I HAVE A unknow VIRUS - Page 5
Page 5 of 5 FirstFirst ... 345
Results 41 to 50 of 50

Thread: I HAVE A unknow VIRUS

  1. #41
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    If I may add Nihil,

    Look at my big Shlong = Worm?

  2. #42
    AntiOnline n00b
    Join Date
    Feb 2004
    Posts
    665
    Hi disturb

    If it had a game icon on it then i would categorise into Trojan Horse because it pretended to be a harmless little game game but when clicked did something distructive.

    Web definitions for Trojan Horse
    An apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data.
    Problem solved

  3. #43
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    If i may add also.

    You will like this Great Tool= Re-format and re-install

    I fell for that one once a long time ago.Lol
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  4. #44
    Senior Member
    Join Date
    Feb 2004
    Posts
    197
    SwordFish_13 ,i agree now that you put it that way

  5. #45
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Look at my big Shlong = Worm?
    Speak for yourself old chap..........................

    Mind you................we have this feathered aviator, called a "blackbird" (Latin = turdus)

    They like sucking worms................

    Hmmmmmmmmmmmmm
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #46
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    Nihil....you're scaring me

  7. #47
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    I have finally had a reply from Symantec, below is the report:

    Dear Anthony

    We have analyzed your submission. The following is a report of our findings for each file you have submitted:

    filename: C:\Documents and Settings\Anthony\My Documents\DRR.exe
    machine: xxxxxxx
    result: This file is infected with Trojan Horse

    Developer notes:
    C:\Documents and Settings\Anthony\My Documents\DRR.exe is non-repairable threat. NAV with the latest beta definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest beta definitions.

    Symantec Security Response has determined that the sample(s) that you provided are infected with a virus, worm, or Trojan. We have created beta definitions that will detect this threat. Please follow the instruction at the end of this email message to download and install the latest beta definitions. Downloading and Installing Beta Definition Instructions: 1. Open your Web browser. If you are using a dial-up connection, connect to any Web site, such as: http://securityresponse.symantec.com/
    2. Click this link to the ftp site: ftp://ftp.symantec.com/public/englis...tadefsi32.exe. If it does not go to the site (this could take a minute or so if you have a slow connection), copy and paste the address into the address bar of your Web browser and then press Enter. 3. When a download dialog box appears, save the file to the Windows desktop. 4. Double-click the downloaded file and follow the prompts.
    ----------------------------------------------------------------------
    This message was generated by Symantec Security Response automation
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  8. #48
    Junior Member
    Join Date
    May 2004
    Posts
    3

    More strings

    Hi All,
    Long time lurker, first time poster.
    Not beating a dead horse, I hope.
    I don't know how much of this is VB and how much is his/her code.

    BTW: Mcafe Virus scan enterprise 7.1 latest dat file dated May 12 (#4360) doesn't see anything wrong with it.

    Rootoo

  9. #49
    Junior Member
    Join Date
    May 2004
    Posts
    3

    Dang, here it is

    Doh! Thought I attached it. I'll just paste it.


    File pos Mem pos ID Text
    ======== ======= == ====

    0000004D 0040004D 0 !This program cannot be run in DOS mode.
    000001B8 004001B8 0 .text
    000001E0 004001E0 0 .data
    00000208 00400208 0 .rsrc
    00000240 00400240 0 MSVBVM60.DLL
    0000101E 0040101E 0 RsaTQs
    0000104D 0040104D 0 TQs\BDs
    00001065 00401065 0 EDssADs
    0000109A 0040109A 0 QsmYOs
    000010A6 004010A6 0 Os0XQsaUQs
    000010D5 004010D5 0 ADstEDs
    000010DD 004010DD 0 UQsPOQs
    0000110A 0040110A 0 Qs"DDsi
    0000156E 0040156E 0 kColorDRR
    000015E4 004015E4 0 Form1
    000015EE 004015EE 0 > DRR 2004
    00001A71 00401A71 0 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
    00001E11 00401E11 0 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
    00001ED3 00401ED3 0 Form1
    00001EFC 00401EFC 0 TahomaD
    00001F0F 00401F0F 0 Command1
    00001F3B 00401F3B 0 Text1
    00001F58 00401F58 0 Welcome to DRR 2004.
    00001F70 00401F70 0 An unknown error has now occured in order to
    00001F9F 00401F9F 0 remove this error then please restart your computer.
    00001FE6 00401FE6 0 Image1
    00001FFB 00401FFB 0 GIF89a
    0000200E 0040200E 0 333qqqwwdbba
    0000203E 0040203E 0 }}}yyy,,,JII
    00002059 00402059 0 UUFEEE
    00002074 00402074 0 RQQ###
    000020F8 004020F8 0 jjj::9
    00002101 00402101 0 lllnnnfff
    00002130 00402130 0 zKK>qq[
    00002194 00402194 0 ff_PPK
    000021A0 004021A0 0 ooowvvNMFEEA
    000021DF 004021DF 0 >>6jjf
    000021FA 004021FA 0 tssppp
    0000220C 0040220C 0 ???!!!
    00002224 00402224 0 GGG/..SSRhgh[[[WWWiii666
    00002248 00402248 0 mmmTTTfeecc
    0000228A 0040228A 0 888cccLLL
    00002299 00402299 0 POPKKK
    000022B4 004022B4 0 CCC100\\\
    000022E4 004022E4 0 ;;;
    000023E3 004023E3 0 NJ\*0
    00002434 00402434 0 )4=3G
    00002495 00402495 0 !W4Q$
    00002520 00402520 0 5gRS
    00002826 00402826 0 A,XX@tS
    000029B9 004029B9 0 =(F1F0
    00002CBF 00402CBF 0 F6 99
    00002D91 00402D91 0 p&Rs%
    00003080 00403080 0 2RPa7
    00003137 00403137 0 4:i2 T
    000038CF 004038CF 0 -Zw.R
    000039A5 004039A5 0 +Xpq?
    00003C83 00403C83 0 <78X=
    00003CF8 00403CF8 0 U$bk
    00003FAE 00403FAE 0 m}k\K

    File pos Mem pos ID Text
    ======== ======= == ====

    00004003 00404003 0 HE:FQ 5@@
    00004168 00404168 0 UA]QCg
    0000418B 0040418B 0 Dq1L@
    000041C7 004041C7 0 x0/{8
    000041D6 004041D6 0 W0?"P
    0000429C 0040429C 0 +d2+Xx
    00004425 00404425 0 zKNzK
    000045F7 004045F7 0 nPRBZ
    0000468B 0040468B 0 exJg@
    00004696 00404696 0 //8QK3
    0000470C 0040470C 0 )0&eS]
    0000492E 0040492E 0 e0<"h
    00004B39 00404B39 0 \FHUv
    00004C12 00404C12 0 (hoR0
    00004C9D 00404C9D 0 D:\u
    00004CA6 00404CA6 0 :w9LP
    00004DCD 00404DCD 0 ES"mS
    00004DD3 00404DD3 0 ]0p K#'
    00004EF2 00404EF2 0 AEhu%B
    00004F38 00404F38 0 XP&:
    00005065 00405065 0 F2j#Y
    00005373 00405373 0 RXE ,
    0000563C 0040563C 0 H)(#;?
    00005699 00405699 0 Qo?1X,i:
    00005753 00405753 0 +4B4\
    000058A9 004058A9 0 B9D#5f
    000058B3 004058B3 0 3Rc |
    000058BE 004058BE 0 e TcWfe6
    000059AA 004059AA 0 7AA0x
    00005AD9 00405AD9 0 aF-kFQd
    00005B5F 00405B5F 0 kTg""
    00005C58 00405C58 0 YjV(0
    00005D3E 00405D3E 0 qBdHB
    00005DEA 00405DEA 0 N35Os4
    00005E62 00405E62 0 (XB!Dt-
    00005F66 00405F66 0 PBqsvg
    0000623C 0040623C 0 v<1F#
    0000658A 0040658A 0 CZd)@
    000065C7 004065C7 0 \8(XY
    00006650 00406650 0 EXb~z
    000066CB 004066CB 0 D:3SU
    000067C0 004067C0 0 @P#(?
    00006A14 00406A14 0 E-Gc+|a
    00007070 00407070 0 Drr 2004
    00007678 00407678 0 Form1
    00007680 00407680 0 Module1
    000076D8 004076D8 0 Command1
    000076F4 004076F4 0 C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
    00007768 00407768 0 Text1
    00007798 00407798 0 Image1
    00007808 00407808 0 user32
    00007814 00407814 0 PaintDesktop
    0000785C 0040785C 0 advapi32.dll
    00007870 00407870 0 RegDeleteValueA
    000078B8 004078B8 0 ExitWindowsEx
    00007900 00407900 0 RegOpenKeyExA
    00007948 00407948 0 RegCloseKey
    000079B0 004079B0 0 RegCreateKeyA
    000079F8 004079F8 0 RegDeleteKeyA
    00007A40 00407A40 0 RegQueryValueExA

