funsec mailing list archives
live phish
From: RandallM <randallm () fidmail com>
Date: Fri, 4 Jun 2010 14:35:23 -0500
live one... http ://ecard-123greetings-com.googlegroups.com/web/ecard.zip malware found: Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection Center (Rogue.ProtectionCenter) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Protection Center (Rogue.ProtectionCenter) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\WINDOWS\PRAGMAosecwxwecx (Trojan.DNSChanger) -> No action taken. C:\Documents and Settings\sheidmann\Start Menu\Programs\Protection Center (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center (Rogue.ProtectionCenter) -> No action taken. Files Infected: C:\Documents and Settings\sheidmann\Local Settings\Temp\asd13E.tmp.exe (Malware.Packer.Gen) -> No action taken. C:\Documents and Settings\sheidmann\Local Settings\Temp\asd140.tmp.exe (Malware.Packer.Gen) -> No action taken. C:\Documents and Settings\sheidmann\Local Settings\Temp\asd141.tmp.exe (Malware.Packer.Gen) -> No action taken. C:\Documents and Settings\sheidmann\Local Settings\Temp\kernel64xp.dll (Rootkit.TDSS) -> No action taken. C:\Documents and Settings\sheidmann\Local Settings\Temp\mscdexnt.exe (Malware.Packer.Gen) -> No action taken. C:\Documents and Settings\sheidmann\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\sheidmann\Local Settings\Temporary Internet Files\Content.IE5\3346T0C8\396-direct[1].ex (Rootkit.TDSS) -> No action taken. C:\Documents and Settings\sheidmann\Start Menu\Programs\Protection Center\About.lnk (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Start Menu\Programs\Protection Center\Activate.lnk (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Start Menu\Programs\Protection Center\Buy.lnk (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Start Menu\Programs\Protection Center\Protection Center Support.lnk (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Start Menu\Programs\Protection Center\Protection Center.lnk (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Start Menu\Programs\Protection Center\Scan.lnk (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Start Menu\Programs\Protection Center\Settings.lnk (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Start Menu\Programs\Protection Center\Update.lnk (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\about.ico (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\activate.ico (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\buy.ico (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\cnt.db (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\cntext.dll (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\cnthook.dll (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\help.ico (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\scan.ico (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\settings.ico (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\Uninstall.exe (Rogue.ProtectionCenter) -> No action taken. C:\Program Files\Protection Center\update.ico (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Desktop\Protection Center.LNK (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Application Data\Microsoft\Internet Explorer\Quick Launch\Protection Center.LNK (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Desktop\Protection Center Support.LNK (Rogue.ProtectionCenter) -> No action taken. C:\Documents and Settings\sheidmann\Desktop\nudetube.com.lnk (Rogue.Link) -> No action taken. C:\Documents and Settings\sheidmann\Desktop\pornotube.com.lnk (Rogue.Link) -> No action taken. C:\Documents and Settings\sheidmann\Desktop\spam001.exe (Malware.Trace) -> No action taken. C:\Documents and Settings\sheidmann\Desktop\spam003.exe (Malware.Trace) -> No action taken. C:\Documents and Settings\sheidmann\Desktop\troj000.exe (Malware.Trave) -> No action taken. C:\Documents and Settings\sheidmann\Desktop\youporn.com.lnk (Rogue.Link) -> No action taken. C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> No action taken. C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken. -- been great, thanks RandyM a.k.a System _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- live phish RandallM (May 19)
- Re: live phish chris (May 19)
- Re: live phish RandallM (May 19)
- <Possible follow-ups>
- Re: live phish Juha-Matti Laurio (May 19)
- live phish RandallM (Jun 04)
- Re: live phish Paul Ferguson (Jun 04)
- Re: live phish Robert Kim Wireless Internet Advisor (Jun 04)
- Re: live phish Paul Ferguson (Jun 04)
- Re: live phish chris (May 19)