Undectable trojan

Discussion in 'malware problems & news' started by tom772, Jul 30, 2005.

Thread Status:
Not open for further replies.
  1. tom772

    tom772 Guest

  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Quite a fantasy.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  3. Tom772

    Tom772 Guest

  4. tom772

    tom772 Guest

    http://www.spywareinfoforum.com/index.php?showtopic=52016

    I read the long thread, now closed regarding a trojan that swami claimed to break itself into pieces and hide in firmwares/bios, etc.

    He was correct! If you would like to see some excerpts from my shell.dll file send me a request. I still havent read it all, but it appears to be sufficiently incriminating.

    I dont know all the details yet, but if you are a programmer,or even just interested, I think this information in the shell32.dll file says enough.

    How I finally caught it? After buying a new DVD player,motherboard, cpu, graphics card,memory. Flash the bios, low level format. New hard disk, and new XPSP2 soft, I installed windows, did NOT get most recent updates. DO NOT DO THAT. then flashed my DVDROM, rebooted, and disabled my parallel, and serial ports.

    And in answer to Swamis critics, I can tell you how to see if you are infected. With windows XP Look at your devices in the device manager, go to properties, details see if the device instance ID is what it should be, or something else. SCSI where it shouldnt be is a good indication of trouble. Also look at class installers for odd things that indicate surveillance or recording of data. If anyone out there is a bit knowledgeable in this area let me know, I have a load of info that shows how this little grub works.

    I attached a small portion of the dll contents for you to see
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Did he submit his data for analysis to any of the ten security firms listed? Nothing from them has been reported, AFAIK.

    The first thread you list was also linked from windowsbbs in June, 2004 and nothing more was ever heard about it.

    http://www.windowsbbs.com/showthread.php?t=31781&goto=nextoldest


    -rich
    ________________
    ~~Be ALERT!!! ~~
     
    Last edited: Jul 30, 2005
  6. tom772

    tom772 Guest

    It donst sound like a joke to me, but as you said, as of yet though hes contacted no secuirty company. It does make me think about the complex trojan programs and what they could possibly do.
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
Loading...
Thread Status:
Not open for further replies.