Focus on Virus
stealth virus on explorer.exe Sep 28 2007 08:44AM
Isaac Perez Moncho (suscripcions tsolucio com) (4 replies)
Re: stealth virus on explorer.exe Oct 19 2007 11:21AM
Isaac Perez Moncho (suscripcions tsolucio com)
Sorry for the late answer to all the people sent me solutions.
At the end kaspersky AV found the virus and deleted it.
I know it will be nice I'll post the name of the virus, but due to the
overwork and other problems I forgot to write down the name.
So I'm very sorry for not posting it.
Thanks for all the answers I received.

El vie, 28-09-2007 a las 10:44 +0200, Isaac Perez Moncho escribió:
> Hello all,
> I have a computer infected with a virus that act like this:
> explorer.exe start opening smtp connections to several ip's and url's
> until it exceed the tcp limit of windows xp sp2.
> If I kill explorer.exe and run again from task manager the virus doesn't
> run anymore until reboot.
> It seems that the booting process of windows pass a parameter to
> explorer for launch the virus. But not found anything interesting or
> clear in the registry or boot.
> I used nod32 and panda active scan for cleaning with no result. I alsoo
> used spybot, adaware and superantispyware with the same null result.
>
> Any ideas?
>
> Thanks
>
--
http://www.sans.org/staysharp/details.php?id=7931
Isaac Perez Moncho
GSEC, SSP-GHD, SSP-MPA, SSP-CNSA Microsoft MCP.
JPL TSolucio S.L
www.tsolucio.com

------------------------------------------------------------------------
---
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com
------------------------------------------------------------------------
---

[ reply ]
Re: stealth virus on explorer.exe Sep 29 2007 08:12AM
daniel (danderson310 gmail com)
Re: stealth virus on explorer.exe Sep 28 2007 11:26AM
T.I.M (theiceman ice gmail com) (1 replies)
RE: stealth virus on explorer.exe Sep 28 2007 04:33PM
Patrick Nolan (p nolan comcast net)
RE: stealth virus on explorer.exe Sep 28 2007 10:42AM
infos3c (infos3c gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus