shimon
2007-02-08, 10:40
i found a new startup location may be you know it.
may be it is related to GDI+
i cad a trojan dopper its name was:~[numbers].exe in my user folder in documents and settings.
and it was in registery in two locations
local machine\*\*services\ie updater\[somthing like image path]
local machine\*\*services\internet explorer updater\[somthing like image path]=executeable.exe.
there was a buffer overflow as i understand.
it crushed and downloaded a trojan.
and tried to execute it but my antivirus denied it.
may be it is related to GDI+
i cad a trojan dopper its name was:~[numbers].exe in my user folder in documents and settings.
and it was in registery in two locations
local machine\*\*services\ie updater\[somthing like image path]
local machine\*\*services\internet explorer updater\[somthing like image path]=executeable.exe.
there was a buffer overflow as i understand.
it crushed and downloaded a trojan.
and tried to execute it but my antivirus denied it.