Terrible Case of "Stealth Malware" Targeted Spy - PICTURE AT BOTTOM

Discussion in 'malware problems & news' started by atx3, Dec 13, 2007.

Thread Status:
Not open for further replies.
  1. atx3

    atx3 Registered Member

    Joined:
    Dec 13, 2007
    Posts:
    3
    I have been a victim of Stealth Malware

    I've Tried many security tools - Av, Anti trojan, Anti malware, Pervx, Wireshark

    YOU NAME IT! I TRIED IT

    It appears to me someone has been spying on me? ATX3 HOW DO YOU KNOW THIS>

    Someone has logged into my rapidshare account - They have uploaded and downloaded files - But they have not changed the pass

    I am not lying - I am religious - I SWEAR TO GOD IT HAPPENED


    Now recently i received some advice about explorer.exe and ending it and Restarting it and scanning for something

    Here is what i found

    I've heard about RATS hiding in ADS STREAM - But the problem is i never found this

    I had to go a list of steps to find this thing



    This is very bad -As i have no clue how i even got this on my pc - I only use my computer

    I am very lucky - That the stupid spy logged into my account - Now i feel good because i was IN THE DARK before.

    Thank you Lord for shedding some light


    EDIT- i restarted my pc - Scanned again - And i didn't find it - Looks like i have to try those special steps again

    I want to Get this piece of **** On my pc -

    I take **** from no one - I want to know what this malware is
     

    Attached Files:

    • 545.png
      545.png
      File size:
      1.5 KB
      Views:
      482
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    The CLSID came up in a reference to trojan.Gromozon:

    http://forum.wininizio.it/lofiversion/index.php/t69784.html
    Post by milanforever 13/06/07, 11:33
    If the above relates to you, then this reference in the same thread:

    Gromozon Rootkit Removal Tool
    http://info.prevx.com/gromozon.asp?sessionid=FD6F093B-2156-4D34-86F6-E1CA4668FF5D


    ----
    rich
     
    Last edited: Dec 14, 2007
  3. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Seconded give the PrevX Gromozon tool a run out because it has a sweet side effect of munching a wide range of trojans that are running in ADS.:thumb:

    BTW atx3 are you Italian as Gromozon has been Italian IP specific for some time.

    If the Gromozon tool dose not work then we can import the forensic tools to dig deeper.

    If the Gromzon tool rips out the trojan then it is time to change all passwords,both online and on the computer.

    All the best!
     
  4. atx3

    atx3 Registered Member

    Joined:
    Dec 13, 2007
    Posts:
    3
    I am From NewYork - United states

    It seems to me that this grozmon is being used with other malware - Seems like a combination

    Because in my rapidshare ip log - The spier's ip address is Canada

    Arin whois traces the ip to - VIDEOTRON - QUEBEC CANADA

    They have used my account - uploaded and downloaded but have not changed the password.

    Heh so what else can i do.

    Those tools aren't working:thumbd:
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Since Wilders no longer offers one on one cleaning services, I'm afraid we're going to have to refer you to one of the security forums that has active Spyware Cleaning services available.

    Read the following thread and choose one of the forums listed in it, join there and they should be able to assist you:

    https://www.wilderssecurity.com/showthread.php?t=42148

    I would also suggest that if this is you at the DSLreports Security forum that you consider the suggestion made in your thread to post in their Security Cleanup Forum for assistance.

    Bubba
     
  6. atx3

    atx3 Registered Member

    Joined:
    Dec 13, 2007
    Posts:
    3
    THIS SUCKS!

    No one can help>

    Heh looks like you're all simple and cannot hunt advanced malware.

    Laterz. This place servers no purpose As you all have no clue or skills at all when it comes to malware

    Keep on using lame hijackthis and all those silly foolish tools

    And when Stealth malware hits you, you'll be in the dark 100% until someone has stolen and caused identity theft against you
     
  7. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Not the case at all but at the end of the day Bubba has directed you to specialized help forums for further assistance(take it or leave it).

    At that point if i brought in further diagnostic tools/routines etc it would be going against him and the forum TOS.

    Now if you seriously want assistance etc then search out sysinternals forum and post in their malware forum there.I can work my foo from there:thumb:
     
Loading...
Thread Status:
Not open for further replies.