Focus on Virus
stealth virus on explorer.exe Sep 28 2007 08:44AM
Isaac Perez Moncho (suscripcions tsolucio com)
Hello all,
I have a computer infected with a virus that act like this:
explorer.exe start opening smtp connections to several ip's and url's
until it exceed the tcp limit of windows xp sp2.
If I kill explorer.exe and run again from task manager the virus doesn't
run anymore until reboot.
It seems that the booting process of windows pass a parameter to
explorer for launch the virus. But not found anything interesting or
clear in the registry or boot.
I used nod32 and panda active scan for cleaning with no result. I alsoo
used spybot, adaware and superantispyware with the same null result.

Any ideas?


Isaac Perez Moncho
JPL TSolucio S.L

This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus