Results 1 to 4 of 4

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User Xfirebg's Avatar
    Join Date: Dec:2006
    Location: Bulgaria
    Posts: 278

    Question (...\system32\drivers\FmMgr. exe)WORM_SMALL.MDZ

    , .

    , :

    This worm downloads updated copies of itself from the following URLs:

    * http://{BLOCKED}.222.{BLOCKED}.187/~dsacom/33.exe
    * http://{BLOCKED}.222.{BLOCKED}.187/~dsacom/c12345.jpg

    It saves the updated copies of itself as %System%\drivers\FmMgr.exe and C:\8b4l8r9h1v9.exe, respectively.
    Last edited by Xfirebg; 8th October 2008 at 15:34.

  2. #2
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296
    ? .

  3. #3
    Registered User Xfirebg's Avatar
    Join Date: Dec:2006
    Location: Bulgaria
    Posts: 278
    Quote Originally Posted by vbdasc View Post
    ? .
    , , (, ), ( Process Explorer ). , ...

  4. #4
    Nostrum IvO's Avatar
    Join Date: Jun:2008
    Location: HOME.WAD
    Posts: 1,334
    Quote Originally Posted by Xfirebg View Post
    , , (, )...

    " ", :

    1. autorun.inf.
    2. : Read-only Hidden.

    autorun.inf, .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |