Results 1 to 23 of 23

Thread:

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Remember me
    Join Date: Oct:2005
    Location: future
    Posts: 737

    thread explorer.exe, 100% . ?


  2. #2
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    , Notepad copy- paste .

  3. #3
    Remember me
    Join Date: Oct:2005
    Location: future
    Posts: 737
    Quote Originally Posted by ilko View Post
    , Notepad copy- paste .



    HKLM\Software\Microsoft\Active Setup\Installed Components\
    {18A85948-6DD2-B081-0005-010008060005}\(Default) = (no title provided)
    \StubPath = "C:\WINDOWS\system32\loader.exe" [null data]

    10 , advanced , ,
    , , , , , , .
    vb , , keylogger , . - e loader
    7 , . , exe dll , , . ,

    :
    1. .
    2. , , , . CS-a.
    3. 32, , ( , , ).
    4. , , .

    . ,

    P.S.
    CS
    http://www.f-forge.com?d=BLxg1WN45hUuvkpojDy9
    Last edited by bobi_batko; 16th February 2007 at 18:48.

  4. #4
    Registered User
    Join Date: Sep:2004
    Posts: 98
    firefox, . .

  5. #5
    Registered User
    Join Date: Sep:2004
    Posts: 98
    , , . .

  6. #6
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    @boby_batko-
    , :
    http://www.symantec.com/security_res...216-99&tabid=2

    @velo- ->open with->microsoft windows based script host

    . . ?

  7. #7
    motherfather The Penalty's Avatar
    Join Date: Mar:2002
    Location:
    Posts: 20,472
    ... wscript.exe ___.vbs
    ,

    • , -
    • Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us
    • Soul platinum 1 and 2. See? It's not the game - you suck.


  8. #8
    Remember me
    Join Date: Oct:2005
    Location: future
    Posts: 737
    , loader-a e. , .
    , -. . , IP , IP , IP ( *nix ) IP , . 4 , , ping IP-, .
    ,

  9. #9
    Registered User
    Join Date: Sep:2004
    Posts: 98
    , - . Ilko, , . .
    Attached Files

  10. #10
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Adware.Lop. " ...". , ?

  11. #11
    Remember me
    Join Date: Oct:2005
    Location: future
    Posts: 737
    Quote Originally Posted by velo View Post
    , - . Ilko, , . .
    100% , :

    HKLM\Software\Classes\.scr\(Default) = "STATISTICAScrollsheet"
    <<!>> HKLM\Software\Classes\STATISTICAScrollsh eet\shell\open\command\(Default) = "NOTEPAD.EXE %1" [MS]

    http://www.f-secure.com/blacklight/try_blacklight.html




    P.S.
    -

  12. #12
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Quote Originally Posted by bobi_batko View Post
    100% , :

    HKLM\Software\Classes\.scr\(Default) = "STATISTICAScrollsheet"
    <<!>> HKLM\Software\Classes\STATISTICAScrollsh eet\shell\open\command\(Default) = "NOTEPAD.EXE %1" [MS]...
    ,

    Enabled Scheduled Tasks:
    ------------------------

    "B36264BD95CE1975" -> launches: "c:\docume~1\pc33\applic~1\trustb~1\ shim view wma.exe" [file not found]
    Lop scheduled task doc and settings\\app. data\ . file not found, , , rootkit .

    , FF Internet Download Manager- a, DLL- WinSock - . , firewall, .

  13. #13
    Registered User
    Join Date: Sep:2004
    Posts: 98
    , bobi_batko firefox 100%. . firefox-a . .

  14. #14
    Registered User
    Join Date: Sep:2004
    Posts: 98
    , f-prot.

  15. #15
    Registered User suren's Avatar
    Join Date: Dec:2001
    Location:
    Posts: 1,219
    / bobi_batko/ 2 adware. , .
    , . .
    , , .
    symantec Antivirus + Windows Firewall+ windows . .
    Lenovo Thinkpad Yoga 15

  16. #16
    Remember me
    Join Date: Oct:2005
    Location: future
    Posts: 737

    Cool

    Quote Originally Posted by suren View Post
    / bobi_batko/ 2 adware. , .
    , . .
    , , .
    symantec Antivirus + Windows Firewall+ windows . .
    ,
    , " ", . , , "symantec Antivirus + Windows Firewall+ windows" , .
    , , . , , ,

  17. #17
    Registered User suren's Avatar
    Join Date: Dec:2001
    Location:
    Posts: 1,219
    , . , e.
    , .
    Hijack this , / . Google/, Spybot . Removal instructions.

    , bobi_batko
    Lenovo Thinkpad Yoga 15

  18. #18
    Mire-x
    Join Date: Apr:2005
    Location: Sofia
    Posts: 763
    off/
    @suren: , . , , , bobi_batko , . , , , , .

    , , -. , ... , 10 ( ), . - , (, 98- ).

    , -.
    /off

    , , . , , -... - , - , - - (, 100% , )...
    Last edited by Tarvin; 19th February 2007 at 00:33. Reason: ...
    (10b) || !(10b)

  19. #19
    Registered User edakov's Avatar
    Join Date: Jun:2004
    Location:
    Posts: 7,373
    ... ( ), + , , PC- Ta save mode, ... Nod ( ).
    ASRock Z68 Pro 3 / Core I3 2100 (ex Q9550) / 4Gb Kingstn HyperX 1600Mhz / Sapphire 4870X2 / 1TB HDD Hitachi / CFT 750W-14CS / BenQ 21.5" [1920x1080]
    www.WildLifeInBulgaria.com

  20. #20
    Registered User
    Join Date: Feb:2007
    Location: Bulgaria
    Posts: 5

    Red face

    . . . . .
    TEMP . .

  21. #21
    Remember me
    Join Date: Oct:2005
    Location: future
    Posts: 737

    , ,

  22. #22
    Registered User pappy's Avatar
    Join Date: Aug:2006
    Location: Bulgaria
    Posts: 106
    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentV ersion\Run\ {++}
    "ctfmon.exe" = "D:\WINDOWS\System32\ctfmon.exe" [MS]

    HKLM\Software\Microsoft\Windows\CurrentV ersion\Run\ {++}
    "NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
    "SmcService" = "D:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
    "NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskb arInit" [MS]

    HKLM\Software\Microsoft\Windows\CurrentV ersion\RunOnce\ {++}
    "NCInstallQueue" = "rundll32 netman.dll,ProcessQueue" [MS]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
    \StubPath = ""D:\WINDOWS\System32\rundll32.exe" "D:\Program Files\Messenger\msgsc.dll",ShowIconsUser " [MS]

    ?

  23. #23
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    1.
    Startup items buried in registry
    2. , SilentRunners

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |