Undectable trojan

Discussion in 'malware problems & news' started by tom772, Jul 30, 2005.

Thread Status:
Not open for further replies.
  1. tom772

    tom772 Guest

    tom772, Jul 30, 2005
    #1
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Quite a fantasy.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
    Rmus, Jul 30, 2005
    #2
  3. Tom772

    Tom772 Guest

    Tom772, Jul 30, 2005
    #3
  4. tom772

    tom772 Guest

    http://www.spywareinfoforum.com/index.php?showtopic=52016

    I read the long thread, now closed regarding a trojan that swami claimed to break itself into pieces and hide in firmwares/bios, etc.

    He was correct! If you would like to see some excerpts from my shell.dll file send me a request. I still havent read it all, but it appears to be sufficiently incriminating.

    I dont know all the details yet, but if you are a programmer,or even just interested, I think this information in the shell32.dll file says enough.

    How I finally caught it? After buying a new DVD player,motherboard, cpu, graphics card,memory. Flash the bios, low level format. New hard disk, and new XPSP2 soft, I installed windows, did NOT get most recent updates. DO NOT DO THAT. then flashed my DVDROM, rebooted, and disabled my parallel, and serial ports.

    And in answer to Swamis critics, I can tell you how to see if you are infected. With windows XP Look at your devices in the device manager, go to properties, details see if the device instance ID is what it should be, or something else. SCSI where it shouldnt be is a good indication of trouble. Also look at class installers for odd things that indicate surveillance or recording of data. If anyone out there is a bit knowledgeable in this area let me know, I have a load of info that shows how this little grub works.

    I attached a small portion of the dll contents for you to see
     
    tom772, Jul 30, 2005
    #4
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Did he submit his data for analysis to any of the ten security firms listed? Nothing from them has been reported, AFAIK.

    The first thread you list was also linked from windowsbbs in June, 2004 and nothing more was ever heard about it.

    http://www.windowsbbs.com/showthread.php?t=31781&goto=nextoldest


    -rich
    ________________
    ~~Be ALERT!!! ~~
     
    Last edited: Jul 30, 2005
    Rmus, Jul 30, 2005
    #5
  6. tom772

    tom772 Guest

    It donst sound like a joke to me, but as you said, as of yet though hes contacted no secuirty company. It does make me think about the complex trojan programs and what they could possibly do.
     
    tom772, Jul 30, 2005
    #6
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Scary ?

    As killer4prez mentioned just before the thread was closed by CNM....

     
    Bubba, Jul 30, 2005
    #7
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...