Results 1 to 3 of 3

Thread: ReimageV6.exe

  1. 2009-02-16, 11:00 #1
    kinos
    kinos is offline
    Member
    Join Date
    May 2007
    Posts
    64

    Default ReimageV6.exe

    this program adds its self to the trused site on execution
    cdnrep.reimage.com

    then downloads 30,000+ files inc fake.trojan,virtumonde.
    (most off the files are locked,i had to use a file killer to remove all)
    then screws up your hosts files.
    the said files wernt picked up by s&d alought it may off duped the deciction (sp) as it scans your manchine for all files ect..

    its suppsed to repair your manchine hence the expected 30,000+ files
    the fake trojan installs on reboot as does virtumonde.
    this mabye a attempt to get you pay the £40 it asks for the repair.

    i was lucky i have webroot installed witch on reboot checks for malware and also alereted me to "THostsFile::SetActive call to RemoveOldCASSEntries falted" imo i dont know what this means but it happened after running that program i am not asking for help at this point as i have asked webroot,i am simply posting what happened to my manchine after running this program.

    downloading the program doesnt seem to be a issiue but running it and allowing it access to your manchine does.

    i did have to use another program to remove et all (fake.trojan)

    i do have logs off the found files if so needed.
    Last edited by kinos; 2009-02-16 at 11:10. Reason: typos+correct info
    Reply With Quote Reply With Quote
  2. 2009-02-16, 23:16 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello kinos,

    If Spybot-S&D does not detect or remove an item and you can find the files, please zip or rar them and send to: detections(at)spybot.info (Replace AT with @)

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
    Reply With Quote Reply With Quote
  3. 2009-02-18, 05:50 #3
    kinos
    kinos is offline
    Member
    Join Date
    May 2007
    Posts
    64

    Default

    sorry tashi.

    i thought i might be asked for what your asking.
    i knew i should off kept the two fake trojan files and made them non exeacutable.as i knew there location.but there now delted.

    the virtumode files they where automaticly quarntied (sp) on reboot.and i delted them.

    i thought this over i am guessing s&d didnt pick them up and they where set to run on reboot and mabye off lay dormant.and would off been picked up on rebooting.however thats a totaly wild guess.
    i guess that as webroot and didnt pick the virtumonde files until i rebooted eiither,and the same i did scan before rebooting.
    and mabye off been picked up if i had rebooted (i scanned before rebooting)

    malware bytes picked up the two fake trojan files before reboot.

    if it had just been two files i.e fake trojan i might off suspected a false positives
    however for webroot to also pick up another two and now this hosts file issiue all happing after running this program i wouldnt expect them all to be false positives.

    sorry next time i report anything like this i will be more constintant with whats required
    Last edited by kinos; 2009-02-18 at 05:56. Reason: typos/correcting info
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules