Full Disclosure mailing list archives
Possible New Malware....
From: "Aditya , ALD [ Aditya Lalit Deshmukh ]" <aditya.deshmukh () online gateway technolabs net>
Date: Mon, 23 Aug 2004 20:33:58 +0530
BlankHi List, Possible new malware makes startup entries and copies itself to the windows folder this is where it was found, creates a CurruntPowerProfile reg startup key with a value of Rundll32.exe,powrprof.dll,LoadCurrentPwrScheme2.exe cant find anything else that it is doing except that it is written in VB anyone willing to have a look at it ? the files are attached as they are just ~ 40 KB -aditya ( simply ren *.txt to *.exe )
Attachment:
Rundll32.exe,powrprof.dll,LoadCurrentPwrScheme2.txt
Description:
Attachment:
RunDLL32e.txt
Description:
Current thread:
- Possible New Malware.... Aditya , ALD [ Aditya Lalit Deshmukh ] (Aug 23)
- RE: Possible New Malware.... Kane Lightowler (Aug 24)
- RE: Possible New Malware.... Ron DuFresne (Aug 24)
- <Possible follow-ups>
- RE: Possible New Malware.... Aditya , ALD [ Aditya Lalit Deshmukh ] (Aug 24)
- RE: Possible New Malware.... Harlan Carvey (Aug 24)
- Re: Possible New Malware.... Valdis . Kletnieks (Aug 24)
- RE: Possible New Malware.... Harlan Carvey (Aug 24)
- RE: Possible New Malware.... Kane Lightowler (Aug 24)