Jump to content
  • 0

WTFFFFF??? what is this.. Asap


Question

Recommended Posts

  • 0
Posted

Its not the noble maker npc

 

Plus you cant be infected with text documents and html files

 

 

 

 


Objects scanned: 14

Time elapsed: 2 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

  • 0
Posted

omg you have l2off server online!!!!

in this pc!

 

yes we do and running on the offline server we had logparser/msql and the server.

 

as for downloading files etc xryskom does it

  • 0
Posted

yes we do and running on the offline server we had logparser/msql and the server.

 

as for downloading files etc xryskom does it

 

he must not download files from this PC.. omg dude!

  • 0
Posted

http://translate.google.com/translate?hl=el&sl=ru&tl=en&u=http%3A%2F%2Fforum.ru-board.com%2Ftopic.cgi%3Fforum%3D27%26topic%3D11917

pfffff

 

any good translate???

 

технические детали 

 

Вирус, имеющий шпионский функционал — перехват ввода с клавиатуры (keylogger). Собранную информацию отправляет почтой по протоколу SMTP.

 

При старте выбрасывает (drops) в системный или временный каталог свою компоненту SYSLIB32.DLL размером 2615 байт.

 

При заражении дописывает себя в начало файла, изменяет имена секций PE заголовка на цифровые, в порядке возрастания.

 

Содержит зашифрованные строки:

 

Win32.HLLP.Kuku

<<<<<Hey, Lamer! Say "Bye-bye" to your data! >>>>>

Copyright © by Sector 

  • 0
Posted

http://www.eset.eu/encyclopaedia/win32_sality_t_virus_w32_sality_y_inf_sality_p?lng=en

 

"WIN32.HLLP.KUKU" its just a fake,the real "virus" behind it its the sality.t "Win32/Sality.T"

and seems to be done by some russian,

 

Information stealing
Win32/Sality.T is a virus that steals sensitive information.

The following information is collected:

    * user name
    * computer name
    * malware version

more...

    * user name
    * computer name
    * malware version
    * computer IP address
    * operating system version
    * list of disk devices and their type
    * RAS accounts
    * recently visited URLs

under...
The data is saved in the following file:

    * %system%\TFTempCache

The virus sends the information via e-mail. The virus uses the following SMTP server:

    * msx.mail.ru

The sender address is one of the following:

    * CyberMazafaka@mailru.com

The recipient address is one of the following:

    * sector2007@list.ru
    * bespontovij@list.ru

The name of the attached file is following:

    * readme.tjc
    * TFTempCache.tjc

  • 0
Posted

http://translate.google.com/translate?hl=el&sl=ru&tl=en&u=http%3A%2F%2Fforum.ru-board.com%2Ftopic.cgi%3Fforum%3D27%26topic%3D11917

pfffff

 

any good translate???

 

технические детали 

 

Вирус, имеющий шпионский функционал — перехват ввода с клавиатуры (keylogger). Собранную информацию отправляет почтой по протоколу SMTP.

 

При старте выбрасывает (drops) в системный или временный каталог свою компоненту SYSLIB32.DLL размером 2615 байт.

 

При заражении дописывает себя в начало файла, изменяет имена секций PE заголовка на цифровые, в порядке возрастания.

 

Содержит зашифрованные строки:

 

Win32.HLLP.Kuku

<<<<<Hey, Lamer! Say "Bye-bye" to your data! >>>>>

Copyright © by Sector 

technical details

 

The virus, which has the spy functionality - intercepting keystrokes (keylogger). The collected information is sent by mail using SMTP.

 

At startup throws (drops) in the system temporary directory or its component SYSLIB32.DLL size of 2615 bytes.

 

Upon infection, appends itself to the beginning of the file, change the names of the sections of PE header to digital, in ascending order.

Contains the encrypted string:

 

Win32.HLLP.Kuku

<<<<< Hey, Lamer! Say "Bye-bye" to your data!>>>>>

Copyright © by Sector

  • 0
Posted

Somehow seriously doubt someone would write a keylogger and name the window application after a standard way of naming viruses by the big antiviral firms.

 

 

Unless it some botnet pack/script, which is more likely.

 

 

And your not going to get antiviral from simple non executables, aka noblesse ai.

Unless you ran or accepted something odd as well.

 

Logic.

 

 

Track the name, watch processes and win services for some weird processes or starts ups, remove them along with their logical location.

 

 

PS:

 

Most likely the sality pack that's being sold on more illegal fronts.

 

Any bigger AntiViral company has Server based antiviral software, however i doubt youll find some trial free stuff, since it's mostly sold business wise.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...