Jump to content


Photo

ChameleonTom


  • This topic is locked This topic is locked
3 replies to this topic

#1 salmon

salmon

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 183 posts
  • Gender:Male
  • Interests:Mainly salmon

Posted 14 March 2010 - 06:18 AM

Saw a page on facebook with 100,000 fans supporting FLVDirect.exe and ChameleonTom.exe
http://www.facebook.com/pages/OMG-I-LAUGHED-SO-HARD-WHEN-I-SAW-THIS-PIC-OF-CHERYL-COLE-AND-JOHN-TERRY/386706143273?v=wall
Links on the side

http://www.virustota...63f8-1268564974
Result: 4/42 (9.53%)

http://chameleontom.com/#download

related sites:
http://chameleontom.org/
http://plugin.chameleontom.com/gettom
Charmy.net

Is this adware?

Attached Files


Trojan.Salmon moving to fish tank on reboot.

#2 cycl0ne

cycl0ne

    New Member

  • Members
  • Pip
  • 3 posts

Posted 14 March 2010 - 11:06 AM

yeah these install a bunch of adware to your machine-- some registry keys of interest include
HKU\S-1-5-21-602162358-823518204-1417001333-1003\Software\AppDataLow
HKU\S-1-5-21-602162358-823518204-1417001333-1003\Software\AppDataLow\-2vGtn_7rYg3
HKU\S-1-5-21-602162358-823518204-1417001333-1003\Software\AppDataLow\-2vGtn_7rYg3\MCACM-ZVK7-9M3
HKU\S-1-5-21-602162358-823518204-1417001333-1003\Software\AppDataLow\FLV Player
HKU\S-1-5-21-602162358-823518204-1417001333-1003\Software\AppDataLow\HavingFunOnline

They also change all of your homepages/search engine information/and creates a weird dll file called l_WiRc.dll -- which shows some malware unpacking characteristics
inflate 1.2.3 Copyright 1995-2005 Mark Adler
which is a commonly used unpacker for malware.

Hope this helps :(

#3 salmon

salmon

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 183 posts
  • Gender:Male
  • Interests:Mainly salmon

Posted 14 March 2010 - 01:37 PM

Thanks ^.^ I don't know if i attached the file so i did it again
Trojan.Salmon moving to fish tank on reboot.

#4 S!Ri

S!Ri

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 10,411 posts
  • Gender:Male

Posted 15 March 2010 - 03:31 AM

Hello.
Attached file will be verified.
Thank you for your help.
Biohazard.gifS!Ri
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users