From design it's Urausy/Reveton, targeted at PC users from Romania. To remove it you can do a system restore using Safe Mode with command prompt: 1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Window...
Fixed it with Malwarebytes Anti-Malware.
Found 2 files:
%WINDIR%\system\svchost.exe and %AppData%\Roaming\skype.dat
Any idea? Doesn't seem to be Reveton or at least not what I saw till now?
HackedPOS wrote:VISA Sent out a Data Security Alert regarding memory-parsing POS malware:Any samples from those hashes in the doc?
http://www.scribd.com/doc/136739426/ALE ... s-04112013
p4r4n0id wrote:Dump Memory Grabber - http://www.securityweek.com/exclusive-n ... r-us-banksNot much info. Found any MD5 hash of some binary?
http://darkmoney.cc/kuplya-prodazha-36/ ... ojan-5117/
For what? If you think I'm a POS malware bad guys helper you're wrong. Don't get me wrong, but your first post here is about how to send me PM to give you some script. I fight malware.
Card Recon is legit software, I disagree with you, can't cast out a piece of software only because is used by the bad guys :)
Found this on a customer's POS. Didn't yet analyse it just looked at the strings. Copies self to other locations, creates autorun record, seems to send mails. Comodo analysis: http://camas.comodo.com/cgi-bin/submit?file=3db1bb43f8cf070631c69130a6f9ed5ac48a05a8846d59994880df327ab79c9e koaie007@yahoo....