-
August 23rd, 2003, 05:18 AM
#1
Member
*heads up* PWSteal.Navu trojan
PWSteal.Navu is a Trojan Horse with keylogging capabilities.
The presence of the file Msdirectx.dll or Navupd.dll is an indication of a possible infection.
Type: Trojan Horse
Infection Length: 901,122 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
THREAT ASSESSMENT
Wild:
Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low
Threat containment: Easy
Removal: Moderate
Wild:
Low
Damage:
Medium
Distribution:
Low
Damage
Payload:
Releases confidential info: Intercepts keystrokes.
TECHNICAL DETAILS
PWSteal.Navu consists of a .dll file. Routines within the .dll are invoked using Rundll32.exe.
When PWSteal.Navu is executed, it performs the following actions:
Copies itself to the %Windir% directory as:
msdirectx.dll
navupd.dll
NOTE: %Windir% is a variable. The Trojan locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
Adds the value:
"NAVUpd" = "rundll32.exe navupd.dll,Startup"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the Trojan starts when Windows starts.
Uses ICQ to send a notification to the Trojan's author that it is running.
Hooks keyboard events, allowing it to log keystrokes.
May display one of the following error messages while the Trojan is running:
"failed at address conversion"
"failed at socket creation"
"failed at startup"
For complete details visit:
http://securityresponse.symantec.com...teal.navu.html
Cheers,
BD]Hobbit
-
August 23rd, 2003, 05:20 AM
#2
Ok ENOUGH!
Seriously dude, this is getting ****ing annoying. All you are doing is flooding the board with virus alerts. We can all go to the website ourselves and read up on the new virii. Sure it's raising your post count, but it's pissing the rest of us off.
-
August 23rd, 2003, 05:24 AM
#3
Member
Ok #1 regz, you could've asked nicely. I am not flooding the boards the virus section is meant to post info and viruses and such. No one else seems to be posting virus warnings either. but for your satisfaction and "happiness" of others, i will stop. Go read your own damn virus warnings, because i won't post them any more.
-
August 23rd, 2003, 05:26 AM
#4
I prolly could have asked nicely but i'm in a bad mood.. I was supposed to babysit til 11 and i'm still here at 12:30.. so I apologize. Anyways you are flooding the board, look at the main page. People can't see anything else, because your posts are taking up all the top thread spots.. It's annoying.
-
August 23rd, 2003, 05:49 AM
#5
Originally posted here by HTRegz
Anyways you are flooding the board, look at the main page. People can't see anything else, because your posts are taking up all the top thread spots.. It's annoying.
LMAO indeed, this is tottally blocking my view on the main page filled with all the useless **** JAGUAR291's (or someone useing that account) ranting 'n raveing bullshit thats been going on lately while I was gone.
|The|Specialist jokeingly says: Oh man! Dude you tottaly covered up all the useless stuff with warning labels !!!OH NO!!!
-
August 23rd, 2003, 05:49 AM
#6
BD, the warnings are nice, it's good to be able to get them right here, but next time, maybe you could just combine them all into one post. It's nice to have them here, and we appreciate the effort, it makes it nice for lazy people, but it is a little annoying to have nothing but virus warnings on the first page.
HT, I hope you're at least getting overtime
Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.
-
August 23rd, 2003, 07:49 AM
#7
Originally posted here by debwalin
HT, I hope you're at least getting overtime
hrm.. dinner, 30 bux, cab fare home and chips and ice cream and pink lemonaid for 4 hours of sitting in a house with internet access and cable tv, because the kid was in bed 5 minutes after the parents went out the door.... So I guess I kinda got overtime. It was a decent deal.
-
August 23rd, 2003, 01:17 PM
#8
Beats the hell out of what I used to get babysitting, but considering the last time I did it was over 10 years ago...Good God, I'm glad I have family close-by that babysits for me when I need it, I couldn't afford to go out after paying the babysitter
Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.
-
August 23rd, 2003, 08:12 PM
#9
Member
Ok, how about i post three or four different virus warnings in one post, or should i just stop altogether?
-
August 23rd, 2003, 08:23 PM
#10
BD]Hobbit > you could do that, or perhaps like one weekly post with the latest viri out for that week?
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|