smitfraud creating fake registry entries??
- From: Runlevel0 <runlevel0@xxxxxxxxxxx>
- Date: Sun, 24 Sep 2006 12:23:45 +0200
Hey group,
I have just begun to post here (new ISP, new news server).
My intention is to exchange information and help where I can.
I am also registered in the Hijackthis forums (german) and work as a TS
agent at a Dutch firm. I actually love helping ppl, it's my second nature.
Here is one bit of info I would like to discuss:
I have been seeing lot's of variants of Smitfraud during my daily work.
There aren particularly difficult to remove, even w/o tools (I have seen
insofar: spysheriff, spyquake, virusbust, win antivirus pro 2006, winfixer
and pest trap).
What I noticed is that you can find at least two or three entries related to
other trojan/viruses in the registry, sometimes quite strange ones, as they
are unusual or even old (sasser, sober, mydoom).
When you try to search those critters in the filesystem you wont normally be
able to find them, even using DIR [filename] /a
Looking the files up in the quarantine of the AV is normally also negative.
My theory is that those entries are put there by smitfraud itself
to mislead the legitime antivirus and the user so that he thinks he actually
needs the paid version of the rogue scanner.
Have any of you some info on this?
.
- Follow-Ups:
- Re: smitfraud creating fake registry entries??
- From: David H. Lipman
- Re: smitfraud creating fake registry entries??
- Prev by Date: Re: Boot Sector virus
- Next by Date: Keeping yourself safe from identity thieves
- Previous by thread: Broadband and security question
- Next by thread: Re: smitfraud creating fake registry entries??
- Index(es):
Relevant Pages
|
