Jump to content


Photo

Missed files


  • Please log in to reply
3 replies to this topic

#1 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,451 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 20 March 2007 - 07:32 AM

Thunder dropped a new installer for ultimate cleaner 2007 into the CC unknown file forum . RR nailed most of the infection but missed the attached files .

pntadmhv1.exe
pntadmhv2.exe
pntadmhv3.exe

were in C:\WINDOWS\system32\pntadmhv . You can nuke this entire folder , the rest is just fluff though .


asdjhweq.exe
fprlnci.dll
LCusLaZ8.dll
rurexexo.exe
sttool32.exe

were in C:\WINDOWS\system32 .

The installer (ivevergp.exe) is included , pass <-> infected .

(sttool32.exe kind of describes this infection , if you know what I mean) :)

EDIT

Looks like I will have to do this in two posts .

EDIT2

It looks like the attachment limit is for more than just this post or thread .

Attached Files


Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#2 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,451 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 20 March 2007 - 08:06 AM

Another one .

C:\Documents and Settings\*user name*\Local Settings\Application Data\fprlnci.dll

Looks randomly named though .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,148 posts
  • Gender:Male

Posted 20 March 2007 - 08:11 AM

Cool. I'll take it apart when I get home. Can you attach the full installer or send it to my e-mail address.
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#4 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,451 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 20 March 2007 - 08:23 AM

If you grab ivevergp.exe from the above attached file you will have the starting point for a giant pile of ^%@* .

The files just keep coming with this one . I found 4 more additional program folders created as well .

I am going to start over with this one and see what else I can capture . I may have killed this one before all of the malware had downloaded . The file in the new program folder were all 0 length . These could also be planted malware for the rogue scanners . One of the files was named keylogger .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users