MyCity » Ambulanta -> MyCity Laboratorija » 32-bitni... Konj?

32-bitni... Konj?

Napisano na dan: 11.9.2010

32-bitni... Konj?
Sledeća strana Pagination

Idi na vrh

Poslao: 11 Sep 2010 20:15
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Crv Win32/Visal.B: [Link mogu videti samo ulogovani korisnici]

pomenut u ovih par poruka, nakon infekcije pravi kopije sebe:

2010-09-11 15:19:46 290816 ---h--w- C:\open.exe
2010-09-11 15:19:46 290816 ----a-w- c:\windows\system\updates.exe
2010-09-11 15:19:46 290816 ----a-w- c:\windows\system\Administrator CV 2010.exe
2010-09-11 15:19:46 290816 ----a-w- c:\windows\csrss.exe
2010-09-11 15:19:46 290816 ----a-w- C:\Administrator CV 2010.exe

+ autorun.inf:

2010-09-11 15:21:17 172 ----a-w- c:\windows\autorun.inf
2010-09-11 15:21:17 167 ----a-w- c:\windows\autorun2.inf
2010-09-11 15:21:17 167 ---h--w- C:\autorun.inf

+ pomoćna skripta:

2010-09-11 15:21:07 1728 ----a-w- c:\windows\vb.vbs


pokušava i da izvrši download dodatnih file-ova sa interneta:


2010-09-11 15:33:07 1016 ----a-w- c:\windows\tryme1.exe
2010-09-11 15:32:45 1016 ----a-w- c:\windows\system32\SendEmail.dll
2010-09-11 15:32:45 1016 ----a-w- c:\windows\rd.exe
2010-09-11 15:32:45 1016 ----a-w- c:\windows\pspv.exe
2010-09-11 15:32:45 1016 ----a-w- c:\windows\op.exe
2010-09-11 15:32:45 1016 ----a-w- c:\windows\im.exe
2010-09-11 15:32:45 1016 ----a-w- c:\windows\ie.exe
2010-09-11 15:32:45 1016 ----a-w- c:\windows\gc.exe
2010-09-11 15:32:45 1016 ----a-w- c:\windows\ff.exe
2010-09-11 15:20:55 1016 ----a-w- c:\windows\re.iq
2010-09-11 15:20:55 1016 ----a-w- c:\windows\re.exe
2010-09-11 15:20:55 1016 ----a-w- c:\windows\hst.iq

Malware više nije dostupan na tim linkovima tako da file-ovi sadrže samo ovo:







OK, to smo sve znali i do sada (bar donekle).

c:\windows\vb.vbs <--- razlog otvaranja ove teme.







[Link mogu videti samo ulogovani korisnici]



Pogledali VT link? Pažljivo pogledali?


Sigurno?











Ova skripta em nije Win32 tj. 32-bitni program (jer je skripta), em definitivno nije konj.



Mislim... Konj?! LOL



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.

MyCity » Ambulanta -> MyCity Laboratorija » 32-bitni... Konj?

Ko je trenutno na forumu
 

Ukupno su 1958 korisnika na forumu :: 261 registrovanih, 22 sakrivenih i 1675 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -Max-, 357magnum, A.R.Chafee.Jr., acov34, advokat84, AK - 230, akaherz994, ALEKSICMILE, Alojzije, alternator, aramis s, Areal84, Aska, Asparagus, Asteker, Batko.VD.65, bavar357, bax0904, Baždaranac, Bbbggg1979, bbogdan, bbrasnjo3, bobomicek, Bobrock1, bojankrstc, bojcistv, Bojke549, bolimejoli, Borac1983, Boris.A, Boris90, Boroš, Bosnjo, bounty hunters, bpop, BradaRS, branko7, brufen, Bubili, Bubimir, bufanje, bukefal, Bvp, BWG, CCCP, CHARLIE JA., Cicumile, cifra, CikaKURE, Citalac, Crazzer, cuvarkuca, cyprus, dane007, darkkran, Darko7103, Darko8, darkojovxp, Darth Malak, dejan1972, Dekanovic, deki1001, Dekster, deLacy, Denaya, Dinarid, djordjemiklusev, djukapfc, DJUNTA, Dogma21, dolinalima, Dolinc, Dr.Strangelove, drale12, dukikan, Dungorth, Džekson, Electron, ElGenius, Enigma Nobody, EVIDENTICAR, EXIT78, Feller, Filip1, Flotikius, g_g, gagidjuric, Georgius, Geran136, GH69, goxin, Grochow, grunff2, Guster25, Hitri, hyper1, igorpet, Igritelj, ikan, ILGromovnik, IQ116, Istman, ivanb, IvanMiletic, j-22orao, Jan, Jester, jodzula, Jonbonjovi, Jozo74, Kajzer Soze, kalens021, kasikaz, Khaless, kib, kihot, kljift, Kobalt01, kolateralnasteta, Komentator, komsija1, kripo, Krusarac, Kubovac, ladro, laganini123, Laluvr, Lelemood, leopard83, Levi, LostInSpaceandTime, Lošmi, Magistar78, Maki1981, Malahit, Manjane, Marko Marković, MarkoDzimi, MarkoJ-Nis, marsi, marsovac 2, MarsRed, matrix_1, mercedesamg, Metanoja, Mi lao shu, Mickey91, Mig 29, mikidragi, Mikisha, mikrimaus, milanpb, milenko crazy north, Miler88, Miletić Zoran, milivoje_vatrogasac, milutin134, miroslav tamnavski, mitja123, mkukoleca, mm1811, mmelezovic, Moldovan, molusan, monomah, mux, Myamoto Musashi, naunwzbn, Ne doznajem se u oružje, nelezele, NemanjaCG, Neno25, Nepopravljivi, Neutral, nick79, nikoladim, Nikoletina Bursac, Nobunaga, Obrenovic, ostoja, OtacMakarije, pablojepao, Paklenica, Pantelejmon, panzerwaffe, Patent, pein, Permaldar, Perudin_92, petrovicrs, Pilence, PlayerOne, Posmatrac77OKB, Povratak1912, precan, proka1ng, Ray1973, reader, Resnica, RiV, sabros, Salence74, samojednoimeznam, samsung, sap, Semberija, semity, Seven Of Nine, Sharpshooter, Shinobi, sickmouse, Singidunumac, sisi, Slingshot, Smor, Snorks, Soncogor, Srle993, Srna, Steeeefan, Stoorb, Tajpan, tajvankanasta, tamno.nebo, tecataki, The_new_Statesman, theNedjeljko, Tihi86, Tomo988, troki1971, TTN, tubular, Tumansky, VanZan, vdeki, Velizar Laro, vensla, Viktor Petrenko, vjetar, vlada13874, Volkhov-M, VOŽD, vrlenija, Vujkeu, Walkers, wize, wizzardone, wolf431, xAlex2, XBMC, zdrebac, zeka013, Zmaj Tolak, zokizemun, zoran77, Zoran_Partizan, |_MeD_|, Žoržo, Žrnov, 1324, 223223