*heads up* PWSteal.Navu trojan
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: *heads up* PWSteal.Navu trojan

  1. #1
    Member
    Join Date
    Jul 2003
    Posts
    80

    Exclamation *heads up* PWSteal.Navu trojan

    PWSteal.Navu is a Trojan Horse with keylogging capabilities.

    The presence of the file Msdirectx.dll or Navupd.dll is an indication of a possible infection.

    Type: Trojan Horse
    Infection Length: 901,122 bytes
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
    Systems Not Affected: Linux, Macintosh, OS/2, UNIX

    THREAT ASSESSMENT

    Wild:

    Number of infections: 0 - 49
    Number of sites: 0 - 2
    Geographical distribution: Low
    Threat containment: Easy
    Removal: Moderate

    Wild:
    Low
    Damage:
    Medium
    Distribution:
    Low

    Damage

    Payload:
    Releases confidential info: Intercepts keystrokes.

    TECHNICAL DETAILS

    PWSteal.Navu consists of a .dll file. Routines within the .dll are invoked using Rundll32.exe.

    When PWSteal.Navu is executed, it performs the following actions:


    Copies itself to the %Windir% directory as:

    msdirectx.dll
    navupd.dll

    NOTE: %Windir% is a variable. The Trojan locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.


    Adds the value:

    "NAVUpd" = "rundll32.exe navupd.dll,Startup"

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the Trojan starts when Windows starts.


    Uses ICQ to send a notification to the Trojan's author that it is running.


    Hooks keyboard events, allowing it to log keystrokes.


    May display one of the following error messages while the Trojan is running:

    "failed at address conversion"
    "failed at socket creation"
    "failed at startup"
    For complete details visit:
    http://securityresponse.symantec.com...teal.navu.html

    Cheers,
    BD]Hobbit
    http://www.AntiOnline.com/sig.php?imageid=442
    You need people of intelligence on this sort of quest...

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Ok ENOUGH!

    Seriously dude, this is getting ****ing annoying. All you are doing is flooding the board with virus alerts. We can all go to the website ourselves and read up on the new virii. Sure it's raising your post count, but it's pissing the rest of us off.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Member
    Join Date
    Jul 2003
    Posts
    80
    Ok #1 regz, you could've asked nicely. I am not flooding the boards the virus section is meant to post info and viruses and such. No one else seems to be posting virus warnings either. but for your satisfaction and "happiness" of others, i will stop. Go read your own damn virus warnings, because i won't post them any more.
    http://www.AntiOnline.com/sig.php?imageid=442
    You need people of intelligence on this sort of quest...

  4. #4
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    I prolly could have asked nicely but i'm in a bad mood.. I was supposed to babysit til 11 and i'm still here at 12:30.. so I apologize. Anyways you are flooding the board, look at the main page. People can't see anything else, because your posts are taking up all the top thread spots.. It's annoying.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Originally posted here by HTRegz
    Anyways you are flooding the board, look at the main page. People can't see anything else, because your posts are taking up all the top thread spots.. It's annoying.
    LMAO indeed, this is tottally blocking my view on the main page filled with all the useless **** JAGUAR291's (or someone useing that account) ranting 'n raveing bullshit thats been going on lately while I was gone.

    |The|Specialist jokeingly says: Oh man! Dude you tottaly covered up all the useless stuff with warning labels !!!OH NO!!!

  6. #6
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    Posts
    2,185
    BD, the warnings are nice, it's good to be able to get them right here, but next time, maybe you could just combine them all into one post. It's nice to have them here, and we appreciate the effort, it makes it nice for lazy people, but it is a little annoying to have nothing but virus warnings on the first page.

    HT, I hope you're at least getting overtime
    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

  7. #7
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by debwalin
    HT, I hope you're at least getting overtime
    hrm.. dinner, 30 bux, cab fare home and chips and ice cream and pink lemonaid for 4 hours of sitting in a house with internet access and cable tv, because the kid was in bed 5 minutes after the parents went out the door.... So I guess I kinda got overtime. It was a decent deal.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    Posts
    2,185
    Beats the hell out of what I used to get babysitting, but considering the last time I did it was over 10 years ago...Good God, I'm glad I have family close-by that babysits for me when I need it, I couldn't afford to go out after paying the babysitter
    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

  9. #9
    Member
    Join Date
    Jul 2003
    Posts
    80
    Ok, how about i post three or four different virus warnings in one post, or should i just stop altogether?
    http://www.AntiOnline.com/sig.php?imageid=442
    You need people of intelligence on this sort of quest...

  10. #10
    Senior Member Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    551
    BD]Hobbit > you could do that, or perhaps like one weekly post with the latest viri out for that week?
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •