Jump to content

Malwarebytes

load.exe

Started by Jaxryley, Jan 28 2009 10:50 PM

3 replies to this topic

#1
Jaxryley
Posted 28 January 2009 - 10:50 PM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.
Number 24 for my samples and not being flagged by MBAM.
moneypuller.site90.net/images/gallery/load.php?xpl=mdac

Quote

File load.exe received on 01.28.2009 23:46:53 (CET)
Current status: finished
Result: 8/39 (20.51%)
Virus Total
File size: 56612 bytes

#2
Just_me
Posted 30 January 2009 - 10:18 PM

    New Member

  • Members
  • Pip
  • 1 posts

View PostJaxryley, on Jan 28 2009, 11:50 PM, said:

Number 24 for my samples and not being flagged by MBAM.
moneypuller.site90.net/images/gallery/load.php?xpl=mdac

Virus Total
File size: 56612 bytes

Can you tell me anything about this? I found it doing a Google search for the domain to see if I could figure out what kind of crap it was spreading, since my computer may have been exposed.

A site, Godfrey Memorial Library, was hacked - they are trying to hide the fact (their official statement admitted this has been happening, but said no user computers were at risk!) but there was something hidden in the JavaScript there. Someone else read the statusbar on IE reporting an visit to xxx.moneypuller.site90.com (since he later called it "moneygrabber", I don't know if it was really .net and not .com and he misread it) - I didn't see any report of a script, and FireKeeper didn't warn me of any trouble, but when I chose "View Source" and searched for "moneypuller" FF found something as it jumped to the JavaScript line but couldn't display anything. When I saved the source code as text and searched for the same string, I found nothing... Another person who visited the site said AVG Free picked up something called Downloader and dealt with it on her computer.

I've scanned with MBAM (but you noted it was not flagging this file?) and Spybot S&D, and found nothing. Will I need to uninstall Kaspersky AV and install AVG to find out if I got anything downloaded to my system? (I also use TinyWatcher, which did not report any changes on the next reboot after I visited the Godfrey site - but I'm not sure what it scans, so not sure it would catch this.)

Basically, I'm just asking what I need to do to be sure my computer is clean. If this is emerging, does anyone even know yet? Or do I need to do a complete HDD nuke and reinstall? (Which would take me weeks, with all the crap I have on here.)

Thanks for any help or advice you can give.

#3
Jaxryley
Posted 30 January 2009 - 11:11 PM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.
Dunno what this trojan does as it won't run sandboxed and on re-uploading to Virus Total a lot more engines are flagging it now, including Kaspersky.

Quote

File load_24_.exe received on 01.31.2009 00:05:01 (CET)
Current status: finished
Result: 23/39 (58.97%)
Virus Total

#4
exile360
Posted 30 January 2009 - 11:16 PM

    exile

  • Moderators
  • PipPipPipPipPipPip
  • 12,965 posts
  • Gender:Male
Looks like the Banker trojan. Designed to steal passwords, CC info and the like.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Newest Rogue Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Rogue Threats

Products

About

Partners

Follow Us