[Full-disclosure] Detours and Trojans
- From: "Tiago Halm" <thalm@xxxxxxxxxxx>
- Date: Wed, 22 Feb 2006 21:47:40 -0000
Detours is being used on trojans.
Just got one *sighs* and detours was making sure the processes could not be
the files were:
c:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
c:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll
c:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe -->
this file was 2k
c:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll
current user "Run" was mapped to ibm00003.exe above.
Unfortunatelly I deleted the files (in case anyone was interested), because
google did not show much info on this and I didn't know much more of what to
did some strings on the files above and showed http posts (uploads) of some
sorry I don't have any more information. don't remember.
anyone saw this already?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-Disclosure] Insecurity in Finnish parlament (computers)
- Next by Date: Re: [Full-disclosure] update on the linux worm
- Previous by thread: RE: [Full-disclosure] Mozilla Thunderbird : Remote Code Execution& Denial of Service
- Next by thread: Re: [Full-disclosure] Detours and Trojans