A forum for reverse engineering, OS internals and malware analysis 

Win32.Autorunner

Forum for analysis and discussion about malware.

Re: trojan

 #3632  by Jaxryley
 Sun Nov 21, 2010 10:37 pm
XP VM CPU goes to 100% and stays there.

Managed to grab several droppers which are the same size with some packed slightly different

Each has a different product version and MD5.
Pass:
infected
(143.64 KiB) Downloaded 52 times
For hidden exes you could use the below batch file to unhide if run from where they reside. May have to run it a couple of times for them to show up.
Code: Select all
ATTRIB -R -S -H *.exe

Re: trojan

 #3639  by Meriadoc
 Mon Nov 22, 2010 12:29 pm
Something is probably keeping files hidden until its suspended. vb bleh.

Win32.Autorunner

 #3694  by EP_X0FF
 Wed Nov 24, 2010 4:38 pm
Malware copies itself to Documents and Settings\UserName and runs in background through HKCU\Software\Microsoft\Windows\CurrentVersion\Run registry key, turning off view for files with "System" attribute. Primitive VB stuff.

Topic title changed to be more informative.

http://virscan.org/report/02657ae87137b ... 3d6ab.html
 Return to “Malware”