Re: Trojan Found In New HDs Sold In Taiwan

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 11/13/07, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
> The description of this malware (Kaspersky's writeup):
>
> Virus.Win32.AutoRun.ah
> http://www.viruslist.com/en/viruses/encyclopedia?virusid=160221
>
> The payload is not so bad in corporate environment...

The virus modifies values of the following system registry keys:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
DisableTaskMgr = 1
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
NoFolderOptions = 1

It also searches the hard disk partitions <snip> for files with an
".mp3" extension:
<snip>
These files wil then be deleted.


OP referenced this description:
> > Trojan
> > horse viruses that automatically upload to Beijing Web sites
> > anything the computer user saves on the hard disc,


Which one is it?

If it is the latter, then has anyone considered the fact that this
might just be a free online backup service from Seagate :-P

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.