Results 1 to 23 of 23
Hybrid View
-
16th February 2007 10:00 #1
-
16th February 2007 13:28 #2
-
16th February 2007 16:28 #3Remember me
Join Date: Oct:2005
Location: future
Posts: 737
HKLM\Software\Microsoft\Active Setup\Installed Components\
{18A85948-6DD2-B081-0005-010008060005}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\system32\loader.exe" [null data]
10 , advanced , ,
, , , , , , .
vb , , keylogger
, . - e loader
7 , . , exe dll , , . ,
:
1. .
2. , , ,
. CS-a.
3. 32, , ( , , ).
4. , ,
.
. ,
P.S.
CS
http://www.f-forge.com?d=BLxg1WN45hUuvkpojDy9Last edited by bobi_batko; 16th February 2007 at 18:48.
-
16th February 2007 15:04 #4Registered User
Join Date: Sep:2004
Posts: 98
firefox, . .
-
16th February 2007 18:18 #5Registered User
Join Date: Sep:2004
Posts: 98
, , . .
-
16th February 2007 18:35 #6Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
@boby_batko-

, :
http://www.symantec.com/security_res...216-99&tabid=2
@velo- ->open with->microsoft windows based script host
. . ?
-
16th February 2007 18:43 #7
-
16th February 2007 19:09 #8Remember me
Join Date: Oct:2005
Location: future
Posts: 737
, loader-a e. , .
, -. . , IP , IP , IP ( *nix ) IP , . 4 , , ping IP-,
.
,
-
16th February 2007 18:46 #9Registered User
Join Date: Sep:2004
Posts: 98
, - . Ilko, , . .
-
16th February 2007 19:12 #10Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Adware.Lop. " ...". ,
?
-
16th February 2007 19:50 #11Remember me
Join Date: Oct:2005
Location: future
Posts: 737
100% , :
HKLM\Software\Classes\.scr\(Default) = "STATISTICAScrollsheet"
<<!>> HKLM\Software\Classes\STATISTICAScrollsh eet\shell\open\command\(Default) = "NOTEPAD.EXE %1" [MS]
http://www.f-secure.com/blacklight/try_blacklight.html

P.S.
-
-
16th February 2007 20:13 #12Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
,
Lop scheduled task doc and settings\\app. data\ . file not found, , , rootkit .Enabled Scheduled Tasks:
------------------------
"B36264BD95CE1975" -> launches: "c:\docume~1\pc33\applic~1\trustb~1\ shim view wma.exe" [file not found]
, FF Internet Download Manager- a, DLL- WinSock - . , firewall, .
-
16th February 2007 19:10 #13Registered User
Join Date: Sep:2004
Posts: 98
, bobi_batko firefox 100%. . firefox-a . .
-
16th February 2007 19:26 #14Registered User
Join Date: Sep:2004
Posts: 98
, f-prot.
-
17th February 2007 22:29 #15
/ bobi_batko/ 2 adware. , .
, . .
, , .
symantec Antivirus + Windows Firewall+ windows . .Lenovo Thinkpad Yoga 15
-
17th February 2007 23:19 #16Remember me
Join Date: Oct:2005
Location: future
Posts: 737
-
18th February 2007 22:55 #17
, . , e.
, .
Hijack this , / . Google/, Spybot . Removal instructions.
, bobi_batko
Lenovo Thinkpad Yoga 15
-
19th February 2007 00:32 #18Mire-x
Join Date: Apr:2005
Location: Sofia
Posts: 763
off/
@suren: , . , , , bobi_batko , . , , , , .
, , -.
, ... , 10 ( ), . - , (, 98-
).
, -.
/off
, , . , , -... - , - , - - (, 100% , )...Last edited by Tarvin; 19th February 2007 at 00:33. Reason: ...
(10b) || !(10b)
-
19th February 2007 20:39 #19
...
( ), + , , PC-
Ta save mode, ... Nod ( ).
ASRock Z68 Pro 3 / Core I3 2100 (ex Q9550) / 4Gb Kingstn HyperX 1600Mhz / Sapphire 4870X2 / 1TB HDD Hitachi / CFT 750W-14CS / BenQ 21.5" [1920x1080]
www.WildLifeInBulgaria.com
-
19th February 2007 21:52 #20Registered User
Join Date: Feb:2007
Location: Bulgaria
Posts: 5
. . . . .
TEMP . .
-
20th February 2007 00:43 #21Remember me
Join Date: Oct:2005
Location: future
Posts: 737
, ,
-
1st March 2007 18:13 #22
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentV ersion\Run\ {++}
"ctfmon.exe" = "D:\WINDOWS\System32\ctfmon.exe" [MS]
HKLM\Software\Microsoft\Windows\CurrentV ersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"SmcService" = "D:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskb arInit" [MS]
HKLM\Software\Microsoft\Windows\CurrentV ersion\RunOnce\ {++}
"NCInstallQueue" = "rundll32 netman.dll,ProcessQueue" [MS]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""D:\WINDOWS\System32\rundll32.exe" "D:\Program Files\Messenger\msgsc.dll",ShowIconsUser " [MS]
?
-
1st March 2007 18:16 #23Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
1.
2. , SilentRunnersStartup items buried in registry





Reply With Quote

R9 280,
7th May 2023, 21:28 in