Search found 90 matches

by SecConnex
Fri Aug 10, 2012 12:26 am
Forum: Malware
Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)
Replies: 595
Views: 633461

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

Well, I think old Prevx is untrustworthy. But, Webroot now owns Prevx, so I don't find anymore flaws.
by SecConnex
Tue Jul 31, 2012 8:32 am
Forum: Malware
Topic: Ubisoft includes backdoor in games distributives
Replies: 2
Views: 2547

Re: Ubisoft includes backdoor in games distributives

Nice. Comes as no surprise. And here I was beginning to like Ubisoft. :roll:
by SecConnex
Mon Jul 16, 2012 5:51 am
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 564173

Re: ZeroAccess (alias MaxPlus, Sirefef)

I don't know about the Sirefef tool against the latest. I do know the Services tool helps repair broken/damaged Services, as I just used it recently. I actually used it for somebody whose install of ESET products was not allowing updates. After the Service Repair Tool, ESET software functioned.
by SecConnex
Fri Jul 06, 2012 8:55 pm
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 564173

Re: ZeroAccess (alias MaxPlus, Sirefef)

Not a new variant. It's been recognized many times already. Unassociated with Sirefef. Probably a different infection on the same machine.

Should be fine. ComboFix (if sUBs can verify) usually takes care of it right away!
by SecConnex
Mon Jun 25, 2012 6:07 pm
Forum: General Discussion
Topic: New offensive-computing
Replies: 4
Views: 5523

Re: New offensive-computing

by SecConnex
Mon Jun 25, 2012 6:04 pm
Forum: General Discussion
Topic: AV products tests
Replies: 11
Views: 12423

Re: AV products tests

Webroot SecureAnywhere...I've heard a lot about. It's got major improvements to AV technology...but still kinda the same old stuff.

Once again Avast is looking nice!

I miss Kaspersky products from 2011...what happened to 2012? Jeez. :roll:
by SecConnex
Mon Jun 25, 2012 2:44 pm
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 564173

Re: ZeroAccess (alias MaxPlus, Sirefef)

HERE: http://www.kernelmode.info/forum/viewto ... =20#p13448

Seeing the same import again as saw in first test of GMER: CreateProcessAsUserW in API-MS-Win-Core-ProcessThreads-L1-1-0.dll

Services.exe MD5 - 2B336AB6286D6C81FA02CBAB914E3C6C
by SecConnex
Mon Jun 25, 2012 2:16 pm
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 564173

Re: ZeroAccess (alias MaxPlus, Sirefef)

Ha...funny how I misplace droppers. :oops: This dropper is almost a month old, tbh. Totally clean XP box...infected with ZA obtained on May 27. No other malware was installed. I understand about the Pragma issue resulting from TDL3, but there's no way that happened. However, I imagine if we gathered...
by SecConnex
Mon Jun 25, 2012 8:38 am
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 564173

Re: ZeroAccess (alias MaxPlus, Sirefef)

Damn epic... infected services.exe on x32 - 2 / 42 - Virus:Win32/Sirefef.R https://www.virustotal.com/file/4c1096f2855ca7e6a043b312ea80921d3ce445630697eb4f4850ae842424a602/analysis/1340263629/ Quick question... Anyone have a record of four infected files from ZA (XP test machine)? -user32.dll (veri...
by SecConnex
Mon Jun 18, 2012 10:34 am
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 564173

Re: Rootkit ZeroAccess (alias Max++, Sirefef)

I have seen the IAT of infected x86 system of ZA...it shows the hooks. ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[616] @ C:\Windows\system32\services.exe [ADVAPI32.dll! CreateProcessAsUser W] 00100002 IAT C:\Windows\system32\services.exe[616] @ C:\Windows\system32\serv...