Search found 197 matches

by gjf
Mon Mar 21, 2011 8:39 pm
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248296

Re: Malware analysis - Buster Sandbox Analyzer

Actually it was not me who expects the problem. But I will try to find out and let you know.
by gjf
Mon Mar 21, 2011 3:23 pm
Forum: Tools/Software
Topic: Malware analysis - Buster Sandbox Analyzer
Replies: 314
Views: 248296

Re: Malware analysis - Buster Sandbox Analyzer

Buster_BSA , can you help with pretty strange issue? Here is sandboxie.ini: [GlobalSettings] FileRootPath=C:\Sandbox\%SANDBOX% [DefaultBox] ConfigLevel=7 AutoRecover=y Template=BlockPorts Template=LingerPrograms Template=Firefox_Phishing_DirectAccess Template=AutoRecoverIgnore RecoverFolder=%Person...
by gjf
Mon Mar 14, 2011 7:55 pm
Forum: Tools/Software
Topic: JoeBox (Joe Sandbox): say good-bye to free service
Replies: 4
Views: 6017

JoeBox (Joe Sandbox): say good-bye to free service

Nothing to said. In a few last months famous JoeBox stopped giving free service. At first time there was "a registration form" for e-mail - but now the case is closed. Just to cite: We have provide for the last three years a completely free service to the security community. Due to increasing costs ...
by gjf
Mon Mar 14, 2011 7:02 pm
Forum: Malware
Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)
Replies: 595
Views: 632809

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

ESET found (sorry, in Russian only) that sometimes TDL4 installs Win32/Glupteba immediately after identification in botnet. It is performing using instruction from C&C: task_id = 2|10||hxxp://wheelcars.ru/no.exe that could be interpreted as task_id = [command_id] [encryption_key] [URL] Glupteba wor...
by gjf
Fri Mar 04, 2011 9:45 pm
Forum: Malware
Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)
Replies: 595
Views: 632809

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

Certainly a Kav fan:) Nope :) I offer my gratitude to Michael Hale Ligh, one of the authors of the excellent Malware Analysts Cookbook Just because I have read it I can state that this guy just trying to be a pro according to this book. All the same scenarios, all the same tools and a lot of non-sy...
by gjf
Thu Feb 24, 2011 10:41 am
Forum: Tools/Software
Topic: RkUnhooker 3.8 SR2 public beta test
Replies: 154
Views: 130506

Re: RkUnhooker 3.8 SR2 public beta test

Attached is my config file. You can import it, update KIS (I see your bases are outdated - it's OK, but what about patches? The actual version is 11.0.2.556 a.b.c.d), reboot and check if RkU will work.
by gjf
Thu Feb 24, 2011 8:59 am
Forum: Tools/Software
Topic: RkUnhooker 3.8 SR2 public beta test
Replies: 154
Views: 130506

Re: RkUnhooker 3.8 SR2 public beta test

Actually I have to state that some hooks made by antivirus products really makes it impossible to work with subj.

If you try RkU with installed and (of course!) shutted down KIS 11.0.2.556 the whole system will hang so it would be necessary to perform cold reboot.
by gjf
Tue Feb 22, 2011 10:59 am
Forum: Malware
Topic: Smitnyl - MBR infector
Replies: 3
Views: 5487

Re: Smitnyl - MBR infector

It should be noted, because it was not obvious from F-Secure post, that fake explrer.exe (downloader) starts, downloads some stuff (in my case it was hxxp://xc.115.bz/tools.exe ) and then exits . So without checking userinit.exe and MBR it is not possible to find the way where malware comes in. Actu...
by gjf
Sun Feb 20, 2011 3:54 pm
Forum: Malware
Topic: Smitnyl - MBR infector
Replies: 3
Views: 5487

Smitnyl - MBR infector

by gjf
Sat Feb 19, 2011 11:57 pm
Forum: Malware
Topic: Trojan SpyEye (alias Pincav)
Replies: 418
Views: 396548

Re: Trojan SpyEye (alias Pincav)

One of the latest SpyEyes, looks like with Zeus embedded functionality. Password - virus.