[adqjohn]

Hi guys and gals. I have isolated a nasty little file named winwow32. I have veiwed the contents and while I can't read much of it, some of the text mentions "my sk0r Days P2P worm copywrite sk0r alias Cyzbik". Seems to be ransomeware, "if you want files back contact..." I copied the file from another computer and have been very careful not to execute on mine. I used my Filelyzer to explore a bit and now I have a question concerning Hex strings. In the string list (quite long) there are a couple that stick out like:
skOr Days 00001E78 00000000 00000000 00007635
skOr Days P2P 00001A64 736B3072 20446179 73205032
What the heck do these mean and are what is the significance of ones like this?

Signed,
Hex Dummy

[Advertisements]

Please follow the procedures outlined here: Malware Removal Guide

You will need a PC which can connect to the internet

Run all the programmes as advised then post a current Hijack This Log in a new topic in the Malware Forum

For the purpose of accurate malware analysis, Hijack This Logs are only dealt with in the Malware Forum. Posting them anywhere else will result in a delayed response

If you are unable to run any of the programmes, please ask for advice in the Malware Forum

[Retired Tech]

Please follow the procedures outlined here: Malware Removal Guide

You will need a PC which can connect to the internet

Run all the programmes as advised then post a current Hijack This Log in a new topic in the Malware Forum

For the purpose of accurate malware analysis, Hijack This Logs are only dealt with in the Malware Forum. Posting them anywhere else will result in a delayed response

If you are unable to run any of the programmes, please ask for advice in the Malware Forum