Unknown Malware found csdiv.dll

From: Sven Carstens (sven.carstens_at_blinker-links.de)
Date: 06/29/04

  • Next message: Jim Halfpenny: "Re: Unknown Malware found csdiv.dll"
    To: incidents@securityfocus.com
    Date: Tue, 29 Jun 2004 15:49:19 +0200
    
    

    Hi list,

    a friend of mine caught some really pain in the ass piece of malware.
    As I didn't find any references to it via google, I'm posting a link, so
    the real experts out there have a new toy to play with.

    Malware http://www.demoserver.de/csdiv.dll_malware

    The file itself is not found by AdAware. But it seems after getting
    started it drops some well known other parts which are recognized and
    removed by AdAware.

    The csdiv.dll is started on starting IE via an url like
    res://csdiv.dll/index.html#

    Anyway I didn't find the injection point in the registry and searching all
    files on disk for the dll name brought nothing at all.
    What it found was some logfiles, dated on 2004-06-28 (same date as the dll).
    These seem to be some installer logfiles.

    Logfile http://www.demoserver.de/logfile_malware

    CU Sven


  • Next message: Jim Halfpenny: "Re: Unknown Malware found csdiv.dll"

    Relevant Pages

    • Re: What would cause spam to just pop up on the screen
      ... Run AdAware to clean-up known crap. ... Then check DLL injection hack as well as processes. ... >of spam, I also run an antivirus program. ...
      (microsoft.public.win2000.general)
    • IE6 Delay Fix & Follow-up
      ... Both Spybot and Adaware have options to review what has ... displaying the DLL filename, ... items for that DLL. ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: Adware Removal - WUInst.dll
      ... As far as the .dll ... >>which downloaded file it came with since I rarely download anything that I ... > Make sure your AdAware is the latest SE version 1.05. ... > See MVP Jim Eshelman's Spyware Quick Fix page at ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Unknown Malware found csdiv.dll
      ... do you know that they're "dropped" by this DLL? ... search the Registry for the DLL name? ... Searching all files on disk? ... > These seem to be some installer logfiles. ...
      (Incidents)
    • IadHide.dll in AdAware scan?
      ... When I run AdAware, in addition to the ocassional spyware ... that comes up, I also get this dll, ... I can run AdAware in "Safe" mode ...
      (microsoft.public.windowsxp.security_admin)