Trojan Droppers I have known

Discussion in 'malware problems & news' started by enthios, Sep 22, 2008.

Thread Status:
Not open for further replies.
  1. enthios

    enthios Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    17
    Rootkit Unhooker

    Axban
     
  2. controler

    controler Guest

    HUH?

    Now why do you say that?
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    AxBan is an ActiveX killbit program by Errata Security. Apart from a XML page (control list) download at start up, what else do you think is happening?

    Rootkit Unhooker is an anti rootkit tool, it is not a trojan dropper. RkU is at version 3.8.342.554 and is only downloaded from here(rootkitdotcom).
     
    Last edited: Sep 22, 2008
  4. enthios

    enthios Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    17
    Axban - - - In addition to it's stated function, it is an ActiveX password stealer.

    Rootkit Unhooker - - - Installs several dubious files in the system directory, one of which starts as a service. Try it. Maybe the version that I downloaded was infected. Maybe on your box it will be just peachy keen.

    Then there is this:

    Secure Connection Failed

    www.rootkit.com uses an invalid security certificate.

    The certificate is not trusted because it is self signed.

    (Error code: sec_error_ca_cert_invalid)

    Let the buyer beware!
     
    Last edited: Sep 22, 2008
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,980
    Location:
    U.S.A.
    enthios, that's exactly the same prompt I received, using the Perspectives add-on, with FF 3.0.1:
     

    Attached Files:

  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yes, rootkitdotcom its been like that ever since I joined. Greg Hoglund (rootkitdotcom) is a renowned author and specialist.

    RkU - download from the above site and everything will be peachy yes.

    Axban - don't leave it at that plz your support is :
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Why you think your version had been infected?
    BTW make string analysis.
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    This thread is nonsense and should be closed without some supporting argument.

    enthios:) if your copy was from the legit source you haven't a problem rku does not install any dubious files. Axban, I cannot find anything googling axban, password stealer, what say you!
     
  9. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Yes
    oh noooooo we are all doomed by evil RkU: that has been hashed to death b4 :p
     
  10. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    @meriadoc

    You know that RKU is also available as rapidshare downloads linked through Sysinternals Forum by Diablo, who is the creator developer of RKU.


    @enthios

    Please list your discoveries via cut & paste or images/screenshots. Also detail how you discovered and what tools you used. In this way your results may be duplicated or verified by other qualified peeps.
    You should also state which version of RKU you were using.
    Have you received a special edition of RKU, like 4.0** or some such? [​IMG]

    It has been said that it calls home in the past, could that be what you're refering to?
     
  11. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yes you may know I am aware of that older version linked by DiabloNova(EP).
     
  12. Cretemonster

    Cretemonster Registered Member

    Joined:
    Mar 31, 2005
    Posts:
    79
    Someone is smoking too much crack these days.

    DiabloNova(EP) is in no way a friend of mine but in due respect,I can allmost 100% asure you he is in no way interested in packing malware into an application he has spent a larger portion of his life building.

    Im not defending DiabloNova(EP),Im just saying that enthios needs to ease up on the crack pipe an some of this paranoia will leave.

    Try puffing the cheebah...it produces far better results with much less paranoia :)
     
  13. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    I think that rebumping a diying thread just to write this personal attacks was totally unneeded:thumbd:
     
  14. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    If your are Bipolar, then even the cheebah will generate paranoia. :eek:
     
Loading...
Thread Status:
Not open for further replies.