Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

interesting file


  • This topic is locked This topic is locked

#1
freespace2pilot

freespace2pilot

    Member

  • Member
  • PipPip
  • 26 posts
this is a file i came across which was part of a homebrew email program i got from a forum i frequent. i found that the program will run without it, and it seems to add registry entries and create a file in system32, as well as access the internet. i would very much like an expert to examine this file and tell me what it does.

NOTE: for obvious security reasons, i have added a .vir to the end of this file. if you wish to run it, the .vir will have to be removed. if you dont know what you're doing, please DO NOT RUN THIS FILE, as it may well be malicious.
if you do run it by accident, you will need to
1) end the process mgs64.exe
2) remove the registry entry in the local->microsoft->windows->current version->run
which executes it.
3)delete mgs64.exe from your system root (sytem32 in XP computers, system in 9x)



File Removed - Please do not attach files which may contain malware. We have plenty of infected systems to deal with already.

Edited by ukbiker, 10 October 2005 - 09:35 AM.

  • 0

Advertisements


#2
Fenor

Fenor

    Trusted Tech

  • Retired Staff
  • 5,236 posts
Doing an online malware scan of the server.exe file came up with it was clean except for when it was scanned by NOD32, which came up with a Found probably unknown NewHeur_PE (probable variant). This could be a false positive as the website stated, but when looking up NOD32 on the internet it describes items found with this possible infection are flagged because they include common coding that is used in Internet Worms.

Just saying what the online scan found, I have no clue on the file itself lol

Fenor
  • 0

#3
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hello :tazz:

Posting a file which may contain malware is totally prohibited on these boards. Even though you added a warning, it is still irresponsible and a breach of our TOS. Do not do this again.

Anyone who has downloaded this file should delete it now. Do not run it.
  • 0

#4
Thef0rce

Thef0rce

    Member

  • Member
  • PipPipPip
  • 380 posts
it was posted for educational purposes and the warning was sufficient to deter people from downloading it. He also put how to terminate the process if someone did run it. I personally don't see what the problem is. If people download this thinking its a legit file then they haven't paid attention properly to the warning.

I think the only way to figure out what this file really does is to decompile it.. using unix or linux so it wont affect the system.
  • 0

#5
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
:tazz:

If someone wants to be educated about malware then join Geek U. It is irresponsible to blatently post an infected file in a open forum which can be downloaded by anyone.

I'll leave it at that. :)
  • 0

#6
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts

it was posted for educational purposes and the warning was sufficient to deter people from downloading it. He also put how to terminate the process if someone did run it. I personally don't see what the problem is. If people download this thinking its a legit file then they haven't paid attention properly to the warning.

I think the only way to figure out what this file really does is to decompile it.. using unix or linux so it wont affect the system.

View Post


That may be so, however this board is not a venue for posting such files and it is a breach of our TOS. Remember, the members here range from experts who are capable of decompiling it through to newcomers who will click on anything!

We have a duty of care here, and although the file may not contain malware, i dont want another log to do from someone who found out the hard way that it did.
  • 0

#7
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Upon reflection, I have decided to close this thread. The OP breached our TOS. End of Story.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP