iamscottevil
2008-12-04, 10:49
I was on the pirate bay and an activeX tried to install something about a webcam I didn't catch, but teatimer stopped a key being writting loading at first a Pdakukimupewuku.dll then an aribajoganisap.dll, I set both to auto deny, but they are still trying. I'm going to kill them with icesword and delete them, but this should go out as a warning that neither AVG or spybo caught them, but teatimer noticed the key trying to implemet itself and IExplore security stopped the activeX.
I zipped the .dll before removal, let me know if any researchers need it.
Here is the teatimer log
12/3/2008 5:03:53 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 5:03:54 PM Denied (based on user blacklist) value "Sfasir" (new data: "rundll32.exe "C:\WINDOWS\Pdakukimupewuku.dll",e") added in System Startup global entry!
12/3/2008 5:03:54 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 5:03:55 PM Denied (based on user blacklist) value "Sfasir" (new data: "rundll32.exe "C:\WINDOWS\Pdakukimupewuku.dll",e") added in System Startup global entry!
12/3/2008 5:03:55 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:31 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:35 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:36 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:39 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:41 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:42 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
I zipped the .dll before removal, let me know if any researchers need it.
Here is the teatimer log
12/3/2008 5:03:53 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 5:03:54 PM Denied (based on user blacklist) value "Sfasir" (new data: "rundll32.exe "C:\WINDOWS\Pdakukimupewuku.dll",e") added in System Startup global entry!
12/3/2008 5:03:54 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 5:03:55 PM Denied (based on user blacklist) value "Sfasir" (new data: "rundll32.exe "C:\WINDOWS\Pdakukimupewuku.dll",e") added in System Startup global entry!
12/3/2008 5:03:55 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:31 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:35 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:36 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:39 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:41 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!
12/3/2008 10:46:42 PM Denied (based on user blacklist) value "Jkiviyayidadotib" (new data: "rundll32.exe "C:\WINDOWS\aribajoganisap.dll",e") added in System Startup global entry!