Focus on Virus
stealth virus on explorer.exe Sep 28 2007 08:44AM
Isaac Perez Moncho (suscripcions tsolucio com) (4 replies)
Re: stealth virus on explorer.exe Oct 19 2007 11:21AM
Isaac Perez Moncho (suscripcions tsolucio com)
Re: stealth virus on explorer.exe Sep 29 2007 08:12AM
daniel (danderson310 gmail com)
What up,

First I would try and scan the computer with Spyware Doctor from
pack.google.com. Then hijack this and post the txt file on hijackthis.de
to see explanations of BHO, ActiveX etc... Finally i would copy the
explorer.exe on to a USB drive take it to another computer or VM and run
resource hacker from http://www.angusj.com/resourcehacker/. The tool has
a internal resource script compiler and decompiler to view executable
files. Before moving the file on to the HD of the clean computer rename
it to "explorer.exe.test" and move it to the desktop. Open the file with
Resource Hacker then open the clean computers explorer files and
manually compare. If not still, AVG free from free.grisoft.com scan,
then download IceSword 1.22 EN from majorgeeks.com and use the tools
supplied to view the registry and file system. look especially hard at
the %systemroot%/system32 folder. do a netstat -na or wireshak to
monitor you viruses communication. Post back.

Shiner Bock Rules!!!

Fri, 2007-09-28 at 10:44 +0200, Isaac Perez Moncho wrote:
> Hello all,
> I have a computer infected with a virus that act like this:
> explorer.exe start opening smtp connections to several ip's and url's
> until it exceed the tcp limit of windows xp sp2.
> If I kill explorer.exe and run again from task manager the virus doesn't
> run anymore until reboot.
> It seems that the booting process of windows pass a parameter to
> explorer for launch the virus. But not found anything interesting or
> clear in the registry or boot.
> I used nod32 and panda active scan for cleaning with no result. I alsoo
> used spybot, adaware and superantispyware with the same null result.
>
> Any ideas?
>
> Thanks
>

------------------------------------------------------------------------
---
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com
------------------------------------------------------------------------
---

[ reply ]
Re: stealth virus on explorer.exe Sep 28 2007 11:26AM
T.I.M (theiceman ice gmail com) (1 replies)
RE: stealth virus on explorer.exe Sep 28 2007 04:33PM
Patrick Nolan (p nolan comcast net)
RE: stealth virus on explorer.exe Sep 28 2007 10:42AM
infos3c (infos3c gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus