3 replies to this topic

[nosirrah]

Thunder dropped a new installer for ultimate cleaner 2007 into the CC unknown file forum . RR nailed most of the infection but missed the attached files .

pntadmhv1.exe
pntadmhv2.exe
pntadmhv3.exe

were in C:\WINDOWS\system32\pntadmhv . You can nuke this entire folder , the rest is just fluff though .


asdjhweq.exe
fprlnci.dll
LCusLaZ8.dll
rurexexo.exe
sttool32.exe

were in C:\WINDOWS\system32 .

The installer (ivevergp.exe) is included , pass <-> infected .

(sttool32.exe kind of describes this infection , if you know what I mean)

EDIT

Looks like I will have to do this in two posts .

EDIT2

It looks like the attachment limit is for more than just this post or thread .

Attached Files

•  rogue2.zip   375.34K   25 downloads

[nosirrah]

Another one .

C:\Documents and Settings\*user name*\Local Settings\Application Data\fprlnci.dll

Looks randomly named though .

[RubbeR DuckY]

Cool. I'll take it apart when I get home. Can you attach the full installer or send it to my e-mail address.

[nosirrah]

If you grab ivevergp.exe from the above attached file you will have the starting point for a giant pile of ^%@* .

The files just keep coming with this one . I found 4 more additional program folders created as well .

I am going to start over with this one and see what else I can capture . I may have killed this one before all of the malware had downloaded . The file in the new program folder were all 0 length . These could also be planted malware for the rogue scanners . One of the files was named keylogger .