A forum for reverse engineering, OS internals and malware analysis 

Search found 90 matches

 Go to advanced search

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

 by SecConnex ¦  Fri Aug 10, 2012 12:26 am ¦  Forum: Malware ¦  Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik) ¦  Replies: 595 ¦  Views: 641194

Well, I think old Prevx is untrustworthy. But, Webroot now owns Prevx, so I don't find anymore flaws.

Re: Ubisoft includes backdoor in games distributives

 by SecConnex ¦  Tue Jul 31, 2012 8:32 am ¦  Forum: Malware ¦  Topic: Ubisoft includes backdoor in games distributives ¦  Replies: 2 ¦  Views: 2643

Nice. Comes as no surprise. And here I was beginning to like Ubisoft. :roll:

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by SecConnex ¦  Mon Jul 16, 2012 5:51 am ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 570743

I don't know about the Sirefef tool against the latest. I do know the Services tool helps repair broken/damaged Services, as I just used it recently. I actually used it for somebody whose install of ESET products was not allowing updates. After the Service Repair Tool, ESET software functioned.

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by SecConnex ¦  Fri Jul 06, 2012 8:55 pm ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 570743

Not a new variant. It's been recognized many times already. Unassociated with Sirefef. Probably a different infection on the same machine.

Should be fine. ComboFix (if sUBs can verify) usually takes care of it right away!

Re: New offensive-computing

 by SecConnex ¦  Mon Jun 25, 2012 6:07 pm ¦  Forum: General Discussion ¦  Topic: New offensive-computing ¦  Replies: 4 ¦  Views: 5647

Re: AV products tests

 by SecConnex ¦  Mon Jun 25, 2012 6:04 pm ¦  Forum: General Discussion ¦  Topic: AV products tests ¦  Replies: 11 ¦  Views: 12588

Webroot SecureAnywhere...I've heard a lot about. It's got major improvements to AV technology...but still kinda the same old stuff.

Once again Avast is looking nice!

I miss Kaspersky products from 2011...what happened to 2012? Jeez. :roll:

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by SecConnex ¦  Mon Jun 25, 2012 2:44 pm ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 570743

HERE: http://www.kernelmode.info/forum/viewto ... =20#p13448

Seeing the same import again as saw in first test of GMER: CreateProcessAsUserW in API-MS-Win-Core-ProcessThreads-L1-1-0.dll

Services.exe MD5 - 2B336AB6286D6C81FA02CBAB914E3C6C

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by SecConnex ¦  Mon Jun 25, 2012 2:16 pm ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 570743

Ha...funny how I misplace droppers. :oops: This dropper is almost a month old, tbh. Totally clean XP box...infected with ZA obtained on May 27. No other malware was installed. I understand about the Pragma issue resulting from TDL3, but there's no way that happened. However, I imagine if we gathered...

Re: ZeroAccess (alias MaxPlus, Sirefef)

 by SecConnex ¦  Mon Jun 25, 2012 8:38 am ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 570743

Damn epic... infected services.exe on x32 - 2 / 42 - Virus:Win32/Sirefef.R https://www.virustotal.com/file/4c1096f2855ca7e6a043b312ea80921d3ce445630697eb4f4850ae842424a602/analysis/1340263629/ Quick question... Anyone have a record of four infected files from ZA (XP test machine)? -user32.dll (veri...

Re: Rootkit ZeroAccess (alias Max++, Sirefef)

 by SecConnex ¦  Mon Jun 18, 2012 10:34 am ¦  Forum: Malware ¦  Topic: ZeroAccess (alias MaxPlus, Sirefef) ¦  Replies: 557 ¦  Views: 570743

I have seen the IAT of infected x86 system of ZA...it shows the hooks. ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[616] @ C:\Windows\system32\services.exe [ADVAPI32.dll! CreateProcessAsUser W] 00100002 IAT C:\Windows\system32\services.exe[616] @ C:\Windows\system32\serv...

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9