Search found 28 matches

by Neurofunk
Wed Dec 12, 2012 6:53 pm
Forum: Malware
Topic: Win32/Reveton
Replies: 149
Views: 171563

Re: Trojan:Win32/Reveton

https://www.virustotal.com/file/d5a7e7c2a321c8c541b01e2be762368ce9a519d24423564b20e9584fac3844b3/analysis/ edit: this one is kind of fucked up in my opinion, there is a VERY questionable image embedded into it when it executes. Also not sure if the right place but does anyone know what the giant 90+...
by Neurofunk
Tue Aug 28, 2012 3:20 pm
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 501625

Re: ZeroAccess (alias MaxPlus, Sirefef)

Sure thing it is attached in this post, I also included the RKreport.txt in the zip file in case it is of use. edit: some of the files that Rogue Killer touched got detected by mcafee and it quarantined them first so I went back and restored them to their original state and threw them into an extra ...
by Neurofunk
Tue Aug 28, 2012 4:14 am
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 501625

Re: ZeroAccess (alias MaxPlus, Sirefef)

RogueKiller was able to blast all of it but the MBR portion. When trying to write to the MBR it was giving the following error: http://imgur.com/3siUKl.jpg (First run was the full check list for faked & antirootkit. I just ran the MBR only version so I could get a screenshot of the error message.) E...
by Neurofunk
Mon Aug 27, 2012 4:27 pm
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 501625

Re: ZeroAccess (alias MaxPlus, Sirefef)

I'll give it a shot, got about 7 tickets that came in this morning one of them is bound to be some unfortunate soul with it If not I still haven't fixed the machine from my screenshot post, for someone with a malware infection that is still active he seems to be taking it lightly, won't return my ca...
by Neurofunk
Mon Aug 27, 2012 1:56 pm
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 501625

Re: ZeroAccess (alias MaxPlus, Sirefef)

@Neurofunk : Do you have a dropper for this? Sorry but I don't :( I checked around on the machine for anything that would resemble the dropper but came up empty handed. Judging by the access protection logs for our AV suite that we use it was using the install_flash_player.exe + malicious msimg32.d...
by Neurofunk
Wed Aug 22, 2012 11:20 pm
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 501625

Re: ZeroAccess (alias MaxPlus, Sirefef)

Is sirefef moving back into the bootkit market? On this Win 7 x64 build I just found a machine hit with the services.exe infection but on top of that i found the following detections using Hitman Pro: http://i.imgur.com/XxBsD.jpg It is killing TDSSKiller, aswMBR and other similar tools that are used...
by Neurofunk
Wed Aug 08, 2012 7:02 pm
Forum: Malware
Topic: Trojan.Tracur
Replies: 4
Views: 4215

Re: Malware/Not classified

Sucpicious DLL file I came across on a users machine it currently has a 1/42 detection on VirusTotal (2 days after I uploaded it to VT originally), not sure what threat it is tied to but it launches 2 IExplore processes in the background and starts itself using Rundll32 and a key in HKEY_USERS inste...
by Neurofunk
Tue Jun 26, 2012 3:51 pm
Forum: Malware
Topic: Win32/Carberp
Replies: 46
Views: 49730

Re: Win32/Carberp

"Russian K-force operatives cuff suspected Carberp trojan bank raider"
http://www.theregister.co.uk/2012/06/26 ... st_russia/
by Neurofunk
Fri Jun 22, 2012 4:10 pm
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 501625

Re: ZeroAccess (alias MaxPlus, Sirefef)

Yup, ran into the same thing. When the reboot prompt comes up if you look for services.exe it isn't present anymore as a running process on the infected machine.
by Neurofunk
Mon May 21, 2012 5:26 pm
Forum: Malware
Topic: Rogue Antimalware (FakeAV, 2012 year)
Replies: 454
Views: 192931

Re: Rogue antimalware (FakeAV, FakeAlert)

Not only do they offer to remove malware but now they also help you torrent anonymously apparently. Such help people coding these applications why wouldn't anyone register for a copy :P

Image

Virus Total Link
MD5: 6d8d64254666452a94e970f31633a9da
Detection Ratio: 15/41