Worse and worse and worse...

Discussion in 'malware problems & news' started by Longboard, Aug 11, 2006.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    This just never ends!
    See some of the scan reports from the combined scanning.
    http://www.bluetack.co.uk/forums/index.php?showtopic=15097

    Also, there is no way I could understand any of those pop-ups from PG or SSM or other utilities :(

    Shame that more than one AV cant be run at once.
    Reminder to use the on line scans and have layers like you are fighting off the winter.

    The world wide spiderweb :mad:
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Hope somebody from ESET will take a look at these. :) Anyway NOD32 seems to cover them well.
     
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    If someone willingly download trojan into PC, AV can not do much to stop it.
    Thanks for this interesting page, it is good to test security settings of the PC.

    IP: 81.177.15.226 opened properly, but there was only written: Not found / pwn3d!!.
    The rest: cgi & htm did not load, jar & php opened like txt, exe & wmf did not download.

    When I finished, I scanned PC with Ewido and other software like GMER. Ewido Reported:
    Code:
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RENB2Q8V\java[1].txt/GetAccess.class -> Downloader.OpenConnection.aj : No action taken.
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RENB2Q8V\java[1].txt/Installer.class -> Downloader.OpenConnection.aj : No action taken.
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XOUIEUP0\xpladv596[1].wmf -> Exploit.MS05-053-WMF : No action taken.
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RENB2Q8V\java[1].txt/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RENB2Q8V\java[1].txt/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\RENB2Q8V\lpokhrbxq[1].htm -> Trojan.ProcKill.DJ : No action taken.
    When I wanted to check those files with online scanner, they were already deleted by IE.
     
  4. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I went there as well :cool: to try with the attached result.

    Gerard
     

    Attached Files:

    • biz.gif
      biz.gif
      File size:
      20.2 KB
      Views:
      686
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Does the site still work or what? I went to the site but the only thing that loads is the .com file, after that nothing happens. And which bug is it exploiting? I mean is this a zero day bug or what? I also get to see "Not found / pwn3d!!".

    SSM does alert about the .com executable file, good to know that SSM´s protection really works. And I assume that SSM could also block the driver from loading. Would be proof that it can really save your ass from zero day attacks. :)
     
Thread Status:
Not open for further replies.