To complicate detection of its presence in the operating system,
blocks the following features:
Windows Security Center
Creates and executes the following:
%WINDIR%\Fonts\unwise_me.exe
Executes the following:
<SYSTEM32>\netsh.exe firewall set portopening TCP 9991 PORT2
<SYSTEM32>\netsh.exe firewall add allowedprogram "%WINDIR%\Fonts\unwise_me.exe" workstation ENABLE ALL
<SYSTEM32>\netsh.exe firewall set allowedprogram "%WINDIR%\Fonts\unwise_me.exe" workstation ENABLE ALL
<SYSTEM32>\netsh.exe firewall set portopening TCP 9999 PORT1
<SYSTEM32>\netsh.exe firewall set portopening TCP 445 NB
<SYSTEM32>\netsh.exe firewall set portopening TCP 139 NB
<SYSTEM32>\netsh.exe firewall set portopening TCP 1013 BS
Modifies file system :
Creates the following files:
%WINDIR%\Fonts\unwise_me.exe
Sets the 'hidden' attribute to the following files:
%WINDIR%\Fonts\unwise_me.exe
Deletes the following files:
<SYSTEM32>\config\SysEvent.Evt
<SYSTEM32>\config\SecEvent.Evt
<SYSTEM32>\config\AppEvent.Evt
Deletes itself.
Network activity:
Connects to:
'ir#.#fnet.fr':6667
'ir#.#fnet.nl':6667
'ir#.##raphysics.net':6667
'ir#.#fnet.no':6667
'ir#.##ersible.com':6667
'ef###.#ultiplay.co.uk':6667
'ef###.port80.se':6667
'ir#.#zima.net':6667
'ir#.nac.net':6667
'ef###.xs4all.nl':6667
'ir#.##derworld.no':6667
'ir#.##outcast.com':6667
'ir#.#hoopa.ca':6667
'ir#.#fnet.pl':6667
UDP:
DNS ASK ir#.#fnet.fr
DNS ASK ir#.#fnet.nl
DNS ASK ir#.##raphysics.net
DNS ASK ir#.#fnet.no
DNS ASK ir#.##ersible.com
DNS ASK ef###.#ultiplay.co.uk
DNS ASK ef###.port80.se
DNS ASK ir#.#zima.net
DNS ASK ir#.nac.net
DNS ASK ef###.xs4all.nl
DNS ASK ir#.##derworld.no
DNS ASK ir#.##outcast.com
DNS ASK ir#.#hoopa.ca
DNS ASK ir#.#fnet.pl
Miscellaneous:
Searches for the following windows:
ClassName: 'mIRC' WindowName: ''
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more