Search found 365 matches

by thisisu
Thu Dec 05, 2013 8:27 pm
Forum: Malware
Topic: Win32/Sefnit
Replies: 8
Views: 6642

Re: Win32/Sefnit

https://www.virustotal.com/en/file/c241 ... 386274936/
MD5: 6a207b6ad9ba7ebca9d6d77123ec4e06
by thisisu
Sat Nov 09, 2013 6:12 pm
Forum: Malware
Topic: Win32/Urausy (aka "WinLocker")
Replies: 80
Views: 78817

Re: Win32/Urausy (aka "WinLocker")

Nice find, thank you Here is another sample, this time Urausy -- MD5: 9bf9bcad600fb7f8d3014a0331e4284a Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Other.exe () HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\Other.res [ 2011-11-16...
by thisisu
Fri Nov 08, 2013 8:46 pm
Forum: Malware
Topic: Win32/Urausy (aka "WinLocker")
Replies: 80
Views: 78817

Re: Win32/Urausy (aka "WinLocker")

Sorry couldn't find a proper home for this one. MS identifies as TrojanDownloader:Win32/Cbeplay.R but description on their site doesn't seem to match the very obvious ransomware screen w/ audio that I experienced. https://www.virustotal.com/en/file/c5e29130083ddfb30d979f2730fd9e3771fd5b0ba2c4a0da2ab...
by thisisu
Fri Sep 27, 2013 12:06 am
Forum: Malware
Topic: Win32/Sefnit
Replies: 8
Views: 6642

Win32/Sefnit

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Sefnit#tab=2 https://www.virustotal.com/en/file/b2cad8322db85f67db6ea074d00c2ed56ce1fa92952d07b70baac249fa18236d/analysis/1380239442/ Info below from HitmanPro log. Name FlashPlayerUpdateService.exe Location C:\Windo...
by thisisu
Fri Sep 20, 2013 7:38 pm
Forum: Malware
Topic: Rogue Antimalware (FakeAV, 2013 year)
Replies: 142
Views: 218460

Re: Rogue Antimalware (FakeAV, 2013 year)

Internet Security 2014 (FakeRean)

MD5: 83e561c5b8c4337f91167d0ac65cea47

https://www.virustotal.com/en/file/7f36 ... 379705631/
by thisisu
Fri Aug 02, 2013 8:47 pm
Forum: Malware
Topic: Win32/Reveton
Replies: 150
Views: 191582

Re: Win32/Reveton

https://www.virustotal.com/en/file/014f9a76b3dae7a5a6ec60ecf31bbdb7edd771efef1ff975dec2b9d3b2fcb553/analysis/1375475881/ MD5 : df50510b6bac36f7b8901796b618ef8f PC was infected with Pihar.C, ZeroAccess Recycler, and looks like this is ransomware but it never displayed for me (sorry no pic). Legit ser...
by thisisu
Wed Jul 31, 2013 6:17 pm
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 567369

Re: ZeroAccess (alias MaxPlus, Sirefef)

For (A) - go to PROGRAMFILES\Google\Desktop\Install, take ownership (replacing ALL access list) and erase directory. Yes. Just providing an example: swxcacls "c:\program files\Google\Desktop\Install" /reset swxcacls can be downloaded from here: http://fstaal01.home.xs4all.nl/swxcacls-us.html But an...
by thisisu
Wed Jul 31, 2013 7:57 am
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 567369

Re: ZeroAccess (alias MaxPlus, Sirefef)

Easiest way so far that I've found to disable and delete the service is by using XueTr -- http://www.xuetr.com/download/XueTr.zip Detects the service as hidden and this should be differentiated from Google's legitimate service name which isn't hidden + different File Corporation (Company Name). Down...
by thisisu
Tue Jul 30, 2013 6:14 pm
Forum: Malware
Topic: Win32/Delf
Replies: 0
Views: 2616

Win32/Delf

https://www.virustotal.com/en/file/279f4044d1772d319a441d8f2d1aa21b31a8c8ce8b975e01103b82957b2f714c/analysis/1375206619/ HKCU\Software\Microsoft\Windows\CurrentVersion\Run 11/3/2000 6:54 PM voipsoft c:\windows\system32\hkicmd.exe 5/4/2011 9:01 AM https://secure2.sophos.com/en-us/threat-center/threat...