Prev: What best virus checker (to boot from CD)
Next: GMER and aujasnkj.sys?
From: Ant on 27 Sep 2008 08:04
"David H. Lipman" wrote:

> From: "Ant" <not(a)home.today>
> Yeah but he posted the assembler code and only indicated it downloaded the file U.exe to
> c:\ using URLDownloadToFileA() but not much else and my assembly is rusty as hell.

Well, that's all it does apart from invoking the WMV bug to enable it.
Actually, where from and what it downloads (saved as U.exe) is unknown
since the script contains only the placeholder parameter for that.

I suppose he posted the asm to show how he got there but it wasn't
necessary. I can go into some detail about the script/asm if you want
but it wont tell you much you don't already know.


From: David H. Lipman on 27 Sep 2008 09:47
From: "Ant" <not(a)home.today>


| I suppose he posted the asm to show how he got there but it wasn't
| necessary. I can go into some detail about the script/asm if you want
| but it wont tell you much you don't already know.

OK. Thanx.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: VanguardLH on 27 Sep 2008 20:56
Ant wrote:

> "David H. Lipman" wrote:
>
>> From: "Ant" <not(a)home.today>
>> Yeah but he posted the assembler code and only indicated it downloaded the file U.exe to
>> c:\ using URLDownloadToFileA() but not much else and my assembly is rusty as hell.
>
> Well, that's all it does apart from invoking the WMV bug to enable it.
> Actually, where from and what it downloads (saved as U.exe) is unknown
> since the script contains only the placeholder parameter for that.
>
> I suppose he posted the asm to show how he got there but it wasn't
> necessary. I can go into some detail about the script/asm if you want
> but it wont tell you much you don't already know.

C'mon guys. You really expect proper netiquette from posters hiding
behind remailers, like Dizum?
From: Ant on 28 Sep 2008 03:37
"VanguardLH" wrote:

> Ant wrote:
>> I suppose he posted the asm to show how he got there but it wasn't
>> necessary. I can go into some detail about the script/asm if you want
>> but it wont tell you much you don't already know.
>
> C'mon guys. You really expect proper netiquette from posters hiding
> behind remailers, like Dizum?

Pardon? We wern't discussing the OP but a 3rd party who dissasembled
the shellcode.


First  |  Prev  | 
Pages: 1 2
Prev: What best virus checker (to boot from CD)
Next: GMER and aujasnkj.sys?