Search found 365 matches

by thisisu
Mon Apr 07, 2014 3:06 am
Forum: Malware
Topic: Rogue Antimalware (FakeAV, 2014 year)
Replies: 58
Views: 68700

Re: Rogue Antimalware (FakeAV, 2014 year)

Credits to BornSlippy of MBAM for finding and posting these

The .ico of Windows Internet Watchdog:
Image

pass is infected
by thisisu
Fri Apr 04, 2014 7:59 pm
Forum: Malware
Topic: Win32/Sefnit
Replies: 8
Views: 6637

Re: Win32/Sefnit

MD5: bf6054d16bbce96159f8cbbde8ea80b3 https://www.virustotal.com/en/file/6ccc423904cb5606148879106cd6bb10007ef26fa1fcb55e60c9f8a3e8521fcc/analysis/1396641099/ R2 bthsrv;Bluetooth Service;c:\windows\system32\Drivers\BleServicesCtrl.exe [2006-08-07 335872] ==================== Loaded Modules (whitelis...
by thisisu
Sat Mar 22, 2014 8:09 pm
Forum: Malware
Topic: Rogue Antimalware (FakeAV, 2014 year)
Replies: 58
Views: 68700

Re: Rogue Antimalware (FakeAV, 2014 year)

.. continued from http://www.kernelmode.info/forum/postin ... 04#pr22523

All from the month of March. All FakeVimes.
by thisisu
Sat Mar 22, 2014 8:03 pm
Forum: Malware
Topic: Rogue Antimalware (FakeAV, 2014 year)
Replies: 58
Views: 68700

Re: Rogue Antimalware (FakeAV, 2014 year)

Credits to BornSlippy for posting these on MBAM forums. Just wanted to share with others that want to experiment as well. ;)

Password is infected
by thisisu
Sat Mar 22, 2014 5:55 pm
Forum: Malware
Topic: Win32/Sefnit
Replies: 8
Views: 6637

Re: Can someone ID this malware?

EP_X0FF wrote:Does this dll works for you?
No :( I tried it yesterday after posting it on a XP VM. Nothing ever happened (code quits as you said). I'm going to try it out on a Win7 x64 live system in an hour or two.

edit: ... and still nothing :(
by thisisu
Sat Mar 22, 2014 4:59 pm
Forum: Malware
Topic: Win32/Sefnit
Replies: 8
Views: 6637

Re: Can someone ID this malware?

The 0x7e BSOD previously mentioned turned out to be caused by a graphics driver (intel).. so not any type of MBR infection as I initially thought.
by thisisu
Fri Mar 21, 2014 9:45 pm
Forum: Malware
Topic: Win32/Sefnit
Replies: 8
Views: 6637

Can someone ID this malware?

Hi, Came across a laptop today that was booting up with BSOD 0x7e and 0x3b (probably MBR infection of some sort). Customer only wanted a clean install but was curious to see what was possibly causing the boot issue. Came across this line in a FRST log. HKU\Owner\...\Run: [Vgacprt32] - rundll32.exe "...
by thisisu
Sat Jan 11, 2014 1:45 am
Forum: Malware
Topic: CryptoLocker (Trojan:Win32/Crilock.A)
Replies: 118
Views: 202864

Re: CryptoLocker (Trojan:Win32/Crilock.A)

I wrote a small tool to scan for CryptoLocker files or determine if a specific file is encrypted by CryptoLocker based on the above check. I use it mostly to quickly determine if files that victims sent me are encrypted by CryptoLocker or not, as most users just send encrypted files and ask for hel...
by thisisu
Fri Jan 10, 2014 10:05 pm
Forum: Malware
Topic: CryptoLocker (Trojan:Win32/Crilock.A)
Replies: 118
Views: 202864

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Hi all, Can someone please take a look at this file and let me know what type of malware it came from? Message from the user on Jan 18th, 2013 : I have been attacked by a virus where all my excel, word, music files have been encrypted. My restore also sates that it has been unable to complete. When ...
by thisisu
Wed Dec 18, 2013 11:32 pm
Forum: Malware
Topic: Win32/Urausy (aka "WinLocker")
Replies: 80
Views: 78751

Re: Win32/Urausy

Should i put more about it or what could it do.. I just joined and read the rules so bear with me.. Colby :D As a courtesy you can upload the malware to VirusTotal (https://www.virustotal.com) and add a link to your post. Screenshots of the malware and any reversing tips about said malware are also...