Search found 365 matches

by thisisu
Sun Jul 28, 2013 4:26 am
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117591

Re: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)

WDO can handle it, not MSE itself. I understand that. I just had a hard time believing that the recovery partition was the one that was compromised. It's not something I've seen before. So just so I understand correctly, this type of infection infects existing partitions; unlike MAXSS/TDL4 which wo...
by thisisu
Sun Jul 28, 2013 4:16 am
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117591

Re: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)

So TDSSKiller removed Cidox and after this MSE still detects it in VBR? No. Once TDSSKiller found and removed Cidox, MSE stopped reporting/detecting it. MSE kept detecting it but wasn't able to fix alone. Notice the errors below from MSE log: Start time:‎07‎-‎15‎-‎2013 22:36:19 Threat Name:Trojan:D...
by thisisu
Sun Jul 28, 2013 4:01 am
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117591

Re: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)

EP_X0FF wrote: 2) scan offline?
Here is a scan from a tool called ListParts that was performed offline before the infection was removed by TDSSKiller

I attached the resulting log here for easier access but its contents can also be found @ post #22 of the thread.
Thanks for looking into this.
by thisisu
Sun Jul 28, 2013 3:46 am
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117591

Re: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)

EP_X0FF wrote: 2) all logs from MSE with detections please
I think this is what you're looking for. It was in the thread above but I've attached it for review.
by thisisu
Sat Jul 27, 2013 7:54 pm
Forum: Malware
Topic: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)
Replies: 83
Views: 117591

Re: WinNT/Rovnix (alias Mayachok, Cidox, BkLoader)

Is this bootkit known to infect Recovery partition? Disk ID: 0DA018DE Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 17 GB 1024 KB Partition 2 Primary 100 MB 17 GB Partition 3 Primary 100 MB 17 GB Partition 4 Primary 913 GB 17 GB 09:56:56.0205 1316...
by thisisu
Fri Jul 26, 2013 11:25 pm
Forum: Malware
Topic: Win32/Fynloski (DarkComet)
Replies: 54
Views: 100579

Re: Win32/Fynloski (DarkComet)

Infected warez I think: https://www.virustotal.com/en/file/1bc6dd58c9e05c415fa6476129b9743eda03348ac71ef1b307226cd452b1d7e1/analysis/1374880346/ Was located here on a customer's Win8 laptop. C:\Program Files\GreenTree Applications\YTD Video Downloader\YTD_Downloader_Patch_c.exe Keylogged data stored...
by thisisu
Fri Jul 26, 2013 2:32 am
Forum: Completed Malware Requests
Topic: Trojan:DOS/Rovnix.D
Replies: 2
Views: 2279

Re: Trojan:DOS/Rovnix.D

Thanks EP_X0FF. Can mark this as completed. ;)
by thisisu
Fri Jul 26, 2013 12:38 am
Forum: Completed Malware Requests
Topic: Trojan:DOS/Rovnix.D
Replies: 2
Views: 2279

Trojan:DOS/Rovnix.D

Hi, I'm looking for a dropper of Trojan:DOS/Rovnix.D. According to MS, Trojan:DOS/Rovnix.D is a detection for the malicious Volume Boot Record (VBR); the malicious VBR is loaded at boot time. Source: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3ADOS%2FRovnix.D...
by thisisu
Tue Jul 16, 2013 7:40 am
Forum: Completed Malware Requests
Topic: Symmi
Replies: 1
Views: 2005

Symmi

Hello, I'm looking for sample of: a) Symmi b) Known MD5s : 5537d2d934bd96ecf0d00b25a3cb9967 and 135e8284315b7c0b83d8f4772df4a18f c) MD5s came from http://tigzyrk.blogspot.com/2012/10/analysis-win32symmi-naked-decryption.html and https://secure2.sophos.com/en-us/threat-center/threat-analyses/viruses-...
by thisisu
Fri Jul 12, 2013 12:52 am
Forum: Malware
Topic: Win32/Medfos - Browser redirecting Trojan
Replies: 22
Views: 13471

Re: Win32/Medfos - Browser redirecting Trojan

Thanks for clearing that up for me :)