Jump to content

New trojan

mandeleter

By mandeleter
in General Chat

 Share

Recommended Posts

mandeleter

mandeleter

Posted
  • Author
Posted
no trojan? all ok? and what language do you speak? If you still need help, Let us know?

this not is as trojan its a worm the file appears again when I removed it and I connect to internet

this connects to many directions i testing with the firewall of NOD32.

i speak spanish

muchas gracias a todos

thanks for yours answers

Link to post
Share on other sites
mandeleter

mandeleter

Posted
  • Author
Posted
The file remains hidden in windows but I could remove this in the zip attachment.

Very careful as it is spreading very quickly and pollutes much the networks are not connected to the open.

I hope to help take the first malware bytes, greetings and thanks.

El archivo permanece oculto en windows aunque lo he podido remover, esta en el zip que adjunto.

Mucho cuidado ya que se esta esparciendo muy rapidamente y contamina mucho las redes, al abrirlo no esten conectados.

Espero servir de ayuda para que malware bytes tenga la primicia, saludos y gracias.

Moderator can you change the name of the post to New Worm but this isn`nt a trojan

I already send the file to the page

Link to post
Share on other sites
yardbird

yardbird

Posted
Posted
Moderator can you change the name of the post to New Worm but this isn`nt a trojan

I already send the file to the page

The file remains secret in windows although I could have removed it, this one in the zip that I enclose.

A lot of care since it is scattering very quickly and contaminates very much the networks, on having opened it, do not be connected.

I hope to serve as help so that malware bytes it has the novelty, greetings and thank you.

Link to post
Share on other sites
mandeleter

mandeleter

Posted
  • Author
Posted
No idea, I'll have to ask or maybe soneone will see this and reply.

I have 26 years and I am a systems analyst, the virus is not revealed in malwarebytes I was detected when a virus appeared in the PCB (process control block) and the firewall node that detects the connections of the files I notice that the msddrv42.exe file is connected to other network connections blocking my connection the worm its to recent.

Now searching in google i found anothers forums when the same problem, the worm is spreading fast.

Now I find it also in the registry at the following location HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Run

this disguised as Windows Driver Setup and this reg really not excist.

Link to post
Share on other sites
Bobc11

Bobc11

Posted
Posted
I have 26 years and I am a systems analyst, the virus is not revealed in malwarebytes I was detected when a virus appeared in the PCB (process control block) and the firewall node that detects the connections of the files I notice that the msddrv42.exe file is connected to other network connections blocking my connection the worm its to recent.

Now searching in google i found anothers forums when the same problem, the worm is spreading fast.

Now I find it also in the registry at the following location HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Run

this disguised as Windows Driver Setup and this reg really not excist.

Avira gets it.

And i got it too!! :D

Link to post
Share on other sites
Noah

Noah

Posted
Posted

Seems like the file [the virus] uses the names as

* 786.EXE

* 778.EXE

* 485.EXE

* FW[n].EXE

File size [on all of them] are/is

* 98,304 bytes

And the effect of it?

* Added as a Registry auto start to load Program on Boot up

Doesn't seem like much, but by the way you guys put it, this thing really doesn't want to be removed.

Link to post
Share on other sites
mountaintree16

mountaintree16

Posted
Posted

Oh good :D (glad its getting all cleaned up!)

Did it come up on Avira with any particular site that you visited, just curious?

From what i know now yes! Just finished cleanup actually! :D
Link to post
Share on other sites
mountaintree16

mountaintree16

Posted
Posted

Eak! That's not good.

Could one get it simply by viewing the thread or would I have had to click on something?

I viewed the thread when it was live (I think) but I did NOT click on any links in any posts, just the regular "reply" button.

The infector was attached in this thread, until Tom removed it
Link to post
Share on other sites
Bobc11

Bobc11

Posted
Posted
Oh good :D (glad its getting all cleaned up!)

Did it come up on Avira with any particular site that you visited, just curious?

No Not a particular site.

The guard came up without warning and the i scanned.

The gaurd said i had a TR/Xpack.gen [C:\1.exe]

Then i scaned and found it it took a long time but i got rid of it.

Link to post
Share on other sites
mountaintree16

mountaintree16

Posted
Posted

Eak, that's pretty scary!

Glad you caught it and its gone :D

Hope I don't get it :)

No Not a particular site.

The guard came up without warning and the i scanned.

The gaurd said i had a TR/Xpack.gen [C:\1.exe]

Then i scaned and found it it took a long time but i got rid of it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.