Worse and worse and worse...

Discussion in 'malware problems & news' started by Longboard, Aug 11, 2006.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,238
    Location:
    Sydney, Australia
    This just never ends!
    See some of the scan reports from the combined scanning.
    http://www.bluetack.co.uk/forums/index.php?showtopic=15097

    Also, there is no way I could understand any of those pop-ups from PG or SSM or other utilities :(

    Shame that more than one AV cant be run at once.
    Reminder to use the on line scans and have layers like you are fighting off the winter.

    The world wide spiderweb :mad:
     
    Longboard, Aug 11, 2006
    #1
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Hope somebody from ESET will take a look at these. :) Anyway NOD32 seems to cover them well.
     
    pykko, Aug 11, 2006
    #2
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,434
    Location:
    Slovakia
    If someone willingly download trojan into PC, AV can not do much to stop it.
    Thanks for this interesting page, it is good to test security settings of the PC.

    IP: 81.177.15.226 opened properly, but there was only written: Not found / pwn3d!!.
    The rest: cgi & htm did not load, jar & php opened like txt, exe & wmf did not download.

    When I finished, I scanned PC with Ewido and other software like GMER. Ewido Reported:
    Code:
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RENB2Q8V\java[1].txt/GetAccess.class -> Downloader.OpenConnection.aj : No action taken.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RENB2Q8V\java[1].txt/Installer.class -> Downloader.OpenConnection.aj : No action taken.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XOUIEUP0\xpladv596[1].wmf -> Exploit.MS05-053-WMF : No action taken.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RENB2Q8V\java[1].txt/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RENB2Q8V\java[1].txt/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RENB2Q8V\lpokhrbxq[1].htm -> Trojan.ProcKill.DJ : No action taken.
    When I wanted to check those files with online scanner, they were already deleted by IE.
     
    TairikuOkami, Aug 11, 2006
    #3
  4. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    I went there as well :cool: to try with the attached result.

    Gerard
     

    Attached Files:

    • biz.gif
      biz.gif
      File size:
      20.2 KB
      Views:
      688
    gerardwil, Aug 11, 2006
    #4
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,559
    Location:
    The Netherlands
    Does the site still work or what? I went to the site but the only thing that loads is the .com file, after that nothing happens. And which bug is it exploiting? I mean is this a zero day bug or what? I also get to see "Not found / pwn3d!!".

    SSM does alert about the .com executable file, good to know that SSM´s protection really works. And I assume that SSM could also block the driver from loading. Would be proof that it can really save your ass from zero day attacks. :)
     
    Rasheed187, Aug 12, 2006
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...