Results 1 to 3 of 3

Thread: Trojans

  1. #1
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,170

    Default Trojans

    Malware which Spybot couldn't detect and/or fix.


    Revision History

    Category: Trojan
    Code:
    :: Trojans
    // Revision 2
    // {Cat:Trojan}{Cnt:1}
    // {Det:Matt,2009-05-01}
    
    // Die beiden folgenden Einträge sehen für mich nach Virtumonde aus:
    // Choose the BrowserHelperEx variant to flag the file as well, unless name is "(no name)".
    //BrowserHelperEx:"{39666021-19b5-db88-b164-6ad16f081fe0}","flagfile=1"
    RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{0ef180f6-1da6-461b-88bd-5b9112066693}"
    RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{0ef180f6-1da6-461b-88bd-5b9112066693}"
    // Choose the BrowserHelperEx variant to flag the file as well, unless name is "(no name)".
    //BrowserHelperEx:"(no name)","flagfile=1"
    RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{A2C9354B-38FC-47FF-99BB-638F62D02A71}"
    RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{A2C9354B-38FC-47FF-99BB-638F62D02A71}"
    
    // RegyValue is faster; IELinks would cover future location changes.
    // Dieser Eintrag sollte gefixed werden
    IELinks:"http://127.0.0.1:4664/
    Downloads: 1Rating: 0 (rated by 0 users)

  • #2
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    394

    Default

    So far, so good! :-)

    Only one thing about these new rules. I would not create an IELinks rule like this one:
    IELinks:"http://127.0.0.1:4664/

    It is a loop back and as far as I have seen also google desktop uses this address for their purposes. Anyway keep on going!
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  • #3
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,170

    Default

    Hallo,

    also wenn ich mich Recht entsinne, hatte diese Datei "trojan" mehr als 150 Zeilen... wo sind die alle hin? Denn wegen den paar Zeilen hätte ich nicht mal was angefangen.
    Best regards - Beste Grüße,

    Matt

  • Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •