| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <EEF9DEFA70456649B701B6B32C4949AE0C5FEC@server1.contentsecurity.com.au> From: Kane at contentsecurity.com.au (Kane Lightowler) Subject: Possible New Malware.... Trend Micro detects this as WORM_RORON.C Regards, Kane -----Original Message----- From: full-disclosure-admin@...ts.netsys.com on behalf of Aditya , ALD [ Aditya Lalit Deshmukh ] Sent: Tue 24/08/2004 1:03 AM To: Full-Disclosure@...ts. Netsys. Com Cc: Subject: [Full-Disclosure] Possible New Malware.... Hi List, Possible new malware makes startup entries and copies itself to the windows folder this is where it was found, creates a CurruntPowerProfile reg startup key with a value of Rundll32.exe,powrprof.dll,LoadCurrentPwrScheme2.exe cant find anything else that it is doing except that it is written in VB anyone willing to have a look at it ? the files are attached as they are just ~ 40 KB -aditya ( simply ren *.txt to *.exe ) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040824/d686b9af/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 145 bytes Desc: Blank Bkgrd.gif Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040824/d686b9af/attachment.gif
Powered by blists - more mailing lists