Welcome to SecurityForumz.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Trojan Advice Please

  
   Security Forums (Home) -> General Discussions RSS
Next:  Trojan Horse viruses  
Author Message
craig

External


Since: Nov 05, 2003
Posts: 2



(Msg. 1) Posted: Sun Sep 12, 2004 2:12 am
Post subject: Trojan Advice Please
Archived from groups: alt>comp>virus (more info?)
Hi all,

I found a trojan on a users system because it was broadcasting to the
network like mad trying to find a way to the internet. It had opened
lots of listening connections on various ports.

The file causing this was a 93 Kb Win32 Portable Executable in
\windows\system32 with the usual HKLM\....\Run , RunOnce etc. keys
affected.

NO virus checkers are finding this as anything dodgy..

I didn't have much time to spend on the infected system, So I cleaned
it up and took a copy of the file.

My question is, why can I not get it to run on any other system ? It
just reports '...not a valid win32 program'.

Is it likely that this thing had other components - right at the end
of the file (if viewed in a hex editor) is the text 'kernel32.dll'.

At the start it has MZP ...bla bla This program must be run under
win32

Any thoughts much appreciated.

Craig

 >> Stay informed about: Trojan Advice Please 
Back to top
Login to vote
Bill

External


Since: Sep 12, 2004
Posts: 28



(Msg. 2) Posted: Sun Sep 12, 2004 4:38 am
Post subject: Re: Trojan Advice Please [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
This message is not archived

 >> Stay informed about: Trojan Advice Please 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Damn trojan in my temp (probably). Advice needed. - Ok , this is how the situation has. 3 days my firewall poped up and an application in my C:\Documents And Settings\Administrator\Local Settings\temp wanted to connect at port 80 of an address. It had a weird icon and a weird name ( Rar1.exe). I denied....

advice on steps following trojan removal - A trojan infected files in Windows/system32 as detected by Norton Antivirus Corporate 10. I also have a firewall - Zone Alarm, and XP Pro SP2 I did the scan, and deleted files quaranteened. Then I did another scan in safe mode and no additional viruse...

Advice Avast founf Virus Win32:Trojan-gen - I found a virus today on the computer and followed the instruction to remove it and put it in the chest. Now that it is safely in the chest i am not sure whether to leave it there or should I delete it? Can look at the file found in ( PATH ) below and..

Spyware.Dotcomtoolbar - Advice appreciated - I'd be grateful for advice, or a direction to where I could get it. My Norton has detected 2 x 'Spyware.Dotcomtoolbar' on my system, but when I try to delete them I just keep getting advised to go to the Symantec site for further advice. Symantec..

Bad Advice from Comodo and Loss of Trust - http://www.securitycadets.com/ May 31st, 2008 by Corrine How does a security vendor lose trust? It likely begins when the company CEO becomes overly defensive and posts rants such the one at the end of this post: "You know what p*ses me off ...
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]