Re: Trojan Found In New HDs Sold In Taiwan

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 11/14/07, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
> Dude VanWinkle <dudevanwinkle () gmail com> kirjoitti:
> > On 11/13/07, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
> > > The description of this malware (Kaspersky's writeup):
> > >
> > > Virus.Win32.AutoRun.ah
> > > http://www.viruslist.com/en/viruses/encyclopedia?virusid=160221
> > >
> > > The payload is not so bad in corporate environment...
> >
> > The virus modifies values of the following system registry keys:
> >
> > [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
> > DisableTaskMgr = 1
> > [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
> > NoFolderOptions = 1
> >
> > It also searches the hard disk partitions <snip> for files with an
> > ".mp3" extension:
> > <snip>
> > These files wil then be deleted.
>
> Thanks for provifing the summary to readers not visit the Viruslist.com URL.

err sure, anytime..

> Additionally, Trend has listed several malware names too, e.g.

I was just wondering why the articles said: This virus -->uploads
all<-- your files to X, and the one you posted said it -->deleted<--
all your -->mp3<-- files. I could have just mis-clicked on a url
again..

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.