WTFFFFF??? what is this.. Asap

[mjst]

what is this?? can you tell me asap??

 

[ExTrEmEDwarf]

Its not the noble maker npc

 

Plus you cant be infected with text documents and html files

 

 

 

 

---

Objects scanned: 14

Time elapsed: 2 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

[Enigma]

omg you have l2off server online!!!!

in this pc!

 

yes we do and running on the offline server we had logparser/msql and the server.

 

as for downloading files etc xryskom does it

[Enigma]

guys what can we put on right now as an antivirus?

[killer666]

yes we do and running on the offline server we had logparser/msql and the server.

 

as for downloading files etc xryskom does it

 

he must not download files from this PC.. omg dude!

[mjst]

http://lmgtfy.com/?q=win32.hllp.Kulu+v2.92

nothing from google...

 

he must not download files from this PC.. omg dude!

i know dude....  :/

 

 

know any good antiviruse for windows server 2003 x64? (free)

i need to scan

[killer666]

http://lmgtfy.com/?q=win32.hllp.Kuku+v2.92

[mjst]

http://translate.google.com/translate?hl=el&sl=ru&tl=en&u=http%3A%2F%2Fforum.ru-board.com%2Ftopic.cgi%3Fforum%3D27%26topic%3D11917

pfffff

 

any good translate???

 

технические детали 

 

Вирус, имеющий шпионский функционал — перехват ввода с клавиатуры (keylogger). Собранную информацию отправляет почтой по протоколу SMTP.

 

При старте выбрасывает (drops) в системный или временный каталог свою компоненту SYSLIB32.DLL размером 2615 байт.

 

При заражении дописывает себя в начало файла, изменяет имена секций PE заголовка на цифровые, в порядке возрастания.

 

Содержит зашифрованные строки:

 

Win32.HLLP.Kuku

<<<<<Hey, Lamer! Say "Bye-bye" to your data! >>>>>

Copyright © by Sector 

[Arsh]

http://www.eset.eu/encyclopaedia/win32_sality_t_virus_w32_sality_y_inf_sality_p?lng=en

 

"WIN32.HLLP.KUKU" its just a fake,the real "virus" behind it its the sality.t "Win32/Sality.T"

and seems to be done by some russian,

 

Information stealing
Win32/Sality.T is a virus that steals sensitive information.

The following information is collected:

    * user name
    * computer name
    * malware version

more...

    * user name
    * computer name
    * malware version
    * computer IP address
    * operating system version
    * list of disk devices and their type
    * RAS accounts
    * recently visited URLs

under...
The data is saved in the following file:

    * %system%\TFTempCache

The virus sends the information via e-mail. The virus uses the following SMTP server:

    * msx.mail.ru

The sender address is one of the following:

    * CyberMazafaka@mailru.com

The recipient address is one of the following:

    * sector2007@list.ru
    * bespontovij@list.ru

The name of the attached file is following:

    * readme.tjc
    * TFTempCache.tjc

[ExTrEmEDwarf]

http://translate.google.com/translate?hl=el&sl=ru&tl=en&u=http%3A%2F%2Fforum.ru-board.com%2Ftopic.cgi%3Fforum%3D27%26topic%3D11917

pfffff

 

any good translate???

 

технические детали 

 

Вирус, имеющий шпионский функционал — перехват ввода с клавиатуры (keylogger). Собранную информацию отправляет почтой по протоколу SMTP.

 

При старте выбрасывает (drops) в системный или временный каталог свою компоненту SYSLIB32.DLL размером 2615 байт.

 

При заражении дописывает себя в начало файла, изменяет имена секций PE заголовка на цифровые, в порядке возрастания.

 

Содержит зашифрованные строки:

 

Win32.HLLP.Kuku

<<<<<Hey, Lamer! Say "Bye-bye" to your data! >>>>>

Copyright © by Sector 

technical details

 

The virus, which has the spy functionality - intercepting keystrokes (keylogger). The collected information is sent by mail using SMTP.

 

At startup throws (drops) in the system temporary directory or its component SYSLIB32.DLL size of 2615 bytes.

 

Upon infection, appends itself to the beginning of the file, change the names of the sections of PE header to digital, in ascending order.

Contains the encrypted string:

 

Win32.HLLP.Kuku

<<<<< Hey, Lamer! Say "Bye-bye" to your data!>>>>>

Copyright © by Sector

[killer666]

so its a real hiding virus :P ... and must be formatted cause work like a keylogger..

[ExTrEmEDwarf]

Search windows for SYSLIB32.DLL and delete it

 

Also find a registry cleaner.

[mjst]

you know any registry cleaner ??

edit: i cant' find this SYSLIB32.DLL

[Arsh]

http://www.piriform.com/ccleaner

Or

http://www.glaryutilities.com/gu.html

[mjst]

work with windows server 2003 x64?

Arsh and 1 url for antiviruse forr 2003 x6 windows? :D

thx all for support

[mcbigmac]

Somehow seriously doubt someone would write a keylogger and name the window application after a standard way of naming viruses by the big antiviral firms.

 

 

Unless it some botnet pack/script, which is more likely.

 

 

And your not going to get antiviral from simple non executables, aka noblesse ai.

Unless you ran or accepted something odd as well.

 

Logic.

 

 

Track the name, watch processes and win services for some weird processes or starts ups, remove them along with their logical location.

 

 

PS:

 

Most likely the sality pack that's being sold on more illegal fronts.

 

Any bigger AntiViral company has Server based antiviral software, however i doubt youll find some trial free stuff, since it's mostly sold business wise.