-
June 28th, 2003, 03:45 PM
#1
Help me research this trojan
I have recently discovered a very interesting variant of Trojan.Autoupder that is not specifically detected by AV scanners. For example, it is detected by NAV as Backdoor.Trojan. In the search for truth, I infected my own PC with this trojan and tried to analyze as best I could. I have included a zipped file with process dumps, analyses, dropped files, and the original ActiveX packaging. Feel free to add to my findings on this thread. I want to see how well the community can work together on this. Don't worry, I've already submitted it to SARC for signatures.
NOTE: This is a live trojan! Do NOT run any of the executables contained in this package on a production system!!!!
Oh, and if your one who uses IE, it adds a BlazeFind searchbar to it.
$person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
SecureVision
-
June 28th, 2003, 08:13 PM
#2
Member
After doing a little research on this I believe to to be spyware (checking the zip as i'm typing this).
I looked up on GOOGLE for it and it can be removed by Adaware or similer spyware removers.
Sorry to disapoint you
Edit:-
Oh yeah the link!
Adaware
http://www.lavasoftusa.com/software/adaware/
-
June 29th, 2003, 08:08 AM
#3
Senior Member
you might want to get a hexeditor of sort next time.
-w0rm3y
-
June 30th, 2003, 01:05 PM
#4
actually, I dissasembled the whole thing, but I learned about as much as running strings on it. Most of the prog is written in Delphi 5+.
I ended up scanning my system with the copy of Ad-Aware 6 pro that I have. It picked up several different variations of generic Spyware, but I tell you, this app isnt just spyware. It can autoupdate itself man, that's trojan to me.
You know what is really sad, SARC returned a negative report on the cab file I submitted. So much for priorities. I guess you can't always trust big companies to look out for your interests.
$person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
SecureVision
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|