RE: Possible New Malware....

["Aditya , ALD [ Aditya Lalit Deshmukh ]" <aditya.deshmukh () online gateway technolabs net>]

Blankdo you know that www.slimeware.com is a paranody site with no real coproation behind it, the fellow who wrote this 
program has a real good sence of humor 




    -----Original Message-----
  From: Swearingen, Bill W [CC] [mailto:bill.p.swearingen () mail sprint com]
  Sent: Tuesday, August 24, 2004 01:01 AM
  To: ald2003 () users sourceforge net; full-disclosure-admin () lists netsys com
  Subject: RE: [Full-disclosure] Possible New Malware....
  Sensitivity: Confidential


  Taking a look at RunDLL32e.txt shows the name "slimeware corp"

  Doing a google search I found http:// www. slimeware. com/downloads.htm

  In their License Agreement they state this:

  *  This is a legally binding agreement between yourself "you" and Slimeware Corporation "Slimeware".

  < OTHER DETAILS SNIPPED> 





------------------------------------------------------------------------------
  From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Aditya , ALD [ Aditya Lalit Deshmukh ]
  Sent: Monday, August 23, 2004 10:04 AM
  To: Full-Disclosure@Lists. Netsys. Com
  Subject: [Full-disclosure] Possible New Malware....
  Importance: High
  Sensitivity: Confidential


  Hi List, Possible new malware makes startup entries and copies itself to the windows folder this is where it was 
found, creates a CurruntPowerProfile reg startup key with a value of 
Rundll32.exe,powrprof.dll,LoadCurrentPwrScheme2.exe cant find anything else that it is doing except that it is written 
in VB anyone willing to have a look at it ? the files are attached as they are just ~ 40 KB  -aditya ( simply ren *.txt 
to *.exe )