Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

What is CrAcKa.exe

  
   Security Forums (Home) -> General Discussions RSS
Next:  Gatedrp.A ??  
Author Message
Richard Dyer

External


Since: Aug 31, 2003
Posts: 1



(Msg. 1) Posted: Sun Aug 31, 2003 12:41 am
Post subject: What is CrAcKa.exe
Archived from groups: alt>comp>virus (more info?)
I was working on a friends machine and discovered this running on it (W98)
and I have virus scanned it(Norton)/spyswept it and it comes up clean. I
have deleted this file from dos after removing all references to it in the
registy and it recreates both itself and all the entries in the registry
upon boot up. I have searched the news groups and the web and have not found
any useful information as to how do I remove it. Is this a trojan/virus ???

 >> Stay informed about: What is CrAcKa.exe 
Back to top
Login to vote
Nick FitzGerald

External


Since: Jul 03, 2003
Posts: 179



(Msg. 2) Posted: Mon Sep 01, 2003 4:06 pm
Post subject: Re: What is CrAcKa.exe [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Richard Dyer" <rdyer DeleteThis @nospam.houston.rr.com> wrote:

> Thanks for the information!! I was able to rid the system of this virus once
> I discovered that it had created a file called "winstart.bat" in the windows
> root which looked for the existence of the "cracka.exe" file and if it was
> deleted it created a new copy from a file call wmsdund.bin (also in the
> windows root) and then executed the program on windows startup which of
> course recreated all the registry entries etc. I am not sure what cracka.exe
> does but at least its no longer causing problems. I have copies of it and I
> am wondering if I should turn it in to Symantec or Spysweeper for analysis.

I'd recommend that you send them to _several_ AV developers, not just the
developer of your chosen AV (if nothing else, you may get a feel for how
responsive your vendor is relative to some others, though not being a
customer of the others means they _may_ treat your submission as a lower
priority and usually you won't be able to tell). To save you looking them
up, here is a list of the better known virus detection engine developers
-- send your suspect files to a few of these you have heard of and trust:

Command Software <virus DeleteThis @commandcom.com>
Computer Associates (US) <virus DeleteThis @ca.com>
Computer Associates (Vet/EZ) <ipevirus DeleteThis @vet.com.au>
DialogueScience (Dr. Web) <Antivir DeleteThis @dials.ru>
Eset (NOD32) <sample DeleteThis @nod32.com>
F-Secure Corp. <samples DeleteThis @f-secure.com>
Frisk Software (F-PROT) <viruslab DeleteThis @f-prot.com>
Grisoft (AVG) <virus DeleteThis @grisoft.cz>
H+BEDV (AntiVir): <virus DeleteThis @antivir.de>
Kaspersky Labs <newvirus DeleteThis @kaspersky.com>
Network Associates (McAfee) <virus_research DeleteThis @nai.com>
Norman (NVC) <analysis DeleteThis @norman.no>
Sophos Plc. <support DeleteThis @sophos.com>
Symantec (Norton) <avsubmit DeleteThis @symantec.com>
Trend Micro (PC-cillin) <virus_doctor DeleteThis @trendmicro.com>
(Trend may only accept files from users of its products)


--
Nick FitzGerald

 >> Stay informed about: What is CrAcKa.exe 
Back to top
Login to vote
Display posts from previous:   
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]