hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Trojan & Virus Errata
radien
Apr 4 2004, 07:49 AM
Recently I 've found some killing my pc.
Many boxes of error, Title: "Run time error 004062C5":

some processes named:
msvqwk.com and msmnoi.com

making my pc sick. And those guyz that do this to me are in the attachment.

U can see UPX 1.2's signature and header section in their binary code.

and Unfotunately, recently updated NAV can't recognize it yet.

So who knows it's name?! which virii is it?

[virus binaries added]
Trojan^kid
Apr 4 2004, 11:06 AM
ok
is that all ? smile.gif
the files are packed with upx and maybe scrambeld that why
NAV didn't detect it
Uninstall norton
u could use ksv it detect packed trojans smile.gif

cheers
radien
Apr 4 2004, 10:32 PM
I wrote here in brief. But I updated NAV 5 minutes ago. It couldn't detect it yet!

If you have Kaspersky or anyother, try to scan these viruses and let me know the result.
tweakz20
Apr 4 2004, 10:42 PM
didn't you post this in two forums? (answer = yes)

you can try free online AVs... here are some:
CODE
http://www.bitedefender.com/scan/license.php
http://www.pandasoft.com/activescan/activescan-com.asp
http://www.ravantivirus.com/scan
http://housecall.trendmicro.com


when you scan, it scans using all the recent updates included
radien
Apr 4 2004, 11:13 PM
I never post this anywhere else. Anyway thx for you suggestion

here is the result of scan using RAV online scan service

QUOTE
RAV AntiVirus command line for Linux i386.
Version: 8.4.3.
Copyright © since 1995 GeCAD The Software Company. All rights reserved.

Scan engine 8.11 for i386.
Last update: Sun, 04 Apr 2004 19:34:40 +0300
Scanning for 93336 malwares (viruses, trojans and worms).

Scan started on Mon Apr 5 01:56:03 2004

msmnoi.com.txt is infected with Backdoor:Win32/Beastdoor.2_06.A

Scan ended on Mon Apr 5 01:56:03 2004


Scan results:
Time: 0 second(s).
Objects scanned: 1. New objects: 1
Infected: 1. Different virus bodies: 1.
Files: 1. Directories: 0. Archives: 0. Packed: 0. Mail files: 0.
Warnings: 0.
tweakz20
Apr 5 2004, 12:23 AM
ohh sorry.. it was similar and thought it was the same
Eyeless
Apr 6 2004, 06:00 PM
KAV says Beast 2.06
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.