Jump to content

Archived

This topic is now archived and is closed to further replies.

nrhy

cp1041...weird problem

By nrhy, in General Questions

Recommended Posts

nrhy   

nrhy
Posted

ahhh, thanks for the quick reply

forwardin addy... = email? :D

Fwiw you have one of the more severe infections,i suspect either your winlogon.exe is patched or you have rootkit main.sys loaded but don't panic were going to kick their malware butts shortly

yea! :D

thanks for the clear explanation :!:

Share this post

Link to post
Share on other sites

nrhy   

nrhy
Posted

Tried with winzip and winrar, neither works:?

can I upload it the way it is? or will the server reject it?

yes, I received the update :) thanks

Share this post

Link to post
Share on other sites

fatdcuk   

fatdcuk
Posted
Tried with winzip and winrar, neither works.

yes, I received the update :) thanks

:? I must admit i do not use 3rd part tools for compression/decompression of Zip formats.Inhouse on the OS is the *send to* option on right click when the file is highlighted and select *compressed(Zipped)folder* option.

Has that been disabled or is your ndis file 0 byte in size ?

Share this post

Link to post
Share on other sites

fatdcuk   

fatdcuk
Posted

:idea: Ok try this approach towards harvesting the file.

Use IceSword file copy and save the file as ndis.old when you copy it.

If not no biggie as it will turn up sooner or later elsewhere but i will definetly like a copy of the spambot since SAS is not detcting that variant so i'm guessing it is a new repack :wink:

Share this post

Link to post
Share on other sites

nrhy   

nrhy
Posted

alright, the zip file is up on the castlecops website...or so it said.

:D tell me if you can access it

thanks

Share this post

Link to post
Share on other sites

fatdcuk   

fatdcuk
Posted
alright, the zip file is up on the castlecops website...or so it said.

:D tell me if you can access it

thanks

Great job 8)

I have them now and will be be looking at them shortly.Thanks again for the upload :D

Share this post

Link to post
Share on other sites

fatdcuk   

fatdcuk
Posted

:D

Those files not being present is not a problem,like i said earliar depending on which *variant* of the infection you had would govern which badboys were on your machine.So its a good thing if they are all not present in one way :wink:

Just to double check,did you upload your winlogon.exe from system32 folder to VT service ?

Share this post

Link to post
Share on other sites

nrhy   

nrhy
Posted

yeah, except its taking a while :?

it stops scanning after some time with the winlogon file...

AhnLab-V3	2007.4.28.0	04.27.2007	no virus found
AntiVir	7.4.0.15	04.28.2007	no virus found
Authentium	4.93.8	04.27.2007	no virus found
Avast	4.7.981.0	04.26.2007	no virus found
AVG	7.5.0.464	04.26.2007	no virus found
BitDefender	7.2	04.29.2007	no virus found
CAT-QuickHeal	9.00	04.28.2007	no virus found
ClamAV	devel-20070416	04.29.2007	no virus found
DrWeb	4.33	04.28.2007	no virus found
eSafe	7.0.15.0	04.27.2007	no virus found
eTrust-Vet	30.7.3601	04.27.2007	no virus found
Ewido	4.0	04.27.2007	no virus found
FileAdvisor	1	04.29.2007	No threat detected
Fortinet	2.85.0.0	04.28.2007	no virus found
F-Prot	4.3.2.48	04.27.2007	no virus found

for the most part, its clean...

Share this post

Link to post
Share on other sites

fatdcuk   

fatdcuk
Posted

Right when you say its stops scanning,do you mean a message appears at the top left of the page saying *Service has stopped* ?

If so click refresh to reload and keep repeating until it starts mal checking again.We need the full report before the all clear is sounded :!:

Share this post

Link to post
Share on other sites

nrhy   

nrhy
Posted

done, its all good :D

no threat, no virus...totally clean

:shock:

Thanks alot for everything you done fatdcuk!!! greatly appreciate it :D

Share this post

Link to post
Share on other sites
Go To Topic Listing
×
×
  • Create New...