republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Heads Up - PayPal infection attempt - New??
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
EZTrust Antivirus crashes everytime...? »
« kaspersky question  
AuthorAll Replies


Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast

reply to Link Logger
Re: Heads Up - PayPal infection attempt - New??

NewCompresse···lder.zip 77,923 bytes
Ok, you have a new Trojan Dropper, very interesting one, it does a lot of things. It drops pp.gif and pp.hta in root and it runs pp.hta and asks for credit card number, Then it drops ee98af.tmp,and el388.tmp in windows folder. The el388.tmp (copies your e-mail addreses), It then drops a Trojan svchost32.exe in windows folder, then it adds itself to registry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SvcHost32 = 'G:\WINDOWS\svchost32.exe'

It then records all your e-mail address, contacts, and any e-mail address in any of your folders inbox, sent, deleted then it try's to connect to internet and send all of this information as well as your credit card number.

Here is some pics of what it does.
--
TrojanHunter Stands For Privacy!!!!!!!
to forum · permalink · · 2003-11-13 22:44:01 · Reply to this


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
 Fast and good work Vampirefo as it would appear you have nailed it.

Where does it send the information too?

Blake
to forum · permalink · · 2003-11-13 22:51:13 · Reply to this


broknsymetry
What Time Is It And Why?
Premium
join:2003-06-27
THE VOID
clubs:

reply to Vampirefo
Almost gave me a heart attack when I viewed clipboard4.gif from your zip file. I thought McAfee was really giving me a filtering rule alert for svchost32.exe, ROFLMAO
--
Some scientist may at last disperse
The mysteries of the universe
But me, I can not even think
Why pork is white and ham is pink
--Ogden Nash
to forum · permalink · · 2003-11-13 23:00:45 · Reply to this
Forums » Up and Running » Security » SecurityEZTrust Antivirus crashes everytime...? »
« kaspersky question  

Saturday, 28-Nov 13:54:34 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [75] TiVo Sees Record Customer Losses
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [60] Weekend Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Why would I want an e reader? [General Questions]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [Newsgroups] Newzleech down? [Filesharing Software]
· PS3 Media Server! "Must Have" [Console Tech]
· Motion Sickness Solutions? [General Questions]
· Whats the big deal about being "Old School"....? [World of Warcraft]
· Using AirMax to provide triple play services? [Wireless Service Providers]
· TPIA review by Electronic Box [Canadian Broadband]
· Gizmo5 has added a Google Voice section in its members area. [VOIP Tech Chat]