Focus on Virus
stealth virus on explorer.exe Sep 28 2007 08:44AM
Isaac Perez Moncho (suscripcions tsolucio com) (4 replies)
Re: stealth virus on explorer.exe Oct 19 2007 11:21AM
Isaac Perez Moncho (suscripcions tsolucio com)
Re: stealth virus on explorer.exe Sep 29 2007 08:12AM
daniel (danderson310 gmail com)
Re: stealth virus on explorer.exe Sep 28 2007 11:26AM
T.I.M (theiceman ice gmail com) (1 replies)
RE: stealth virus on explorer.exe Sep 28 2007 04:33PM
Patrick Nolan (p nolan comcast net)
RE: stealth virus on explorer.exe Sep 28 2007 10:42AM
infos3c (infos3c gmail com)
Hi Issac,

I am sure you would have done this. still

Did u try removing all non windows applications that starts while booting?
Is the explorer getting infected even then?

Manu

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Isaac Perez Moncho
Sent: Friday, September 28, 2007 2:15 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: stealth virus on explorer.exe

Hello all,
I have a computer infected with a virus that act like this:
explorer.exe start opening smtp connections to several ip's and url's
until it exceed the tcp limit of windows xp sp2.
If I kill explorer.exe and run again from task manager the virus doesn't
run anymore until reboot.
It seems that the booting process of windows pass a parameter to
explorer for launch the virus. But not found anything interesting or
clear in the registry or boot.
I used nod32 and panda active scan for cleaning with no result. I alsoo
used spybot, adaware and superantispyware with the same null result.

Any ideas?

Thanks

--
Isaac Perez Moncho
GSEC, SSP-GHD, SSP-MPA, SSP-CNSA Microsoft MCP.
JPL TSolucio S.L
www.tsolucio.com

------------------------------------------------------------------------
---
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com
------------------------------------------------------------------------
---

------------------------------------------------------------------------
---
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com
------------------------------------------------------------------------
---

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus