Sign In
Create Account
1
Movie pages :
Codec pages :
http://mmcodecs.com/003/movie.htm
Direct download :
http://www.gneprogram.com/download.php?id=1324
#1
Posted 26 December 2007 - 10:38 AM
-
- Administrators
-
- 5,399 posts
Forum Deity
- Location:Northampton, MA USA
Back to top
#2
Posted 26 December 2007 - 10:41 AM
-
- Administrators
-
- 5,399 posts
Forum Deity
- Location:Northampton, MA USA
*****THIS ALSO INSTALLS DNSCHANGER ROOTKIT*****
#3
Posted 26 December 2007 - 10:53 AM
-
- Administrators
-
- 5,399 posts
Forum Deity
- Location:Northampton, MA USA
Fallout :
C:\Documents and Settings\***USER***\Start Menu\Programs\SelectiveAdmission
C:\Program Files\SelectiveAdmission
C:\Program Files\WinMsg
C:\WINDOWS\tromomwin32.exe
C:\WINDOWS\cracrwinz.exe
C:\WINDOWS\system32\wmstrbum.exe
C:\WINDOWS\system32\sysobjwertb.dll
C:\WINDOWS\system32\kd***.exe <--- rootkit
[HKEY_CLASSES_ROOT\SelectiveAdmission]
[HKEY_CURRENT_USER\Software\SelectiveAdmission]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sware"="C:\\Program Files\\WinMsg\\SWARE.EXE"
"bal"="C:\\Program Files\\WinMsg\\SYSMONMS.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SelectiveAdmission]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kd***.exe" <--- rootkit
HJT :
C:\Program Files\WinMsg\SWARE.EXE
C:\Program Files\WinMsg\SYSMONMS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta
O4 - HKLM\..\Run: [sware] C:\Program Files\WinMsg\SWARE.EXE
O4 - HKLM\..\Run: [bal] C:\Program Files\WinMsg\SYSMONMS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4C5CFD-C67B-454F-8760-2780FDCD0A08}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D0FEDBA-D2A3-46A5-83D6-4BD341B6A903}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE1DE7D4-8115-4E69-A4E9-96B6BEA89D15}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDF0DAC3-8B32-46A6-867F-CF00ECF40FA7}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
C:\Documents and Settings\***USER***\Start Menu\Programs\SelectiveAdmission
C:\Program Files\SelectiveAdmission
C:\Program Files\WinMsg
C:\WINDOWS\tromomwin32.exe
C:\WINDOWS\cracrwinz.exe
C:\WINDOWS\system32\wmstrbum.exe
C:\WINDOWS\system32\sysobjwertb.dll
C:\WINDOWS\system32\kd***.exe <--- rootkit
[HKEY_CLASSES_ROOT\SelectiveAdmission]
[HKEY_CURRENT_USER\Software\SelectiveAdmission]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sware"="C:\\Program Files\\WinMsg\\SWARE.EXE"
"bal"="C:\\Program Files\\WinMsg\\SYSMONMS.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SelectiveAdmission]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kd***.exe" <--- rootkit
HJT :
C:\Program Files\WinMsg\SWARE.EXE
C:\Program Files\WinMsg\SYSMONMS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta
O4 - HKLM\..\Run: [sware] C:\Program Files\WinMsg\SWARE.EXE
O4 - HKLM\..\Run: [bal] C:\Program Files\WinMsg\SYSMONMS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4C5CFD-C67B-454F-8760-2780FDCD0A08}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D0FEDBA-D2A3-46A5-83D6-4BD341B6A903}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE1DE7D4-8115-4E69-A4E9-96B6BEA89D15}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDF0DAC3-8B32-46A6-867F-CF00ECF40FA7}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