    File pos Mem pos ID Text
    ======== ======= == ====

    00007A8C 00407A8C 0 RegSetValueExA
    000095C0 004095C0 0 VBA6.DLL
    000095CC 004095CC 0 __vbaFreeVar
    000095DC 004095DC 0 __vbaVarDup
    000095E8 004095E8 0 __vbaFreeStr
    000095F8 004095F8 0 __vbaSetSystemError
    0000960C 0040960C 0 __vbaStrToAnsi
    0000961C 0040961C 0 __vbaOnError
    0000962C 0040962C 0 __vbaFreeObj
    0000963C 0040963C 0 __vbaHresultCheckObj
    00009674 00409674 0 __vbaObjSetAddref
    00009688 00409688 0 __vbaNew2
    00009900 00409900 0 __vbaVarCmpNe
    00009A10 00409A10 0 __vbaVarAdd
    00009A1C 00409A1C 0 __vbaVarCmpEq
    00009A2C 00409A2C 0 __vbaVarOr
    00009A38 00409A38 0 __vbaBoolVarNull
    00009A4C 00409A4C 0 __vbaInStr
    00009A58 00409A58 0 __vbaErrorOverflow
    00009A6C 00409A6C 0 __vbaStrCat
    00009A78 00409A78 0 __vbaFreeVarList
    00009A8C 00409A8C 0 __vbaStrCmp
    00009A98 00409A98 0 __vbaStrCopy
    00009AA8 00409AA8 0 __vbaStrVarMove
    00009AB8 00409AB8 0 __vbaFreeStrList
    00009ACC 00409ACC 0 __vbaStrI2
    00009AD8 00409AD8 0 __vbaAryUnlock
    00009AEC 00409AEC 0 __vbaAryLock
    00009AFC 00409AFC 0 __vbaVarForNext
    00009B0C 00409B0C 0 __vbaStrMove
    00009B1C 00409B1C 0 __vbaUI1I2
    00009B28 00409B28 0 __vbaGenerateBoundsError
    00009B44 00409B44 0 __vbaI4Var
    00009B50 00409B50 0 __vbaVarForInit
    00009B60 00409B60 0 __vbaRedim
    00009B6C 00409B6C 0 __vbaLenBstr
    00009B7C 00409B7C 0 __vbaVarCopy
    00009B8C 00409B8C 0 __vbaVarMove
    00009B9C 00409B9C 0 __vbaStrToUnicode
    0000B780 0040B780 0 MSVBVM60.DLL
    0000B790 0040B790 0 __vbaStrI2
    0000B79E 0040B79E 0 _CIcos
    0000B7A8 0040B7A8 0 _adj_fptan
    0000B7B6 0040B7B6 0 __vbaVarMove
    0000B7C6 0040B7C6 0 __vbaFreeVar
    0000B7D6 0040B7D6 0 __vbaLenBstr
    0000B7E6 0040B7E6 0 __vbaStrVarMove
    0000B7F8 0040B7F8 0 __vbaFreeVarList
    0000B80C 0040B80C 0 _adj_fdiv_m64
    0000B81C 0040B81C 0 _adj_fprem1
    0000B82A 0040B82A 0 __vbaStrCat
    0000B838 0040B838 0 __vbaVarCmpNe
    0000B848 0040B848 0 __vbaSetSystemError
    0000B85E 0040B85E 0 __vbaHresultCheckObj
    0000B876 0040B876 0 _adj_fdiv_m32
    0000B886 0040B886 0 __vbaVarForInit
    0000B898 0040B898 0 __vbaOnError
    0000B8A8 0040B8A8 0 _adj_fdiv_m16i
    0000B8BA 0040B8BA 0 __vbaObjSetAddref
    0000B8CE 0040B8CE 0 _adj_fdivr_m16i

    File pos Mem pos ID Text
    ======== ======= == ====

    0000B8E0 0040B8E0 0 __vbaBoolVarNull
    0000B8F4 0040B8F4 0 _CIsin
    0000B8FE 0040B8FE 0 __vbaChkstk
    0000B90C 0040B90C 0 EVENT_SINK_AddRef
    0000B920 0040B920 0 __vbaGenerateBoundsError
    0000B93C 0040B93C 0 __vbaStrCmp
    0000B94A 0040B94A 0 DllFunctionCall
    0000B95C 0040B95C 0 __vbaVarOr
    0000B96A 0040B96A 0 _adj_fpatan
    0000B978 0040B978 0 __vbaRedim
    0000B986 0040B986 0 EVENT_SINK_Release
    0000B99C 0040B99C 0 __vbaUI1I2
    0000B9AA 0040B9AA 0 _CIsqrt
    0000B9B4 0040B9B4 0 EVENT_SINK_QueryInterface
    0000B9D0 0040B9D0 0 __vbaExceptHandler
    0000B9E6 0040B9E6 0 __vbaStrToUnicode
    0000B9FA 0040B9FA 0 _adj_fprem
    0000BA08 0040BA08 0 _adj_fdivr_m64
    0000BA1A 0040BA1A 0 __vbaFPException
    0000BA2E 0040BA2E 0 _CIlog
    0000BA38 0040BA38 0 __vbaErrorOverflow
    0000BA4E 0040BA4E 0 __vbaInStr
    0000BA5C 0040BA5C 0 __vbaNew2
    0000BA68 0040BA68 0 _adj_fdiv_m32i
    0000BA7A 0040BA7A 0 _adj_fdivr_m32i
    0000BA8C 0040BA8C 0 __vbaStrCopy
    0000BA9C 0040BA9C 0 __vbaFreeStrList
    0000BAB0 0040BAB0 0 _adj_fdivr_m32
    0000BAC2 0040BAC2 0 _adj_fdiv_r
    0000BAD0 0040BAD0 0 __vbaI4Var
    0000BADE 0040BADE 0 __vbaVarCmpEq
    0000BAEE 0040BAEE 0 __vbaAryLock
    0000BAFE 0040BAFE 0 __vbaVarAdd
    0000BB0C 0040BB0C 0 __vbaStrToAnsi
    0000BB1E 0040BB1E 0 __vbaVarDup
    0000BB2C 0040BB2C 0 __vbaVarCopy
    0000BB3C 0040BB3C 0 _CIatan
    0000BB46 0040BB46 0 __vbaStrMove
    0000BB56 0040BB56 0 _allmul
    0000BB60 0040BB60 0 _CItan
    0000BB6A 0040BB6A 0 __vbaAryUnlock
    0000BB7C 0040BB7C 0 __vbaVarForNext
    0000BB8E 0040BB8E 0 _CIexp
    0000BB98 0040BB98 0 __vbaFreeObj
    0000BBA8 0040BBA8 0 __vbaFreeStr
    0000D76D 0040D76D 0 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
    0000DB0D 0040DB0D 0 ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
    0000189E 0040189E 0 fff3f
    0000192E 0040192E 0 3f333
    000070A3 004070A3 0 @*\AD:\My Programs\Darkside\DRR 2004\Project1.vbp
    000077E4 004077E4 0 Software\
    00007958 00407958 0 Control Panel\
    00007B00 00407B00 0 Network\
    00007B18 00407B18 0 SRemote Access\
    00007B3C 00407B3C 0 AppEvents\
    00007B58 00407B58 0 Config\
    00007B6C 00407B6C 0 Hardware\
    00007B84 00407B84 0 System\
    00007B98 00407B98 0 .DEFAULT\
    00007BB0 00407BB0 0 Display\

    File pos Mem pos ID Text
    ======== ======= == ====

    00007BC8 00407BC8 0 System\CurrentControlSet\Control\Update\
    00007C20 00407C20 0 Control Panel\Colours\
    00007C54 00407C54 0 RemoteAccess\Profile\
    00007C84 00407C84 0 Software\Microsoft\IEAK\
    00007CBC 00407CBC 0 Software\Microsoft\Internet Explorer\
    00007D10 00407D10 0 Software\Microsoft\IE4\
    00007D44 00407D44 0 Software\Microsoft\Internet Domains\
    00007D94 00407D94 0 Software\Microsoft\Internet Connection Wizard\
    00007DF8 00407DF8 0 Software\Kazaa\
    00007E1C 00407E1C 0 SOFTWARE\KAZAA\
    00007E40 00407E40 0 Software\Microsoft\MessengerService\
    00007E90 00407E90 0 Software\Microsoft\MSNMessenger\
    00007ED8 00407ED8 0 Software\Symantec\
    00007F04 00407F04 0 SOFTWARE\Symantec\
    00007F30 00407F30 0 Software\Microsoft\Office\
    00007F6C 00407F6C 0 Software\Adobe\
    00007F90 00407F90 0 SOFTWARE\Adobe\
    00007FB4 00407FB4 0 Software\Microsoft\MediaPlayer\
    00007FF8 00407FF8 0 System\CurrentControlSet\Control\Print\Printers\
    00008060 00408060 0 Software\Yahoo\
    00008084 00408084 0 Config\0001\System\CurrentControlSet\Control\Print\Printers\
    00008104 00408104 0 Control Panel\Appearance\Schemes\
    0000814C 0040814C 0 Software\Microsoft\Telnet\
    00008188 00408188 0 Software\Microsoft\TelnetServer\
    000081D0 004081D0 0 Software\Yahoo\Audio Conferencing\
    0000821C 0040821C 0 Software\Yahoo\Pager\
    0000824C 0040824C 0 Software\Yahoo\YFriendsBar\
    00008288 00408288 0 Software\Yahoo\YServer\
    000082BC 004082BC 0 Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
    0000833C 0040833C 0 Software\Microsoft\Windows NT\CurrentVersion\Policies\
    000083B0 004083B0 0 Network\Logon\
    000083D4 004083D4 0 C:\WINDOWS\system32\twain.dll
    00008414 00408414 0 SYSTEM\ControlSet001\Services\RemoteAccess\Policy\
    00008480 00408480 0 SOFTWARE\Policies\
    000084AC 004084AC 0 Software\Policies\
    000084D8 004084D8 0 Software\Microsoft\Windows\CurrentVersion\Policies\System\
    00008554 00408554 0 C:\WINDOWS\Explorer.exe
    00008588 00408588 0 C:\WINDOWS\regedit.exe
    000085BC 004085BC 0 C:\WINDOWS\system32\cmd.exe
    000085F8 004085F8 0 C:\WINDOWS\system32\Notepad.exe
    0000863C 0040863C 0 C:\WINDOWS\system32\aaaamon.dll
    00008680 00408680 0 C:\WINDOWS\system32\acctres.dll
    000086C4 004086C4 0 C:\WINDOWS\system32\acledit.dll
    00008708 00408708 0 C:\WINDOWS\system32\aclui.dll
    00008748 00408748 0 C:\WINDOWS\system32\activeds.dll
    00008790 00408790 0 C:\WINDOWS\system32\actxprxy.dll
    000087DC 004087DC 0 C:\WINDOWS\system32\admparse.dll
    00008824 00408824 0 C:\WINDOWS\system32\adptif.dll
    00008868 00408868 0 C:\WINDOWS\system32\adsldp.dll
    000088AC 004088AC 0 C:\WINDOWS\system32\adsldpc.dll
    000088F0 004088F0 0 C:\WINDOWS\system32\adsmsext.dll
    00008938 00408938 0 C:\WINDOWS\system32\adsnds.dll
    0000897C 0040897C 0 C:\WINDOWS\system32\adsnt.dll
    000089C0 004089C0 0 C:\WINDOWS\system32\adsnw.dll
    00008A00 00408A00 0 C:\WINDOWS\system32\advapi32.dll
    00008A48 00408A48 0 C:\WINDOWS\system32\advpack.dll
    00008A8C 00408A8C 0 C:\WINDOWS\system32\alrsvc.dll
    00008AD0 00408AD0 0 C:\WINDOWS\system32\amstream.dll
    00008B18 00408B18 0 C:\WINDOWS\system32\calc.exe
    00008B58 00408B58 0 C:\WINDOWS\system32\cliconfg.exe

