  :....1. Open Int
65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A  ernet Explorer..
32 2E 20 49 6E 20 74 68 65 20 55 52 4C 20 46 69  2. In the URL Fi
65 6C 64 20 74 79 70 65 20 2D 20 20 77 77 77 2E  eld type -  www.
72 65 67 69 73 74 72 79 63 6C 65 61 6E 65 72 78  registrycleanerx
70 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  p.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65 61  www.registryclea
6E 65 72 78 70 2E 63 6F 6D 20 61 6E 64 20 69 6E  nerxp.com and in
73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C 65 61  stall the ..clea
6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F 75 20  ner program you 
77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69 76 65  will not receive
20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69 6E 64   any more remind
65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73 20 6C  ers or pop-ups l
69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D 0A 0D  ike this one....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .               
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 77 77 77 2E 72 65 67 69 73 74 72 79 63 6C    www.registrycl
65 61 6E 65 72 78 70 2E 63 6F 6D 00              eanerxp.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-14:45:56.590309 38.130.234.232:20839 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:30720 IpLen:20 DgmLen:1079
Len: 1051
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 79 B5 84 6F 5F AE C6 73  ....O...y..o_..s
BE 88 89 0A E4 D4 F1 2C 00 00 00 00 01 00 00 00  .......,........
00 00 00 00 00 00 FF FF FF FF CB 03 00 00 00 00  ................
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
7F 03 00 00 00 00 00 00 7F 03 00 00 57 49 4E 44  ............WIND
4F 57 53 20 45 52 52 4F 52 20 4D 45 53 53 41 47  OWS ERROR MESSAG
45 20 2D 20 52 45 47 49 53 54 52 59 20 44 41 4D  E - REGISTRY DAM
41 4E 47 45 44 0D 0A 0D 0A 0D 0A 59 6F 75 72 20  ANGED......Your 
57 69 6E 64 6F 77 73 20 72 65 67 69 73 74 72 79  Windows registry
20 69 73 20 63 6F 72 72 75 70 74 65 64 20 61 6E   is corrupted an
64 20 6E 65 65 64 73 20 74 6F 20 62 65 20 63 6C  d needs to be cl
65 61 6E 65 64 20 69 6D 6D 65 64 69 61 74 65 6C  eaned immediatel
79 2E 0D 0A 0D 0A 0D 0A 43 6F 6D 70 72 6F 6D 69  y.......Compromi
73 65 64 20 72 65 67 69 73 74 72 79 20 66 69 6C  sed registry fil
65 73 20 63 61 6E 20 6C 65 61 64 20 74 6F 20 74  es can lead to t
68 65 20 66 6F 6C 6C 6F 77 69 6E 67 3A 0D 0A 0D  he following:...
0A 31 2E 20 43 6F 6D 70 6C 65 74 65 20 61 63 63  .1. Complete acc
65 73 73 20 6F 66 20 79 6F 75 72 20 50 43 20 62  ess of your PC b
79 20 68 61 63 6B 65 72 73 0D 0A 32 2E 20 53 6C  y hackers..2. Sl
6F 77 20 73 70 65 65 64 73 20 72 65 73 75 6C 74  ow speeds result
69 6E 67 20 69 6E 20 73 6C 6F 77 20 64 6F 77 6E  ing in slow down
6C 6F 61 64 73 20 6F 66 20 69 6E 74 65 72 6E 65  loads of interne
74 20 66 69 6C 65 73 0D 0A 33 2E 20 54 68 65 20  t files..3. The 
63 6F 6D 70 72 6F 6D 69 73 65 20 6F 66 20 70 65  compromise of pe
72 73 6F 6E 61 6C 20 69 6E 66 6F 72 6D 61 74 69  rsonal informati
6F 6E 20 73 74 6F 72 65 64 20 6F 6E 20 79 6F 75  on stored on you
72 20 63 6F 6D 70 75 74 65 72 0D 0A 34 2E 20 43  r computer..4. C
6F 6D 70 6C 65 74 65 20 73 79 73 74 65 6D 20 66  omplete system f
61 69 6C 75 72 65 20 72 65 73 75 6C 74 69 6E 67  ailure resulting
20 69 6E 20 74 68 65 20 6E 65 65 64 20 66 6F 72   in the need for
20 61 20 63 6F 6D 70 6C 65 74 65 20 72 65 69 6E   a complete rein
73 74 61 6C 6C 20 6F 66 20 79 6F 75 72 20 68 61  stall of your ha
72 64 20 64 72 69 76 65 2E 0D 0A 0D 0A 54 6F 20  rd drive.....To 
66 69 78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D  fix this problem
3A 0D 0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74  :....1. Open Int
65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A  ernet Explorer..
32 2E 20 49 6E 20 74 68 65 20 55 52 4C 20 46 69  2. In the URL Fi
65 6C 64 20 74 79 70 65 20 2D 20 20 77 77 77 2E  eld type -  www.
72 65 67 69 73 74 72 79 63 6C 65 61 6E 65 72 78  registrycleanerx
70 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  p.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65 61  www.registryclea
6E 65 72 78 70 2E 63 6F 6D 20 61 6E 64 20 69 6E  nerxp.com and in
73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C 65 61  stall the ..clea
6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F 75 20  ner program you 
77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69 76 65  will not receive
20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69 6E 64   any more remind
65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73 20 6C  ers or pop-ups l
69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D 0A 0D  ike this one....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .               
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65   www.registrycle
61 6E 65 72 78 70 2E 63 6F 6D 00                 anerxp.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-15:44:19.957869 38.130.158.94:17423 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:17931 IpLen:20 DgmLen:1080
Len: 1052
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC CB 24 A0 D3 89 9B 3E C4  ....O....$....>.
A5 24 5B A5 27 55 41 CA 00 00 00 00 01 00 00 00  .$[.'UA.........
00 00 00 00 00 00 FF FF FF FF CC 03 00 00 00 00  ................
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
80 03 00 00 00 00 00 00 80 03 00 00 57 49 4E 44  ............WIND
4F 57 53 20 45 52 52 4F 52 20 4D 45 53 53 41 47  OWS ERROR MESSAG
45 20 2D 20 52 45 47 49 53 54 52 59 20 44 41 4D  E - REGISTRY DAM
41 4E 47 45 44 0D 0A 0D 0A 0D 0A 59 6F 75 72 20  ANGED......Your 
57 69 6E 64 6F 77 73 20 72 65 67 69 73 74 72 79  Windows registry
20 69 73 20 63 6F 72 72 75 70 74 65 64 20 61 6E   is corrupted an
64 20 6E 65 65 64 73 20 74 6F 20 62 65 20 63 6C  d needs to be cl
65 61 6E 65 64 20 69 6D 6D 65 64 69 61 74 65 6C  eaned immediatel
79 2E 0D 0A 0D 0A 0D 0A 43 6F 6D 70 72 6F 6D 69  y.......Compromi
73 65 64 20 72 65 67 69 73 74 72 79 20 66 69 6C  sed registry fil
65 73 20 63 61 6E 20 6C 65 61 64 20 74 6F 20 74  es can lead to t
68 65 20 66 6F 6C 6C 6F 77 69 6E 67 3A 0D 0A 0D  he following:...
0A 31 2E 20 43 6F 6D 70 6C 65 74 65 20 61 63 63  .1. Complete acc
65 73 73 20 6F 66 20 79 6F 75 72 20 50 43 20 62  ess of your PC b
79 20 68 61 63 6B 65 72 73 0D 0A 32 2E 20 53 6C  y hackers..2. Sl
6F 77 20 73 70 65 65 64 73 20 72 65 73 75 6C 74  ow speeds result
69 6E 67 20 69 6E 20 73 6C 6F 77 20 64 6F 77 6E  ing in slow down
6C 6F 61 64 73 20 6F 66 20 69 6E 74 65 72 6E 65  loads of interne
74 20 66 69 6C 65 73 0D 0A 33 2E 20 54 68 65 20  t files..3. The 
63 6F 6D 70 72 6F 6D 69 73 65 20 6F 66 20 70 65  compromise of pe
72 73 6F 6E 61 6C 20 69 6E 66 6F 72 6D 61 74 69  rsonal informati
6F 6E 20 73 74 6F 72 65 64 20 6F 6E 20 79 6F 75  on stored on you
72 20 63 6F 6D 70 75 74 65 72 0D 0A 34 2E 20 43  r computer..4. C
6F 6D 70 6C 65 74 65 20 73 79 73 74 65 6D 20 66  omplete system f
61 69 6C 75 72 65 20 72 65 73 75 6C 74 69 6E 67  ailure resulting
20 69 6E 20 74 68 65 20 6E 65 65 64 20 66 6F 72   in the need for
20 61 20 63 6F 6D 70 6C 65 74 65 20 72 65 69 6E   a complete rein
73 74 61 6C 6C 20 6F 66 20 79 6F 75 72 20 68 61  stall of your ha
72 64 20 64 72 69 76 65 2E 0D 0A 0D 0A 54 6F 20  rd drive.....To 
66 69 78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D  fix this problem
3A 0D 0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74  :....1. Open Int
65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A  ernet Explorer..
32 2E 20 49 6E 20 74 68 65 20 55 52 4C 20 46 69  2. In the URL Fi
65 6C 64 20 74 79 70 65 20 2D 20 20 77 77 77 2E  eld type -  www.
72 65 67 69 73 74 72 79 63 6C 65 61 6E 65 72 78  registrycleanerx
70 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  p.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65 61  www.registryclea
6E 65 72 78 70 2E 63 6F 6D 20 61 6E 64 20 69 6E  nerxp.com and in
73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C 65 61  stall the ..clea
6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F 75 20  ner program you 
77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69 76 65  will not receive
20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69 6E 64   any more remind
65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73 20 6C  ers or pop-ups l
69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D 0A 0D  ike this one....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .               
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 77 77 77 2E 72 65 67 69 73 74 72 79 63 6C    www.registrycl
65 61 6E 65 72 78 70 2E 63 6F 6D 00              eanerxp.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-16:13:29.151411 38.130.31.215:12298 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:56786 IpLen:20 DgmLen:819
Len: 791
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 7B 9E 62 13 77 CC E9 7E  ....O...{.b.w..~
DD 8A 13 7D CB E7 8B 04 00 00 00 00 01 00 00 00  ...}............
00 00 00 00 00 00 FF FF FF FF C7 02 00 00 00 00  ................
13 00 00 00 00 00 00 00 13 00 00 00 4D 69 63 72  ............Micr
6F 73 6F 66 74 20 52 65 67 69 73 74 72 79 00 00  osoft Registry..
13 00 00 00 00 00 00 00 13 00 00 00 4D 69 63 72  ............Micr
6F 73 6F 66 74 20 55 73 65 72 00 00 00 00 00 00  osoft User......
7B 02 00 00 00 00 00 00 7B 02 00 00 57 41 52 4E  {.......{...WARN
49 4E 47 21 20 20 59 4F 55 52 20 52 45 47 49 53  ING!  YOUR REGIS
54 52 59 20 49 53 20 43 4F 52 52 55 50 54 45 44  TRY IS CORRUPTED
0D 0A 0D 0A 43 6F 72 72 75 70 74 65 64 20 72 65  ....Corrupted re
67 69 73 74 72 79 20 63 61 6E 20 72 65 73 75 6C  gistry can resul
74 20 69 6E 20 75 6E 61 75 74 68 6F 72 69 7A 65  t in unauthorize
64 20 61 63 63 65 73 73 20 74 6F 20 79 6F 75 72  d access to your
20 63 6F 6D 70 75 74 65 72 20 62 79 20 69 6E 74   computer by int
65 72 6E 65 74 0D 0A 68 61 63 6B 65 72 73 20 61  ernet..hackers a
6E 64 20 69 6E 20 65 78 74 72 65 6D 65 20 63 61  nd in extreme ca
73 65 73 2C 20 63 6F 6D 70 6C 65 74 65 20 6F 70  ses, complete op
65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 20 66  erating system f
61 69 6C 75 72 65 2E 0D 0A 0D 0A 54 6F 20 66 69  ailure.....To fi
78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D 3A 0D  x this problem:.
0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74 65 72  ...1. Open Inter
6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A 32 2E  net Explorer..2.
20 49 6E 20 74 68 65 20 55 52 4C 20 46 69 65 6C   In the URL Fiel
64 20 74 79 70 65 20 2D 20 20 77 77 77 2E 52 65  d type -  www.Re
67 69 73 74 72 79 43 6C 65 61 6E 65 72 47 6F 6C  gistryCleanerGol
64 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  d.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 52 65 67 69 73 74 72 79 43 6C 65 61  www.RegistryClea
6E 65 72 47 6F 6C 64 2E 63 6F 6D 20 61 6E 64 20  nerGold.com and 
69 6E 73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C  install the ..cl
65 61 6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F  eaner program yo
75 20 77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69  u will not recei
76 65 20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69  ve any more remi
6E 64 65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73  nders or pop-ups
20 6C 69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D   like this one..
0A 0D 0A 20 20 20 20 20 20 20 20 20 20 20 20 20  ...             
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 77 77 77 2E 52             www.R
65 67 69 73 74 72 79 43 6C 65 61 6E 65 72 47 6F  egistryCleanerGo
6C 64 2E 63 6F 6D 00                             ld.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-16:30:15.498870 38.130.66.181:3504 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:41993 IpLen:20 DgmLen:661
Len: 633
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC DB CD A6 88 F6 9B 6C 92  ....O.........l.
2C 62 52 38 F2 7F 54 B9 00 00 00 00 01 00 00 00  ,bR8..T.........
00 00 00 00 00 00 FF FF FF FF 29 02 00 00 00 00  ..........).....
0C 00 00 00 00 00 00 00 0C 00 00 00 4D 53 20 52  ............MS R
65 67 69 73 74 72 79 00 0C 00 00 00 00 00 00 00  egistry.........
0C 00 00 00 57 69 6E 64 6F 77 73 20 55 73 65 00  ....Windows Use.
ED 01 00 00 00 00 00 00 ED 01 00 00 43 72 69 74  ............Crit
69 63 61 6C 20 53 79 73 74 65 6D 20 45 72 72 6F  ical System Erro
72 21 0D 0A 0D 0A 54 68 65 20 4D 69 63 72 6F 73  r!....The Micros
6F 66 74 20 57 69 6E 64 6F 77 73 20 72 65 67 69  oft Windows regi
73 74 72 79 20 61 70 70 65 61 72 73 20 74 6F 20  stry appears to 
62 65 20 69 6E 66 65 63 74 65 64 20 61 6E 64 2F  be infected and/
6F 72 20 63 6F 72 72 75 70 74 65 64 2E 0D 0A 50  or corrupted...P
6C 65 61 73 65 20 67 6F 20 74 6F 20 74 68 65 20  lease go to the 
4D 69 63 72 6F 73 6F 66 74 20 52 65 67 69 73 74  Microsoft Regist
72 79 20 52 65 70 61 69 72 20 74 6F 6F 6C 20 61  ry Repair tool a
74 20 77 77 77 2E 6D 73 72 65 67 69 73 74 72 79  t www.msregistry
63 6C 65 61 6E 65 72 2E 63 6F 6D 20 74 6F 20 73  cleaner.com to s
63 61 6E 20 61 6E 64 20 72 65 70 61 69 72 20 74  can and repair t
68 65 20 73 79 73 74 65 6D 20 72 65 67 69 73 74  he system regist
72 79 2E 0D 0A 0D 0A 55 52 4C 3A 20 77 77 77 2E  ry.....URL: www.
6D 73 72 65 67 69 73 74 72 79 63 6C 65 61 6E 65  msregistrycleane
72 2E 63 6F 6D 0D 0A 53 65 76 65 72 69 74 79 3A  r.com..Severity:
20 45 78 74 72 65 6D 65 0D 0A 53 79 6D 70 74 6F   Extreme..Sympto
6D 73 3A 20 4D 65 73 73 61 67 65 73 20 73 75 63  ms: Messages suc
68 20 61 73 20 74 68 65 73 65 2C 20 61 73 20 77  h as these, as w
65 6C 6C 20 61 73 20 62 75 66 66 65 72 20 6F 76  ell as buffer ov
65 72 66 6C 6F 77 20 65 78 70 6C 6F 69 74 20 61  erflow exploit a
6C 6C 6F 77 69 6E 67 20 6D 61 6C 69 63 69 6F 75  llowing maliciou
73 20 75 73 65 72 73 20 74 6F 20 67 61 69 6E 20  s users to gain 
61 63 63 65 73 73 20 74 6F 20 79 6F 75 72 20 63  access to your c
6F 6D 70 75 74 65 72 2E 0D 0A 0D 0A 43 75 72 65  omputer.....Cure
3A 20 44 6F 77 6E 6C 6F 61 64 20 74 68 65 20 73  : Download the s
63 61 6E 6E 65 72 20 61 6E 64 20 61 6C 6C 6F 77  canner and allow
20 69 74 20 74 6F 20 63 6C 65 61 6E 20 61 6E 64   it to clean and
20 72 65 70 61 69 72 20 79 6F 75 72 20 4D 69 63   repair your Mic
72 6F 73 6F 66 74 20 57 69 6E 64 6F 77 73 20 72  rosoft Windows r
65 67 69 73 74 72 79 2E 00                       egistry..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-16:40:20.428500 38.130.99.106:31032 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:18072 IpLen:20 DgmLen:1080
Len: 1052
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 82 C9 F0 1D 9E 0F 45 D0  ....O.........E.
00 2B 9B 8D 63 3A F8 A6 00 00 00 00 01 00 00 00  .+..c:..........
00 00 00 00 00 00 FF FF FF FF CC 03 00 00 00 00  ................
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
80 03 00 00 00 00 00 00 80 03 00 00 57 49 4E 44  ............WIND
4F 57 53 20 45 52 52 4F 52 20 4D 45 53 53 41 47  OWS ERROR MESSAG
45 20 2D 20 52 45 47 49 53 54 52 59 20 44 41 4D  E - REGISTRY DAM
41 4E 47 45 44 0D 0A 0D 0A 0D 0A 59 6F 75 72 20  ANGED......Your 
57 69 6E 64 6F 77 73 20 72 65 67 69 73 74 72 79  Windows registry
20 69 73 20 63 6F 72 72 75 70 74 65 64 20 61 6E   is corrupted an
64 20 6E 65 65 64 73 20 74 6F 20 62 65 20 63 6C  d needs to be cl
65 61 6E 65 64 20 69 6D 6D 65 64 69 61 74 65 6C  eaned immediatel
79 2E 0D 0A 0D 0A 0D 0A 43 6F 6D 70 72 6F 6D 69  y.......Compromi
73 65 64 20 72 65 67 69 73 74 72 79 20 66 69 6C  sed registry fil
65 73 20 63 61 6E 20 6C 65 61 64 20 74 6F 20 74  es can lead to t
68 65 20 66 6F 6C 6C 6F 77 69 6E 67 3A 0D 0A 0D  he following:...
0A 31 2E 20 43 6F 6D 70 6C 65 74 65 20 61 63 63  .1. Complete acc
65 73 73 20 6F 66 20 79 6F 75 72 20 50 43 20 62  ess of your PC b
79 20 68 61 63 6B 65 72 73 0D 0A 32 2E 20 53 6C  y hackers..2. Sl
6F 77 20 73 70 65 65 64 73 20 72 65 73 75 6C 74  ow speeds result
69 6E 67 20 69 6E 20 73 6C 6F 77 20 64 6F 77 6E  ing in slow down
6C 6F 61 64 73 20 6F 66 20 69 6E 74 65 72 6E 65  loads of interne
74 20 66 69 6C 65 73 0D 0A 33 2E 20 54 68 65 20  t files..3. The 
63 6F 6D 70 72 6F 6D 69 73 65 20 6F 66 20 70 65  compromise of pe
72 73 6F 6E 61 6C 20 69 6E 66 6F 72 6D 61 74 69  rsonal informati
6F 6E 20 73 74 6F 72 65 64 20 6F 6E 20 79 6F 75  on stored on you
72 20 63 6F 6D 70 75 74 65 72 0D 0A 34 2E 20 43  r computer..4. C
6F 6D 70 6C 65 74 65 20 73 79 73 74 65 6D 20 66  omplete system f
61 69 6C 75 72 65 20 72 65 73 75 6C 74 69 6E 67  ailure resulting
20 69 6E 20 74 68 65 20 6E 65 65 64 20 66 6F 72   in the need for
20 61 20 63 6F 6D 70 6C 65 74 65 20 72 65 69 6E   a complete rein
73 74 61 6C 6C 20 6F 66 20 79 6F 75 72 20 68 61  stall of your ha
72 64 20 64 72 69 76 65 2E 0D 0A 0D 0A 54 6F 20  rd drive.....To 
66 69 78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D  fix this problem
3A 0D 0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74  :....1. Open Int
65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A  ernet Explorer..
32 2E 20 49 6E 20 74 68 65 20 55 52 4C 20 46 69  2. In the URL Fi
65 6C 64 20 74 79 70 65 20 2D 20 20 77 77 77 2E  eld type -  www.
72 65 67 69 73 74 72 79 63 6C 65 61 6E 65 72 78  registrycleanerx
70 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  p.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65 61  www.registryclea
6E 65 72 78 70 2E 63 6F 6D 20 61 6E 64 20 69 6E  nerxp.com and in
73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C 65 61  stall the ..clea
6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F 75 20  ner program you 
77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69 76 65  will not receive
20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69 6E 64   any more remind
65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73 20 6C  ers or pop-ups l
69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D 0A 0D  ike this one....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .               
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 77 77 77 2E 72 65 67 69 73 74 72 79 63 6C    www.registrycl
65 61 6E 65 72 78 70 2E 63 6F 6D 00              eanerxp.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-16:59:37.048246 38.130.133.235:6337 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:31199 IpLen:20 DgmLen:1079
Len: 1051
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 0D 36 5E 8C 92 1C DD F0  ....O....6^.....
43 D7 45 ED 0E 99 CE 19 00 00 00 00 01 00 00 00  C.E.............
00 00 00 00 00 00 FF FF FF FF CB 03 00 00 00 00  ................
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
7F 03 00 00 00 00 00 00 7F 03 00 00 57 49 4E 44  ............WIND
4F 57 53 20 45 52 52 4F 52 20 4D 45 53 53 41 47  OWS ERROR MESSAG
45 20 2D 20 52 45 47 49 53 54 52 59 20 44 41 4D  E - REGISTRY DAM
41 4E 47 45 44 0D 0A 0D 0A 0D 0A 59 6F 75 72 20  ANGED......Your 
57 69 6E 64 6F 77 73 20 72 65 67 69 73 74 72 79  Windows registry
20 69 73 20 63 6F 72 72 75 70 74 65 64 20 61 6E   is corrupted an
64 20 6E 65 65 64 73 20 74 6F 20 62 65 20 63 6C  d needs to be cl
65 61 6E 65 64 20 69 6D 6D 65 64 69 61 74 65 6C  eaned immediatel
79 2E 0D 0A 0D 0A 0D 0A 43 6F 6D 70 72 6F 6D 69  y.......Compromi
73 65 64 20 72 65 67 69 73 74 72 79 20 66 69 6C  sed registry fil
65 73 20 63 61 6E 20 6C 65 61 64 20 74 6F 20 74  es can lead to t
68 65 20 66 6F 6C 6C 6F 77 69 6E 67 3A 0D 0A 0D  he following:...
0A 31 2E 20 43 6F 6D 70 6C 65 74 65 20 61 63 63  .1. Complete acc
65 73 73 20 6F 66 20 79 6F 75 72 20 50 43 20 62  ess of your PC b
79 20 68 61 63 6B 65 72 73 0D 0A 32 2E 20 53 6C  y hackers..2. Sl
6F 77 20 73 70 65 65 64 73 20 72 65 73 75 6C 74  ow speeds result
69 6E 67 20 69 6E 20 73 6C 6F 77 20 64 6F 77 6E  ing in slow down
6C 6F 61 64 73 20 6F 66 20 69 6E 74 65 72 6E 65  loads of interne
74 20 66 69 6C 65 73 0D 0A 33 2E 20 54 68 65 20  t files..3. The 
63 6F 6D 70 72 6F 6D 69 73 65 20 6F 66 20 70 65  compromise of pe
72 73 6F 6E 61 6C 20 69 6E 66 6F 72 6D 61 74 69  rsonal informati
6F 6E 20 73 74 6F 72 65 64 20 6F 6E 20 79 6F 75  on stored on you
72 20 63 6F 6D 70 75 74 65 72 0D 0A 34 2E 20 43  r computer..4. C
6F 6D 70 6C 65 74 65 20 73 79 73 74 65 6D 20 66  omplete system f
61 69 6C 75 72 65 20 72 65 73 75 6C 74 69 6E 67  ailure resulting
20 69 6E 20 74 68 65 20 6E 65 65 64 20 66 6F 72   in the need for
20 61 20 63 6F 6D 70 6C 65 74 65 20 72 65 69 6E   a complete rein
73 74 61 6C 6C 20 6F 66 20 79 6F 75 72 20 68 61  stall of your ha
72 64 20 64 72 69 76 65 2E 0D 0A 0D 0A 54 6F 20  rd drive.....To 
66 69 78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D  fix this problem
3A 0D 0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74  :....1. Open Int
65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A  ernet Explorer..
32 2E 20 49 6E 20 74 68 65 20 55 52 4C 20 46 69  2. In the URL Fi
65 6C 64 20 74 79 70 65 20 2D 20 20 77 77 77 2E  eld type -  www.
72 65 67 69 73 74 72 79 63 6C 65 61 6E 65 72 78  registrycleanerx
70 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  p.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65 61  www.registryclea
6E 65 72 78 70 2E 63 6F 6D 20 61 6E 64 20 69 6E  nerxp.com and in
73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C 65 61  stall the ..clea
6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F 75 20  ner program you 
77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69 76 65  will not receive
20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69 6E 64   any more remind
65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73 20 6C  ers or pop-ups l
69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D 0A 0D  ike this one....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .               
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65   www.registrycle
61 6E 65 72 78 70 2E 63 6F 6D 00                 anerxp.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-17:08:19.744772 38.130.130.99:27446 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:18109 IpLen:20 DgmLen:1080
Len: 1052
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC E0 FA F8 65 BD 8E 3D 3F  ....O......e..=?
56 45 E4 98 05 B4 80 F5 00 00 00 00 01 00 00 00  VE..............
00 00 00 00 00 00 FF FF FF FF CC 03 00 00 00 00  ................
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
80 03 00 00 00 00 00 00 80 03 00 00 57 49 4E 44  ............WIND
4F 57 53 20 45 52 52 4F 52 20 4D 45 53 53 41 47  OWS ERROR MESSAG
45 20 2D 20 52 45 47 49 53 54 52 59 20 44 41 4D  E - REGISTRY DAM
41 4E 47 45 44 0D 0A 0D 0A 0D 0A 59 6F 75 72 20  ANGED......Your 
57 69 6E 64 6F 77 73 20 72 65 67 69 73 74 72 79  Windows registry
20 69 73 20 63 6F 72 72 75 70 74 65 64 20 61 6E   is corrupted an
64 20 6E 65 65 64 73 20 74 6F 20 62 65 20 63 6C  d needs to be cl
65 61 6E 65 64 20 69 6D 6D 65 64 69 61 74 65 6C  eaned immediatel
79 2E 0D 0A 0D 0A 0D 0A 43 6F 6D 70 72 6F 6D 69  y.......Compromi
73 65 64 20 72 65 67 69 73 74 72 79 20 66 69 6C  sed registry fil
65 73 20 63 61 6E 20 6C 65 61 64 20 74 6F 20 74  es can lead to t
68 65 20 66 6F 6C 6C 6F 77 69 6E 67 3A 0D 0A 0D  he following:...
0A 31 2E 20 43 6F 6D 70 6C 65 74 65 20 61 63 63  .1. Complete acc
65 73 73 20 6F 66 20 79 6F 75 72 20 50 43 20 62  ess of your PC b
79 20 68 61 63 6B 65 72 73 0D 0A 32 2E 20 53 6C  y hackers..2. Sl
6F 77 20 73 70 65 65 64 73 20 72 65 73 75 6C 74  ow speeds result
69 6E 67 20 69 6E 20 73 6C 6F 77 20 64 6F 77 6E  ing in slow down
6C 6F 61 64 73 20 6F 66 20 69 6E 74 65 72 6E 65  loads of interne
74 20 66 69 6C 65 73 0D 0A 33 2E 20 54 68 65 20  t files..3. The 
63 6F 6D 70 72 6F 6D 69 73 65 20 6F 66 20 70 65  compromise of pe
72 73 6F 6E 61 6C 20 69 6E 66 6F 72 6D 61 74 69  rsonal informati
6F 6E 20 73 74 6F 72 65 64 20 6F 6E 20 79 6F 75  on stored on you
72 20 63 6F 6D 70 75 74 65 72 0D 0A 34 2E 20 43  r computer..4. C
6F 6D 70 6C 65 74 65 20 73 79 73 74 65 6D 20 66  omplete system f
61 69 6C 75 72 65 20 72 65 73 75 6C 74 69 6E 67  ailure resulting
20 69 6E 20 74 68 65 20 6E 65 65 64 20 66 6F 72   in the need for
20 61 20 63 6F 6D 70 6C 65 74 65 20 72 65 69 6E   a complete rein
73 74 61 6C 6C 20 6F 66 20 79 6F 75 72 20 68 61  stall of your ha
72 64 20 64 72 69 76 65 2E 0D 0A 0D 0A 54 6F 20  rd drive.....To 
66 69 78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D  fix this problem
3A 0D 0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74  :....1. Open Int
65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A  ernet Explorer..
32 2E 20 49 6E 20 74 68 65 20 55 52 4C 20 46 69  2. In the URL Fi
65 6C 64 20 74 79 70 65 20 2D 20 20 77 77 77 2E  eld type -  www.
72 65 67 69 73 74 72 79 63 6C 65 61 6E 65 72 78  registrycleanerx
70 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  p.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65 61  www.registryclea
6E 65 72 78 70 2E 63 6F 6D 20 61 6E 64 20 69 6E  nerxp.com and in
73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C 65 61  stall the ..clea
6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F 75 20  ner program you 
77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69 76 65  will not receive
20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69 6E 64   any more remind
65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73 20 6C  ers or pop-ups l
69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D 0A 0D  ike this one....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .               
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 77 77 77 2E 72 65 67 69 73 74 72 79 63 6C    www.registrycl
65 61 6E 65 72 78 70 2E 63 6F 6D 00              eanerxp.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-17:15:34.781221 38.130.152.158:21285 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:43444 IpLen:20 DgmLen:677
Len: 649
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC B1 41 2B B0 CE C7 C5 47  ....O....A+....G
52 C0 CA 5D D1 53 9C C3 00 00 00 00 01 00 00 00  R..].S..........
00 00 00 00 00 00 FF FF FF FF 39 02 00 00 00 00  ..........9.....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
ED 01 00 00 00 00 00 00 ED 01 00 00 43 72 69 74  ............Crit
69 63 61 6C 20 53 79 73 74 65 6D 20 45 72 72 6F  ical System Erro
72 21 0D 0A 0D 0A 54 68 65 20 4D 69 63 72 6F 73  r!....The Micros
6F 66 74 20 57 69 6E 64 6F 77 73 20 72 65 67 69  oft Windows regi
73 74 72 79 20 61 70 70 65 61 72 73 20 74 6F 20  stry appears to 
62 65 20 69 6E 66 65 63 74 65 64 20 61 6E 64 2F  be infected and/
6F 72 20 63 6F 72 72 75 70 74 65 64 2E 0D 0A 50  or corrupted...P
6C 65 61 73 65 20 67 6F 20 74 6F 20 74 68 65 20  lease go to the 
4D 69 63 72 6F 73 6F 66 74 20 52 65 67 69 73 74  Microsoft Regist
72 79 20 52 65 70 61 69 72 20 74 6F 6F 6C 20 61  ry Repair tool a
74 20 77 77 77 2E 6D 73 72 65 67 69 73 74 72 79  t www.msregistry
63 6C 65 61 6E 65 72 2E 63 6F 6D 20 74 6F 20 73  cleaner.com to s
63 61 6E 20 61 6E 64 20 72 65 70 61 69 72 20 74  can and repair t
68 65 20 73 79 73 74 65 6D 20 72 65 67 69 73 74  he system regist
72 79 2E 0D 0A 0D 0A 55 52 4C 3A 20 77 77 77 2E  ry.....URL: www.
6D 73 72 65 67 69 73 74 72 79 63 6C 65 61 6E 65  msregistrycleane
72 2E 63 6F 6D 0D 0A 53 65 76 65 72 69 74 79 3A  r.com..Severity:
20 45 78 74 72 65 6D 65 0D 0A 53 79 6D 70 74 6F   Extreme..Sympto
6D 73 3A 20 4D 65 73 73 61 67 65 73 20 73 75 63  ms: Messages suc
68 20 61 73 20 74 68 65 73 65 2C 20 61 73 20 77  h as these, as w
65 6C 6C 20 61 73 20 62 75 66 66 65 72 20 6F 76  ell as buffer ov
65 72 66 6C 6F 77 20 65 78 70 6C 6F 69 74 20 61  erflow exploit a
6C 6C 6F 77 69 6E 67 20 6D 61 6C 69 63 69 6F 75  llowing maliciou
73 20 75 73 65 72 73 20 74 6F 20 67 61 69 6E 20  s users to gain 
61 63 63 65 73 73 20 74 6F 20 79 6F 75 72 20 63  access to your c
6F 6D 70 75 74 65 72 2E 0D 0A 0D 0A 43 75 72 65  omputer.....Cure
3A 20 44 6F 77 6E 6C 6F 61 64 20 74 68 65 20 73  : Download the s
63 61 6E 6E 65 72 20 61 6E 64 20 61 6C 6C 6F 77  canner and allow
20 69 74 20 74 6F 20 63 6C 65 61 6E 20 61 6E 64   it to clean and
20 72 65 70 61 69 72 20 79 6F 75 72 20 4D 69 63   repair your Mic
72 6F 73 6F 66 74 20 57 69 6E 64 6F 77 73 20 72  rosoft Windows r
65 67 69 73 74 72 79 2E 00                       egistry..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/09-18:04:19.862603 38.130.130.251:3405 -> 24.2.153.164:1026
UDP TTL:113 TOS:0x20 ID:18328 IpLen:20 DgmLen:1080
Len: 1052
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 72 80 99 12 84 12 2D 08  ....O...r.....-.
C4 69 7E A1 AB A6 CB F4 00 00 00 00 01 00 00 00  .i~.............
00 00 00 00 00 00 FF FF FF FF CC 03 00 00 00 00  ................
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 52 65 67 69 73 74 72 79 00 00 00 00  ows Registry....
11 00 00 00 00 00 00 00 11 00 00 00 57 69 6E 64  ............Wind
6F 77 73 20 55 73 65 72 00 00 00 00 00 00 00 00  ows User........
80 03 00 00 00 00 00 00 80 03 00 00 57 49 4E 44  ............WIND
4F 57 53 20 45 52 52 4F 52 20 4D 45 53 53 41 47  OWS ERROR MESSAG
45 20 2D 20 52 45 47 49 53 54 52 59 20 44 41 4D  E - REGISTRY DAM
41 4E 47 45 44 0D 0A 0D 0A 0D 0A 59 6F 75 72 20  ANGED......Your 
57 69 6E 64 6F 77 73 20 72 65 67 69 73 74 72 79  Windows registry
20 69 73 20 63 6F 72 72 75 70 74 65 64 20 61 6E   is corrupted an
64 20 6E 65 65 64 73 20 74 6F 20 62 65 20 63 6C  d needs to be cl
65 61 6E 65 64 20 69 6D 6D 65 64 69 61 74 65 6C  eaned immediatel
79 2E 0D 0A 0D 0A 0D 0A 43 6F 6D 70 72 6F 6D 69  y.......Compromi
73 65 64 20 72 65 67 69 73 74 72 79 20 66 69 6C  sed registry fil
65 73 20 63 61 6E 20 6C 65 61 64 20 74 6F 20 74  es can lead to t
68 65 20 66 6F 6C 6C 6F 77 69 6E 67 3A 0D 0A 0D  he following:...
0A 31 2E 20 43 6F 6D 70 6C 65 74 65 20 61 63 63  .1. Complete acc
65 73 73 20 6F 66 20 79 6F 75 72 20 50 43 20 62  ess of your PC b
79 20 68 61 63 6B 65 72 73 0D 0A 32 2E 20 53 6C  y hackers..2. Sl
6F 77 20 73 70 65 65 64 73 20 72 65 73 75 6C 74  ow speeds result
69 6E 67 20 69 6E 20 73 6C 6F 77 20 64 6F 77 6E  ing in slow down
6C 6F 61 64 73 20 6F 66 20 69 6E 74 65 72 6E 65  loads of interne
74 20 66 69 6C 65 73 0D 0A 33 2E 20 54 68 65 20  t files..3. The 
63 6F 6D 70 72 6F 6D 69 73 65 20 6F 66 20 70 65  compromise of pe
72 73 6F 6E 61 6C 20 69 6E 66 6F 72 6D 61 74 69  rsonal informati
6F 6E 20 73 74 6F 72 65 64 20 6F 6E 20 79 6F 75  on stored on you
72 20 63 6F 6D 70 75 74 65 72 0D 0A 34 2E 20 43  r computer..4. C
6F 6D 70 6C 65 74 65 20 73 79 73 74 65 6D 20 66  omplete system f
61 69 6C 75 72 65 20 72 65 73 75 6C 74 69 6E 67  ailure resulting
20 69 6E 20 74 68 65 20 6E 65 65 64 20 66 6F 72   in the need for
20 61 20 63 6F 6D 70 6C 65 74 65 20 72 65 69 6E   a complete rein
73 74 61 6C 6C 20 6F 66 20 79 6F 75 72 20 68 61  stall of your ha
72 64 20 64 72 69 76 65 2E 0D 0A 0D 0A 54 6F 20  rd drive.....To 
66 69 78 20 74 68 69 73 20 70 72 6F 62 6C 65 6D  fix this problem
3A 0D 0A 0D 0A 31 2E 20 4F 70 65 6E 20 49 6E 74  :....1. Open Int
65 72 6E 65 74 20 45 78 70 6C 6F 72 65 72 0D 0A  ernet Explorer..
32 2E 20 49 6E 20 74 68 65 20 55 52 4C 20 46 69  2. In the URL Fi
65 6C 64 20 74 79 70 65 20 2D 20 20 77 77 77 2E  eld type -  www.
72 65 67 69 73 74 72 79 63 6C 65 61 6E 65 72 78  registrycleanerx
70 2E 63 6F 6D 0D 0A 33 2E 20 4E 6F 74 65 20 74  p.com..3. Note t
68 61 74 20 61 6C 6C 20 76 65 72 73 69 6F 6E 73  hat all versions
20 6F 66 20 77 69 6E 64 6F 77 73 20 61 72 65 20   of windows are 
73 75 70 70 6F 72 74 65 64 2E 0D 0A 34 2E 20 4F  supported...4. O
6E 63 65 20 79 6F 75 20 6C 6F 61 64 20 74 68 65  nce you load the
20 70 72 6F 67 72 61 6D 2C 20 63 6C 6F 73 65 20   program, close 
74 68 69 73 20 77 69 6E 64 6F 77 2E 0D 0A 0D 0A  this window.....
50 6C 65 61 73 65 20 6E 6F 74 65 20 74 68 61 74  Please note that
20 6F 6E 63 65 20 79 6F 75 20 76 69 73 69 74 20   once you visit 
77 77 77 2E 72 65 67 69 73 74 72 79 63 6C 65 61  www.registryclea
6E 65 72 78 70 2E 63 6F 6D 20 61 6E 64 20 69 6E  nerxp.com and in
73 74 61 6C 6C 20 74 68 65 20 0D 0A 63 6C 65 61  stall the ..clea
6E 65 72 20 70 72 6F 67 72 61 6D 20 79 6F 75 20  ner program you 
77 69 6C 6C 20 6E 6F 74 20 72 65 63 65 69 76 65  will not receive
20 61 6E 79 20 6D 6F 72 65 20 72 65 6D 69 6E 64   any more remind
65 72 73 20 6F 72 20 70 6F 70 2D 75 70 73 20 6C  ers or pop-ups l
69 6B 65 20 74 68 69 73 20 6F 6E 65 2E 0D 0A 0D  ike this one....
0A 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  .               
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
20 20 77 77 77 2E 72 65 67 69 73 74 72 79 63 6C    www.registrycl
65 61 6E 65 72 78 70 2E 63 6F 6D 00              eanerxp.com.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Run time for packet processing was 0.2172 seconds


===============================================================================

Snort processed 17 packets.
michali at fire:~> 





More information about the unisog mailing list