Has anyone seen a newer run of Poweliks droppers?
Seems we have a rash of this crap running about.
Any help, pointers are much appreciated.
_http://down.web052.com:804/qvodsetup7.exe MD5: 62297731ed94b07ae91cffc72bcaded8 SHA1: cafb948455fa7d8c86d840a7ae43f0d450ca9d37 https://www.virustotal.com/ru/file/b8da7ddafaedf35d9ea754f8b66fc07126e0cce523723f32864df144f165629f/analysis/ Im not sure this belongs here but gonna post it and let the M...
Last edited by Xylitol on Thu May 30, 2013 11:41 am, edited 1 time in total.
Reason: image fix
Looks like Xylitol has repaired the image as much as it can be, thanks for asking EP_X0FF.
Thank You Much X!
Best I could do for now, hadda use a camera, safe mode didnt load, havent tried anything else yet, still not awake.
If someone is good at re-sizing photos, have at it and repost so its visible.
Reveton aka FBI/MoneyPak Link is dead....http://ytojuxate.pl/erolikos (188.8.131.52) Seen it called Screenlock and other names like Fortinet W32/Moure.A!tr.dldr I disagree, although screenlock, this is pure reveton, wont be able to share pcap but trust me, its Reveton, all my stolen PWs say so! ;) ht...
Thanks EP, This is a clear example of how long I been outa the loop, not so sure I was ever in the loop, tbh! :lol: Should be some more fun somewhere to get back into the swing of things, especially since our tools section does good to "Suck Wind"!!!!!!!!!! Best, I shhhhh before i get myself into tr...
Same here but am having troubles with collecting the file while online, in either normal or safe mode, which I think is hilarious given fact Ive been doing this a while and am so out of practice, I barely remember how to infect anything!
Damn the bad luck!!!!!
If its truely a variant of qakbot, Im curious if you had windows show all hidden files, then venture into ?:\Windows\Task If so, you very well may find some rogue job files which need deletion else in some 4 to 7 days, all cleaned machines will reinfect, general task time between execution on last v...