[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000001c37b00$3f07fb50$0202a8c0@teliahomebase>
From: kruse at krusesecurity.dk (Peter Kruse)
Subject: SV: [TROJAN Win32] Can't identify trojan found on Win98SE box
Hi Petr,
The code provided is a variant of Optix backdoor. A typical RAT that
would allow a malicious user to gain access to your system.
You should be able to search google, or whatever search-engine you
choose, for Optix+backdoor. This will give you several hits ;-)
Med venlig hilsen // Kind regards
Peter Kruse
Kruse Security
http://www.krusesecurity.dk
> -----Oprindelig meddelelse-----
> Fra: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] P? vegne af
> Petr Stetiar
> Sendt: 14. september 2003 21:57
> Til: full-disclosure@...ts.netsys.com
> Emne: [Full-Disclosure] [TROJAN Win32] Can't identify trojan
> found on Win98SE box
>
>
> Hi ALL,
>
> I've found one trojan horse or whatever it is on one Win98SE
> box today. I tried to find some info about it on google but
> didn't found anything.
>
> This file was found in C:\Windows\System directory.
> There were 2 unknown files to me actualy: msi2xec16.exe and
> mpldfg.exe (both same size and content, verified by MD5)
>
> You can download this file here:
>
http://takjo.net/mpldfg.exe-
win.ini
----------cut--------------
run=C:\WINDOWS\SYSTEM\MSI2XEC16.EXE
----------cut--------------
The same path was found also in registry under RUN key, if someone wants
full key I can post it later.
I'm just curious what kind of trojan it is, because I dont have
motivation to do anything on m$ powered "OS", but maybe someone...
Cheers,
Petr
--
(__)
--------------------------+------------------------------------------`
(@@) ynezz[at]hysteria[dot]sk | Customer: "I'm running WindowsXP
SP39g" |
/----\/ - * - * - * - * - * - * - | Tech: "Yes"
|
| | || irc://ynezz@...net | Customer: "My computer isn't
working now"|
* ||-|| icq: 923432434 | Tech: "Yes, you said that"
|
^^ ^^
----------------------------+------------------------------------------'
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists