Re: voblaizdupla.exe

From: Malke <notreally@xxxxxxxxxxxxxxx>
Date: Wed, 22 Mar 2006 13:54:30 -0800

mark.reinertson@xxxxxxxxx wrote:

Read it. