spywarp.com - Malwarebytes Forum

Welcome Guest ( Log In | Register )

spywarp.com, Usual rubbish

MysteryFCM View Member Profile	Nov 1 2007, 06:08 AM Post #1
Forum Deity Group: Moderators Posts: 3,353 Joined: 26-January 07 From: Tyneside, UK Member No.: 1,009	Found via SWW ........ http://spywarp.com/ Download: http://spywarp.com/download.php Direct download: http://spywarp.com/SpyWarpSetup.exe Couple quick screenies; http://hosts-file.net/images/imgspywarp_-_Screenie1.gif http://hosts-file.net/images/imgspywarp_-_Screenie2.gif -------------------- Steven Burn Malwarebytes Researcher Follow us: Twitter, Become a fan: Facebook

nosirrah View Member Profile	Nov 1 2007, 12:01 PM Post #2
Forum Deity Group: Administrators Posts: 6,240 Joined: 30-December 06 From: Northampton, MA USA Member No.: 884	This appears to be directly related to Spyware Eliminator . They also advertise using text taken directly from spyware doctor , a common place to swipe text for some reason . -------------------- Bruce Harrison Malwarebytes VP of Research Follow us: Twitter, Become a fan: Facebook

nosirrah View Member Profile	Nov 1 2007, 07:02 PM Post #3
Forum Deity Group: Administrators Posts: 6,240 Joined: 30-December 06 From: Northampton, MA USA Member No.: 884	This does some odd stuff . It changes BITS and seems to install an account : CODE [HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-21-1935655697-1078145449-839522115-1004] @=hex: [HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-21-1935655697-1078145449-839522115-1004\ActSysAc] @=hex(0):04,00,00,00 [HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-21-1935655697-1078145449-839522115-1004\SecDesc] @=hex(0):01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,14,00,00,00,02,00,34,\ 00,02,00,00,00,00,00,18,00,0F,00,0F,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,00,00,02,00,01,01,00,00,00,00,00,01,00,00,00,00,01,\ 02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,01,00,00,00,00,00,05,12,00,\ 00,00 [HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-21-1935655697-1078145449-839522115-1004\Sid] @=hex(0):01,05,00,00,00,00,00,05,15,00,00,00,11,C3,5F,73,A9,31,43,40,43,17,0A,\ 32,EC,03,00,00 -------------------- Bruce Harrison Malwarebytes VP of Research Follow us: Twitter, Become a fan: Facebook

SwampDiner View Member Profile	Feb 21 2008, 03:10 AM Post #4
True Member Group: Experts Posts: 421 Joined: 30-December 06 From: The Internets Member No.: 883	Added to 167

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Time is now: 9th February 2010 - 05:17 PM ()

Licensed to: Malwarebytes