Search found 197 matches

by gjf
Thu Jan 26, 2012 11:56 am
Forum: Malware
Topic: Source of Malware
Replies: 141
Views: 220883

Re: Source of Malware

https://alliance.mwcollect.org/public/join_requirements is not available because of outdated certificate ;) In other hand I agree with EP_X0FF: when trying to open any link to "Packed Malware_Binary" for instance, here , the above mentioned "apologies" appears. In such conditions this source is use...
by gjf
Mon Dec 12, 2011 9:05 pm
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248832

Re: Malware analysis - Buster Sandbox Analyzer

Hm. Strange. I have observed "No options - please enter them using Options button" (or something like that) few times when I used Exeinfo option enabled in BSA. I thought it is linked with registry settings.
Will investigate it in future.
by gjf
Mon Dec 12, 2011 8:10 pm
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248832

Re: Malware analysis - Buster Sandbox Analyzer

What about registry issue? I've thought about simple backup of registry key and bringing it back from start to start, but it can cause problems if Учуштащ alreday installed on the machine. In other hand - the subkey will change from version to version (HKEY_CURRENT_USER\Software\ExEi-pe\Exeinfo PE -...
by gjf
Mon Dec 12, 2011 1:01 pm
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248832

Re: Malware analysis - Buster Sandbox Analyzer

A few remarks concerning the last version and included Exeinfo.
First of all - it's not the last version (last is 0.0.3.0).
Second - with such tool BSA becomes non-portable: Exeinfo stores it's settings at HKEY_CURRENT_USER\Software\ExEi-pe. So it is necessary to virtualize it in BSA.
by gjf
Mon Dec 12, 2011 10:04 am
Forum: Malware
Topic: W32.Duqu
Replies: 55
Views: 55523

Re: W32.Duqu

The Mystery of Duqu: Part Five IMHO Kaspersky Lab is played out with this case: Gostev stopped publishing his "interesting" investigations and some other expert starts his own: The driver is registered in the HKLM\System\CurrentControlSet\Services\ registry path. The exact name of the registry key ...
by gjf
Mon Nov 14, 2011 2:21 pm
Forum: Malware
Topic: W32.Duqu
Replies: 55
Views: 55523

Re: W32.Duqu

by gjf
Mon Nov 14, 2011 11:11 am
Forum: Malware
Topic: W32.Duqu
Replies: 55
Views: 55523

Re: W32.Duqu

by gjf
Thu Nov 03, 2011 12:14 pm
Forum: Malware
Topic: W32.Duqu
Replies: 55
Views: 55523

Re: W32.Duqu

The Mystery of Duqu:
Part 1
Part 2
Part 3
by gjf
Mon Jul 11, 2011 11:09 am
Forum: Malware
Topic: Trojan.MBRlock
Replies: 94
Views: 85049

Re: Trojan.MBRlock

Ok, But i test MSE on detection/remove Mayachok.2 and not detect it with last update. Actually, I making quick scan. What is Mayachok.2? If it is Rootkit.CiDox it could be caused by non-standard mechanism of infection. IPL is not MBR and it is a problem now for not only Microsoft. BTW it can be cur...