Full Disclosure mailing list archives
SV: [TROJAN Win32] Can't identify trojan found on Win98SE box
From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Sun, 14 Sep 2003 22:39:03 +0200
Hi Petr, The code provided is a variant of Optix backdoor. A typical RAT that would allow a malicious user to gain access to your system. You should be able to search google, or whatever search-engine you choose, for Optix+backdoor. This will give you several hits ;-) Med venlig hilsen // Kind regards Peter Kruse Kruse Security http://www.krusesecurity.dk
-----Oprindelig meddelelse----- Fra: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] På vegne af Petr Stetiar Sendt: 14. september 2003 21:57 Til: full-disclosure () lists netsys com Emne: [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box Hi ALL, I've found one trojan horse or whatever it is on one Win98SE box today. I tried to find some info about it on google but didn't found anything. This file was found in C:\Windows\System directory. There were 2 unknown files to me actualy: msi2xec16.exe and mpldfg.exe (both same size and content, verified by MD5) You can download this file here:
http://takjo.net/mpldfg.exe- win.ini ----------cut-------------- run=C:\WINDOWS\SYSTEM\MSI2XEC16.EXE ----------cut-------------- The same path was found also in registry under RUN key, if someone wants full key I can post it later. I'm just curious what kind of trojan it is, because I dont have motivation to do anything on m$ powered "OS", but maybe someone... Cheers, Petr -- (__) --------------------------+------------------------------------------` (@@) ynezz[at]hysteria[dot]sk | Customer: "I'm running WindowsXP SP39g" | /----\/ - * - * - * - * - * - * - | Tech: "Yes" | | | || irc://ynezz@ircnet | Customer: "My computer isn't working now"| * ||-|| icq: 923432434 | Tech: "Yes, you said that" | ^^ ^^ ----------------------------+------------------------------------------' _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [TROJAN Win32] Can't identify trojan found on Win98SE box Petr Stetiar (Sep 14)
- <Possible follow-ups>
- [TROJAN Win32] Can't identify trojan found on Win98SE box Petr Stetiar (Sep 14)
- SV: [TROJAN Win32] Can't identify trojan found on Win98SE box Peter Kruse (Sep 14)
- Re: [TROJAN Win32] Can't identify trojan found on Win98SE box Suhail Muhammed (Sep 14)