Full Version: Virus?
Found this strange file that was created today on my pc..it keeps trying to add itself to the run key of my registry. I'm blocking it but it crashes explorer.exe when I access adaware. I later tried scanning that file with adaware and then with an av checker...it did not pick it up. I'm gonna add this file here to see if anybody can get something out of it.
my AV doeesnt pick it up ethier, sounds didgy tho!
i have a close relationship with my AV company, will send it off to them for you, suggest you do the same to whoever your AV is,....
sometimes you can get it names fater you if you are first to discover a new virus in the wild,
in meantime might try opening it with ahex editor.
i have a close relationship with my AV company, will send it off to them for you, suggest you do the same to whoever your AV is,....
sometimes you can get it names fater you if you are first to discover a new virus in the wild,
in meantime might try opening it with ahex editor.
I sent it to symantec. Also I tried hex editing it and dissasembling it but it appears packed, it did have this though. [ HidePE by BGCorp ]=-
my doesn't find it either but what i cee it has a injection in the file :s
Did you run highjackthis to see what else might be floating about on your PC?
| QUOTE (beardednose @ Jan 15 2004, 02:58 PM) |
| Did you run highjackthis to see what else might be floating about on your PC? |
Haven't heard of that program before..gonna run it and see what it shows.
Well symantec sent me a reply about this file..it is in fact an existing trojan, however it is strange that the AV didn't pick it up. I wanna have the packer that whoever made this file used.
| CODE |
We have analyzed your submission. The following is a report of our findings for each file you have submitted: filename: iexplorer.exe machine: AVCAutomation: result: This file is infected with Trojan.Digits Developer notes: iexplorer.exe is non-repairable threat. NAV with the latest beta definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest beta definitions. |
| QUOTE (vnet576 @ Jan 15 2004, 02:55 AM) |
| I sent it to symantec. Also I tried hex editing it and dissasembling it but it appears packed, it did have this though. [ HidePE by BGCorp ]=- |
Well if it's pack unpack it using the -d switch using UPX(If its packed with it)
Anyhow,hope your problem has been solved now after getting the reply from NAV.
Regards,
~Faceless Master
Probably somebody just packaged it with the real iexplorer.exe file using elitewrap or silk rope 2000 or something.
----
Sorry I couldn't post this as a thread, since I just signedup.
But am looking for all trojans/bots/virus which have a master password.
Along with the command to remove the bot.
I plan on making a script to connecto to the bots port, login via the master pwd. Then send the command to remove said bot.
Any ideas where to start?
---
Sorry for posting in this thread as an off subject post
Sorry I couldn't post this as a thread, since I just signedup.
But am looking for all trojans/bots/virus which have a master password.
Along with the command to remove the bot.
I plan on making a script to connecto to the bots port, login via the master pwd. Then send the command to remove said bot.
Any ideas where to start?
---
Sorry for posting in this thread as an off subject post
I don't know of any trojans/virii having a master password, but I wouldn't be surprised if a few of the trojan writers built some kind of backdoor in.
This is the most complete database of information on all trojans 0-day and older, kinda like the nforce of trojans. I suggest you check it out to see all the trojans that are out there, then do research on the trojans that you suspect might have a master password.
http://www.megasecurity.org/Main.html
This is the most complete database of information on all trojans 0-day and older, kinda like the nforce of trojans. I suggest you check it out to see all the trojans that are out there, then do research on the trojans that you suspect might have a master password.
http://www.megasecurity.org/Main.html
I have been looking into virii and trojans and never heard of them having master passwords although I wouldn't be suprised if there was. I know a couple of guys who have written their own and are quite exeperienced and they have never heard of people using master passwords.
Hope thats helpful.
Greetz jubbly
Hope thats helpful.
Greetz jubbly
I have see on some site some troajn master password but I dunno why you cna do with ti and why use those.... look on google
| QUOTE (vnet576 @ Jan 15 2004, 02:55 AM) |
| I sent it to symantec. Also I tried hex editing it and dissasembling it but it appears packed, it did have this though. [ HidePE by BGCorp ]=- |
if this is what i think it is, it's an mirc virus. spams through /mirccmd... can't cleanly disassemble since the include tables were intentionaly destroyed and u actually have to have it running to get imprec to do it (and i did but it wouldn't fix it.)
Yesterday my system was infected by a different kind of the same code, it causes an error message opening a text document via explorer and execute a program, y.exe that appaers in the root of the system disk for a few seconds.The file size is the same of iexplorer.exe and it has -=[ HidePE by BGCorp ]=- at the end of it and it is spreading around system with multiple copies named
notepad32.exe
users32.exe
directx32.exe
explorer32.exe
Now i am trying to remove these files and registry keys
anyone has any idea of this virii???
thanks
p.s. my antivirus say that iexplorer.exe, posted at the top of this topic is a
win32/SpyBot.qz
Try CWshredder.
Had such a problem in my pc too.
My was called smartsearch.ws and changed names whenever i deleted it.
Also my favourites tab was infected.
With this proggie i removed it.
http://216.180.233.153/~merijn/files/CWShredder.exe
Had such a problem in my pc too.
My was called smartsearch.ws and changed names whenever i deleted it.
Also my favourites tab was infected.
With this proggie i removed it.
http://216.180.233.153/~merijn/files/CWShredder.exe
Sub7 has a master password.
Kuang2 has a master pwd,I believe.
Netbus did too.. again I believe.
Reason being i want to right a script to clean the pc via this method as the startup keys are not the same everytime.
Kuang2 has a master pwd,I believe.
Netbus did too.. again I believe.
Reason being i want to right a script to clean the pc via this method as the startup keys are not the same everytime.
i believe it's a mirc virus too. i've seen it on a stro, maybe you should check the dates in the dir of the iexplorer is residing. there are other files associated with it.
hope you've sorted that m8.
hope you've sorted that m8.
This got all sorted, and I had very limited damage since I use a registry protection script, so all I had to do was just delete the various files it created. I don't think its an mirc virus, since you have to accept the virus on the onjoin popup, and I never do that.
I don't know the way i received this virus but removing registry keys and the relative files created i solved this problem.
I use Hijackthis (http://www.spywareinfo.com/~merijn/index.html).....
Tanks...
I use Hijackthis (http://www.spywareinfo.com/~merijn/index.html).....
Tanks...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
