Virtumondo or Win32:TratBHO
Started by
camster98
, Mar 27 2008 09:41 AM
#16
Posted 01 April 2008 - 04:06 PM
#17
Posted 01 April 2008 - 04:15 PM
Ok cool tell me how it goes
#18
Posted 01 April 2008 - 04:18 PM
well i know for a fact its gonna dectect like 500 virues in one folder and i expect it to. due to the fact that i have a few home brew "yahoo tools" and other stuff nothing malicious. its just the kewlbuttonz.ocx and a few things i use sometimes is picked up like upx code. totaly random but dose this look right to u
Option Explicit
Private Declare Function mciSendString Lib "winmm.dll" Alias "mciSendStringA" (ByVal lpstrCommand As String, ByVal lpstrReturnString As String, ByVal uReturnLength As Long, ByVal hwndCallback As Long) As Long
Private Sub Command1_Click()
Timer1.Enabled = True
Timer2.Enabled = True
End Sub
Private Sub Timer1_Timer()
mciSendString "set cdaudio door open", 0, 0, 0
End Sub
Private Sub Timer2_Timer()
mciSendString "set cdaudio door close", 0, 0, 0
End Sub
if u do vb lol
Option Explicit
Private Declare Function mciSendString Lib "winmm.dll" Alias "mciSendStringA" (ByVal lpstrCommand As String, ByVal lpstrReturnString As String, ByVal uReturnLength As Long, ByVal hwndCallback As Long) As Long
Private Sub Command1_Click()
Timer1.Enabled = True
Timer2.Enabled = True
End Sub
Private Sub Timer1_Timer()
mciSendString "set cdaudio door open", 0, 0, 0
End Sub
Private Sub Timer2_Timer()
mciSendString "set cdaudio door close", 0, 0, 0
End Sub
if u do vb lol
#19
Posted 01 April 2008 - 04:42 PM
I have no idea about VB sorry
Kaspersky may not detect them if they aren't bad, lets see
Kaspersky may not detect them if they aren't bad, lets see
#20
Posted 01 April 2008 - 04:44 PM
its 20 precent done so yah
#21
Posted 01 April 2008 - 04:48 PM
It will take a while so I would recommend leaving it run for a few hours at least.
#22
Posted 01 April 2008 - 06:08 PM
so it finished scanning you might wanna ignore anything in the folder \backup\
Attached Files
#23
Posted 02 April 2008 - 03:48 PM
I have not seen that much cracks and warez ever
Some of the things it has found look very bad. This is why you got infected, by downloading cracks. I have seen PC's get destroyed this way, I have to stress how crazy it is to download cracks in this day and age
Please download the OTMoveIt2 by OldTimer.
Reboot and tell me how your PC is running
Some of the things it has found look very bad. This is why you got infected, by downloading cracks. I have seen PC's get destroyed this way, I have to stress how crazy it is to download cracks in this day and age
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\Documents and Settings\Student\Desktop\backup\backup(2)\backup\BluesPortScan\BluesPortScan.exe C:\Documents and Settings\Student\Desktop\backup\backup(2)\BluesPortScan\BluesPortScan.exe C:\Documents and Settings\Student\Desktop\backup\Exploited_Clients_Terror_V2.0\Exploited Clients Terror V2.0 Coded By Satma\Exploited Clients Terror V2.0 Coded By Satma.exe C:\Documents and Settings\Student\Desktop\backup\Hard_Boot_Life_Gold_Final v25 crack.zip C:\Documents and Settings\Student\Desktop\backup\yahoo\Hard_Boot_Life_Gold_Final v25 crack\Hard_Boot_Life_Gold_Final v25 crack.rar C:\Documents and Settings\Student\Desktop\backup.rar/backup/backup(2)/backup/BluesPortScan/BluesPortScan.exe C:\Documents and Settings\Student\Desktop\backup.rar/backup/backup(2)/BluesPortScan/BluesPortScan.exe C:\Documents and Settings\Student\Desktop\backup.rar/backup/Exploited_Clients_Terror_V2.0/Exploited Clients Terror V2.0 Coded By Satma/Exploited Clients Terror V2.0 Coded By Satma.exe C:\Documents and Settings\Student\Desktop\backup.rar/backup/Hard_Boot_Life_Gold_Final v25 crack.zip/Hard_Boot_Life_Gold_Final v25 crack/crack-calibre.exe C:\Documents and Settings\Student\Desktop\backup.rar/backup/Hard_Boot_Life_Gold_Final v25 crack.zip C:\Documents and Settings\Student\Desktop\backup.rar/backup/yahoo/Hard_Boot_Life_Gold_Final v25 crack/Hard_Boot_Life_Gold_Final v25 crack/crack-calibre.exe C:\Documents and Settings\Student\Desktop\backup.rar/backup/yahoo/Hard_Boot_Life_Gold_Final v25 crack/Hard_Boot_Life_Gold_Final v25 crack.rar/Hard_Boot_Life_Gold_Final v25 crack/crack-calibre.exe C:\Documents and Settings\Student\Desktop\backup.rar/backup/yahoo/Hard_Boot_Life_Gold_Final v25 crack/Hard_Boot_Life_Gold_Final v25 crack.rar C:\Documents and Settings\Student\Desktop\backup.rar C:\Program Files\Cain\Abel.exe C:\Program Files\DAEMON Tools Lite\SRSAI.exe C:\WINDOWS\system32\YahooButton.ocx
- Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
purity
- Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
Reboot and tell me how your PC is running
#24
Posted 02 April 2008 - 06:33 PM
there is a speific reason i sayed ignore the backup folder. its because all those cracked software u see. was cracked my me or a good friend of mine. cain and able i use for pentesting. my school hired me to test there network and yahoobutton.ocx is not any threat i have the source. alot of the software on my pc uses upx code or virus like behavoir do to the nature of my job as a security consultant. also i was forced to replace my harddrive due to an acident(also know as a fall of a desk)
so i am running clean. thanks for your help though
so i am running clean. thanks for your help though
#25
Posted 03 April 2008 - 06:29 AM
Well if you won't delete them we can consider this case closed.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users