Jump to content


Photo

mmcodecs.com ~312k


  • Please log in to reply
2 replies to this topic

#1 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 26 December 2007 - 10:38 AM

Movie pages :


Codec pages :

http://mmcodecs.com/003/movie.htm


Direct download :

http://www.gneprogram.com/download.php?id=1324
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#2 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 26 December 2007 - 10:41 AM

*****THIS ALSO INSTALLS DNSCHANGER ROOTKIT*****
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 26 December 2007 - 10:53 AM

Fallout :

C:\Documents and Settings\***USER***\Start Menu\Programs\SelectiveAdmission
C:\Program Files\SelectiveAdmission
C:\Program Files\WinMsg
C:\WINDOWS\tromomwin32.exe
C:\WINDOWS\cracrwinz.exe
C:\WINDOWS\system32\wmstrbum.exe
C:\WINDOWS\system32\sysobjwertb.dll
C:\WINDOWS\system32\kd***.exe <--- rootkit

[HKEY_CLASSES_ROOT\SelectiveAdmission]
[HKEY_CURRENT_USER\Software\SelectiveAdmission]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sware"="C:\\Program Files\\WinMsg\\SWARE.EXE"
"bal"="C:\\Program Files\\WinMsg\\SYSMONMS.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SelectiveAdmission]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kd***.exe"
<--- rootkit


HJT :

C:\Program Files\WinMsg\SWARE.EXE
C:\Program Files\WinMsg\SYSMONMS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta
O4 - HKLM\..\Run: [sware] C:\Program Files\WinMsg\SWARE.EXE
O4 - HKLM\..\Run: [bal] C:\Program Files\WinMsg\SYSMONMS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4C5CFD-C67B-454F-8760-2780FDCD0A08}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D0FEDBA-D2A3-46A5-83D6-4BD341B6A903}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE1DE7D4-8115-4E69-A4E9-96B6BEA89D15}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDF0DAC3-8B32-46A6-867F-CF00ECF40FA7}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users