    File pos Mem pos ID Text
    ======== ======= == ====

    00008BA4 00408BA4 0 C:\WINDOWS\system32\gpedit.exe
    00008BE8 00408BE8 0 C:\WINDOWS\system32\iexpress.exe
    00008C30 00408C30 0 C:\WINDOWS\system32\logon
    00008C68 00408C68 0 C:\WINDOWS\system32\lusrmgr.msc
    00008CAC 00408CAC 0 C:\WINDOWS\system32\migpwd.exe
    00008CF0 00408CF0 0 C:\WINDOWS\system32\migpwd.dll
    00008D34 00408D34 0 C:\WINDOWS\system32\mmc.exe
    00008D70 00408D70 0 C:\WINDOWS\system32\devmgmt.exe
    00008DB4 00408DB4 0 C:\WINNT\Explorer.exe
    00008DE4 00408DE4 0 C:\WINNT\regedit.exe
    00008E14 00408E14 0 C:\WINNT\system32\twain.dll
    00008E50 00408E50 0 C:\WINNT\system32\Notepad.exe
    00008E90 00408E90 0 C:\WINNT\system32\aaaamon.dll
    00008ED0 00408ED0 0 C:\WINNT\system32\acctres.dll
    00008F10 00408F10 0 C:\WINNT\system32\acledit.dll
    00008F50 00408F50 0 C:\WINNT\system32\aclui.dll
    00008F8C 00408F8C 0 C:\WINNT\system32\activeds.dll
    00008FD0 00408FD0 0 C:\WINNT\system32\actxprxy.dll
    00009014 00409014 0 C:\WINNT\system32\admparse.dll
    00009058 00409058 0 C:\WINNT\system32\adptif.dll
    00009098 00409098 0 C:\WINNT\system32\adsldp.dll
    000090D8 004090D8 0 C:\WINNT\system32\adsldpc.dll
    00009118 00409118 0 C:\WINNT\system32\adsmsext.dll
    0000915C 0040915C 0 C:\WINNT\system32\adsnds.dll
    0000919C 0040919C 0 C:\WINNT\system32\adsnt.dll
    000091D8 004091D8 0 C:\WINNT\system32\adsnw.dll
    00009214 00409214 0 C:\WINNT\system32\advapi32.dll
    00009258 00409258 0 C:\WINNT\system32\advpack.dll
    00009298 00409298 0 C:\WINNT\system32\alrsvc.dll
    000092D8 004092D8 0 C:\WINNT\system32\amstream.dll
    0000931C 0040931C 0 C:\WINNT\system32\calc.exe
    00009358 00409358 0 C:\WINNT\system32\cliconfg.exe
    0000939C 0040939C 0 C:\WINNT\system32\cmd.exe
    000093D4 004093D4 0 C:\WINNT\system32\gpedit.exe
    00009414 00409414 0 C:\WINNT\system32\iexpress.exe
    00009458 00409458 0 C:\WINNT\system32\logon
    0000948C 0040948C 0 C:\WINNT\system32\lusrmgr.msc
    000094CC 004094CC 0 C:\WINNT\system32\migpwd.exe
    0000950C 0040950C 0 C:\WINNT\system32\migpwd.dll
    0000954C 0040954C 0 C:\WINNT\system32\mmc.exe
    00009584 00409584 0 C:\WINNT\system32\devmgmt.exe
    00009658 00409658 0 HKEY_DYN_DATA
    000096A0 004096A0 0 Error
    000096B0 004096B0 0 HKEY_CLASSES_ROOT
    000096D8 004096D8 0 HKEY_CURRENT_USER
    00009700 00409700 0 HKEY_LOCAL_MACHINE
    0000972C 0040972C 0 HKEY_USERS
    00009748 00409748 0 HKEY_PERFORMANCE_DATA
    00009778 00409778 0 HKEY_CURRENT_CONFIG
    000097A8 004097A8 0 The Registry Database is corrupt!
    000097F0 004097F0 0 Bad Key Name
    00009810 00409810 0 Can't Open Key
    00009834 00409834 0 Can't Read Key
    00009858 00409858 0 Access to this key is denied
    00009898 00409898 0 Can't Write Key
    000098BC 004098BC 0 Out of memory
    000098DC 004098DC 0 Invalid Parameter
    00009914 00409914 0 There is more data than the buffer has been allocated to hold.
    00009998 00409998 0 Undefined Error Code:
    000099D4 004099D4 0 HKEY_

    File pos Mem pos ID Text
    ======== ======= == ====

    000099E4 004099E4 0 Incorrect Format:
    0000D0F6 0040D0F6 0 VS_VERSION_INFO
    0000D152 0040D152 0 VarFileInfo
    0000D172 0040D172 0 Translation
    0000D196 0040D196 0 StringFileInfo
    0000D1BA 0040D1BA 0 040904B0
    0000D1D2 0040D1D2 0 Comments
    0000D1E4 0040D1E4 0 DRR 2004
    0000D1FE 0040D1FE 0 CompanyName
    0000D226 0040D226 0 ProductName
    0000D240 0040D240 0 DRR 2004
    0000D25A 0040D25A 0 FileVersion
    0000D286 0040D286 0 ProductVersion
    0000D2B6 0040D2B6 0 InternalName
    0000D2DE 0040D2DE 0 OriginalFilename
    0000D300 0040D300 0 DRR.exe
    0000D59A 0040D59A 0 fff3f
    0000D62A 0040D62A 0 3f333

  10. #50
    Junior Member
    Join Date
    Feb 2004
    Posts
    1
    does a lot of things that trojan..or virus..or whatever

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides