how to shut down this stupid page?
in [Viruses]
|
From: Ant on 15 Feb 2010 21:50 "Virus Guy" wrote: > I just submitted the payload to VT. VT did not claim to have seen or > scanned it before. > > Only 6/41 hit rate (15%). Not that surprising. The exe is double-packed. > TrendMicro Cryp_Krap-9 An appropriate name for the first packer which throws a load of exceptions (handled) at the start and then jumps around all over the place in the code. I wouldn't be surprised if the packing varied from time to time. The second packer is PECompact 2. When they're removed you have a fake AV app (Security Tool) written in Borland Delphi. > The file, when run, creates a .bat and .exe file with a numeric name > (probably random) here: The .bat file deletes the original download (and itself) after copying the exe to the new location and setting the registry startup entry. The subdirectory and file name are 8 random digits. Love the hard-coded fake BSOD info: | problem has been detected and windows has been shut down prevent | damage to your computer. The problem seems to be caused by the | following file: | SPCMDCOM.sys | PAGE_FAULT_IN_NONPAGED_AREA | Technical information: | *** STOP: 0x00000050 (0xFD3094C2, 0x00000001, 0xFBFE7617, 0x00000000) *** | SPCMDCON.SYS - Address FBFE7617 base at FBFE5000, DateStamp 3d6dd67c This domain is also encrypted in the file: webpaybill.net which is where you'll likely be sent to have your wallet lightened.
From: Bill on 17 Feb 2010 18:36 NOD32 has added this particular piece of malware to their definitions.
From: Teeernte on 2 Mar 2010 16:57 Domain Name: *REMOVETROJAN.NET * Registrant: n/a Joshua Curry (softvseo(a)gmail.com) 145 Lochmere Lane Hartford Illinois,06103 US Tel. +860.4171945 //removetrojan.net/securitytool/install.exe IP-Adresse: 91.215.170.14 http://www.utrace.de/?query=removetrojan.net = RIGA (RU) -- Teeernte ------------------------------------------------------------------------ Teeernte's Profile: http://forums.techarena.in/members/190362.htm View this thread: http://forums.techarena.in/security-systems/1305750.htm http://forums.techarena.in
From: Virus Guy on 2 Mar 2010 22:14
Teeernte wrote: > //removetrojan.net/securitytool/install.exe And note just how many AV apps flag this as a threat. What a joke. |