Trojan Undetected

From: onepercentertracker (onepercentertracker_at_yahoo.com)
Date: 02/23/04

• Next message: onepercentertracker: "Re: Huge vulnerability in Zone Alarm (all versions)"
• Previous message: Dazz: "Re: The top eight..."
• Next in thread: donutbandit: "Re: Trojan Undetected"
• Reply: donutbandit: "Re: Trojan Undetected"
• Reply: Mimic: "Re: Trojan Undetected"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 22 Feb 2004 23:33:10 -0800

>of course i dont use a real email address.
> this trojan was downloaded automatically from a web site (i use opera
> but opera is blameless).the web site i visited was a warez site and it first downloaded a 7k downloader trojan call small.download.h which AVG identified straight away. i turned off AVG and ran this 7k trojan to see what it would do.
it contacted a download site (casino stuff etc) and downloaded its big
brother called rem2c4.exe which connected to the same web site.
i didnt analayse the packets to see what it was sending.
funny thing is it rem2c4.exe wont run now. maybe it only runs at
certain times of the day.
AVG, ad-aware, spybot and EZ-AV were unable to identify it as harmful.
ill post it off as you recommend.

You can "NEVER" trust a warez website nor any website or newsgroup
which hackers list on Usenet since most are owned by malicious
hackers. The malicious hackers post in Security, Anti-Virus and
Hackers Newsgroups, Egroups and Message Boards along with Telnet IP
listings; to name a few. I exposed someone hackers website listing
where the hacker wanted to learn from and the files had four
Backdoors. Beware all if you want to learn how to hack. No AVG,
ad-aware or
spybot can protect you and PLEASE learn this.

Leythos wrote:

> In article <c10ii7$ppq$1@kestrel.csrv.uidaho.edu>,
> johns123xx@xxmudhole.com says...
> > It doesn't matter what you do. AdAware and Spybot
> > know all about the droppers .. and they do nothing.
> > Don't believe me? Go get Bargain Buddy and see if
> > AdAware or Spybot can remove it ... same exact
> > thing. Those programs are only removing part of the
> > problem .. so your system will be constantly reinfected.
>
> With Spybot Search and Destroy being a free application, you can't
> really complain about it.
>
> I find that SBS&D removes about 99.9% of the things home users get hit
> with. The rest of it is stuff they installed while not understanding
> what they were doing.
>
> If you know something about a "dropper" and are just here complaining,
> then how about a different track - post a note the the developer of
> SBS&D on his site and tell him about it. I'm sure that he will add it to
> the collection of almost 13,000 things SBS&D does handle.
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)

They sure as hell don't remove the Redwood Broker do they? I've only
found
five Google posts pertaining to the "Elite" hackers using the Redwood
Broker.

Visit my website at http://www.geocities.com/hacking_internet_secrets

Don't forget them VPNs, canceled Cable and DSL accounts with perpaid
phone
time.

Colonel Flagg wrote:

> In article <i1a730lfp66km39sl9ijii1ndpae1jp2vt@4ax.com>, sam1967
> @hetnet.nl says...
> > On Wed, 18 Feb 2004 16:13:10 GMT, Laura Fredericks
> > <anonomiss@CLOTHEShotmail.com> wrote:
> >
> > >-----BEGIN PGP SIGNED MESSAGE-----
> > >Hash: SHA1
> > >
> > >On Wed, 18 Feb 2004 12:55:37 +0000,
> > >"sam1967@hetnet.nl" <sam1967@hetnet.nl> wrote in post:
> > >>i turned off AVG and ran this 7k trojan to see what
> > >>it would do.
> > >
> > >Idiot.
> > >
> > Thanks Laura. Keep your informed posts coming.
> > Ever considered that some people are not as afraid of virii/trojans as
> > others and have enough analaysis tools to handle them and run them if
> > they are curious enough.
> >
> >
> >
>
> anyone that needs to ask "where to send it to" is by no means someone
> capable of doing proper analysis.
>
> --
> John Holstein,
> http://www.cotse.net
> A very unique privacy service, no other service
> compares. E-mail, Usenet, Anon Proxies, Web Hosting,
> and more. No one gives you more control over your
> e-mail than we do!
> http://www.cotse.net/servicedetails.html
>
> New Online Store:
> www.cotse.com/store

Why is that dude, this babe still needs help and I wrote a book about
Computers, the Internet and Hackers. Sorry you lead a boring life and
get
yourself a hobby.

Tracker

---

• Next message: onepercentertracker: "Re: Huge vulnerability in Zone Alarm (all versions)"
• Previous message: Dazz: "Re: The top eight..."
• Next in thread: donutbandit: "Re: Trojan Undetected"
• Reply: donutbandit: "Re: Trojan Undetected"
• Reply: Mimic: "Re: Trojan Undetected"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Time to ditch "SSCCE"? ... put it up on a website somewhere as a zip. ... before compiling and running it, ... Anything I have to download from a web site is pretty much completely ... (comp.lang.java.help) RE: superscan on win2k vs winxp ... On nmap.org you'll be able to download the latest nmap which is ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ... (Pen-Test) Re: Active Directory user enumeration ... Have you tried LDAP Browser (free download) from Softerra? ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ... (Pen-Test) Re: PHP and MySQL ... > I'm pentesting a web site and i get the following ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ... (Pen-Test) hopfake-2.0.BETA5 released ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ... Download Trial at: ... (Pen-Test)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)