[Ali]

I recieved a mail today from Hyperntecs Corporation about an online securitycheck for browsers.
I went to their site http://www.securityscan.us and performed the check.
After the scan I get this message :

Two critical security holes have been discovered in your browser!


Dear user, two extremely critical security vulnerabilities have been discovered in your Internet browser, therefore we recommend that you run this new patch immediately so we can preform the scan.

With a link to a patch.

I've tried with Firefox and with IE 6.0 ( both give the same message.

can this be trusted ?

[Matt]

I highly doubt it.

here is why :

1. wether you do a "virus detection" or "security scan", you get to download the exact same file.

2. Why the file is making a call to kernel32.dll LoadLibraryA GetProcAddress ??

I wouldnt trust this site !

One thing though, McAfee didn't say anything...

Maybe somebody can enlighten us on the nature of this file ?! I wonder what it does exactly.

[Ali]

I did a scan with kapersky: a Trojan.backdoor.Win32.Rbot.gen

So everybody be warned.

[iceman517]

is it a trojan wen download the patch and start
istallt a file C:\WINDOWS\system32\ovhaztyne.exe

what will send to internernet

[lovepump]

Looks like its already down. Good.

Funny, it didn't take long to get caught either:

Quote

Domain Registration Date:                    Tue Jul 12 18:24:45 GMT 2005

Bob

[myth]

lol

seems safe to download for now :P

Quote

Necrocide —› dns: resolved (irc.xposed.org) to (127.0.0.1)

lovepump Name:  irc.xposed.org
lovepump Address: 127.0.0.1

myth PING irc.xposed.org (127.0.0.1) 56(84) bytes of data.

_SerhaT_ Pingen naar irc.xposed.org [127.0.0.1]met 32 byte gegevens:

[tibbar] Pinging irc.xposed.org [127.0.0.1] with 32 bytes of data:

Will post back if he changes the server to a working one.

[aelphaeis_mangarae]

Quote

lovepump Name:  irc.xposed.org

lovepump???

Is that meant to be an alias or something? I know of someone with that alias....


EDIT: myth = lovepump?

[myth]

myth != lovepump

but i think he wants to be me :P j/k

run off to irc, we're both in there if you want to speak with him...

[lovepump]

I'm the only person I know that uses the nick lovepump.

Bob

[sarab200x]

this site and the other site have back doors as a gift for u... :D ...if u want security use norton & zone alarms & black ice....this is the only way you keep secure your information in net...

[satknis]

where do you find that thread? :P

norton, zone alarm & black ice are no good protections!
use others, search here in the forum for a better solution. :)