| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040929173931.62166.qmail@web51503.mail.yahoo.com> From: keydet89 at yahoo.com (Harlan Carvey) Subject: Spyware? Worm? Trojan? "face license free bait" Wow. English aside, I have no idea where to start...there are so many questions that need to be asked for clarification on this that I don't know whether to sh*t or go blind! > I found something VERY VERY STRANGE on my computer > last evening... Yeah, so did I...the user! ;-) Okay, here's an excerpt from the email... > While writing this lines I found two another shit > directories :'( > > C:\PROGRA~1\Corn Internet Soft > > Filename Size CRC-32 > C5EDFC35 1060 92EE5B2C [set as system > files] > cemaylou.exe 272966 70370FFB (other name > it has taken : > nxkkxpjy.exe, greyend.exe, metapoll.exe) > HOLE NAME.exe 240663 A2325E7C > logduperoad.exe 9970 25C7A91D > seek barb regs win.exe 47616 D41BE72E (other > name it has taken : > batbodypokeextra.exe) > > > C:\PROGRA~1\upload admin bind > > Filename Size CRC-32 > DELETE PLAY.exe 15526 95665A33 > > And I'm unable to delete any of these files !! They > are not displayed in > taskmgr, and : > > -- > PsKill v1.03 - local and remote process killer > Copyright (C) 2000 Mark Russinovich > http://www.sysinternals.com > > Unable to kill process cemaylou.exe: > Process does not exist. > -- Okay, so you found cemaylou.exe in a directory...what made you think that it was a process? Just b/c you can't delete them, what makes you think that they *would* appear in TaskManager? > I've tried to sniff all these exe names using tools > from SysInternals > but I can't find any of these o_o !! Are you referring to FileMon and RegMon? Again...just b/c you can't delete the files, why do you think they are running? > What the hell is going on on my computer ?? Is Big > Brother watching me ? =) Yes, I am. Feel free to disconnect the power to your computer, disconnect all other cables, and throw the system in the trash. After watching you for a while, I've had enough fun...that thing you did the other night was funnier than "America's Funniest Home Videos" and "COPs" put together. > Thank you very much indeed for your help.. and sorry > for my really bad english. It isn't your English that's the problem, dude...it's all the Jolt cola you've been drinking, and that other thing you did that time in that place... ===== ------------------------------------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://groups.yahoo.com/group/windowsir/ ------------------------------------------------------------------------
Powered by blists - more mailing lists