How this malware works?

Discussion in 'ESET NOD32 Antivirus' started by bubu83, Aug 2, 2009.

Thread Status:
Not open for further replies.
  1. bubu83

    bubu83 Registered Member

    Joined:
    Jun 11, 2009
    Posts:
    21
    istealer.

    i have nod32 v4 and i become infected by istealer 4 days ago.

    nod32 doesn't recognize him so i want to ask you: how this istealer works?

    i know that it join an exe file to be executed.

    i dont know what happen after the execution.

    thanks
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    if nod32 failed what app is alerting your machine is infected? what is the exact name and location found?
     
  3. bubu83

    bubu83 Registered Member

    Joined:
    Jun 11, 2009
    Posts:
    21
    i have cleaned the machine, using malware remover application.

    i found this files in my pc:

    windows/lowsec/user.ds 0 byte
    windows/lowsec/local.ds 36KB

    windows/system32/istealer 5.0.exe (file version says 3.0)
    windows/system/sdra64.exe

    plus some regedit keys.

    currently i use firefox3.5.1 for internet passwords: i'm afraid that these could be stealed (if the malware can decrypt signons3.txt )
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    i think this particular malware is used to hack and steal victims email password and to decrypt Firefox files
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,651
    Thats reason for the masterpassword at firefox - use it!
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
  7. bubu83

    bubu83 Registered Member

    Joined:
    Jun 11, 2009
    Posts:
    21
    thanks for the interest, but i've already deleted the malware. Anyway, if i'm not wrong, nod32 has send it in automatic via quarantine.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.