How this malware works?

istealer.

i have nod32 v4 and i become infected by istealer 4 days ago.

nod32 doesn't recognize him so i want to ask you: how this istealer works?

i know that it join an exe file to be executed.

i dont know what happen after the execution.

thanks

 

if nod32 failed what app is alerting your machine is infected? what is the exact name and location found?

 

i have cleaned the machine, using malware remover application.

i found this files in my pc:

windows/lowsec/user.ds 0 byte
windows/lowsec/local.ds 36KB

windows/system32/istealer 5.0.exe (file version says 3.0)
windows/system/sdra64.exe

plus some regedit keys.

currently i use firefox3.5.1 for internet passwords: i'm afraid that these could be stealed (if the malware can decrypt signons3.txt )

 

i think this particular malware is used to hack and steal victims email password and to decrypt Firefox files

 

Thats reason for the masterpassword at firefox - use it!

 

Hello,

Please send a copy of the undetected files to ESET's virus lab for analysis, along with an ESET SysInspector log.

ESET Knowledgebase Article #141, "How to submit virus or potential false positive samples to ESET's labs" explains how to package up the files and ESET Knowledgebase Article #2219, "How do I create a SysInspector log?" explains how to create an ESET SysInspector log.

Regards,

Aryeh Goretsky

 

thanks for the interest, but i've already deleted the malware. Anyway, if i'm not wrong, nod32 has send it in automatic via quarantine.