How this malware works?

Discussion in 'ESET NOD32 Antivirus' started by bubu83, Aug 2, 2009.

Thread Status:
Not open for further replies.
  1. bubu83

    bubu83 Registered Member

    Joined:
    Jun 11, 2009
    Posts:
    21
    istealer.

    i have nod32 v4 and i become infected by istealer 4 days ago.

    nod32 doesn't recognize him so i want to ask you: how this istealer works?

    i know that it join an exe file to be executed.

    i dont know what happen after the execution.

    thanks
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    if nod32 failed what app is alerting your machine is infected? what is the exact name and location found?
     
  3. bubu83

    bubu83 Registered Member

    Joined:
    Jun 11, 2009
    Posts:
    21
    i have cleaned the machine, using malware remover application.

    i found this files in my pc:

    windows/lowsec/user.ds 0 byte
    windows/lowsec/local.ds 36KB

    windows/system32/istealer 5.0.exe (file version says 3.0)
    windows/system/sdra64.exe

    plus some regedit keys.

    currently i use firefox3.5.1 for internet passwords: i'm afraid that these could be stealed (if the malware can decrypt signons3.txt )
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    i think this particular malware is used to hack and steal victims email password and to decrypt Firefox files
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    Thats reason for the masterpassword at firefox - use it!
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,031
    Location:
    California
  7. bubu83

    bubu83 Registered Member

    Joined:
    Jun 11, 2009
    Posts:
    21
    thanks for the interest, but i've already deleted the malware. Anyway, if i'm not wrong, nod32 has send it in automatic via quarantine.
     
Thread Status:
Not open for further replies.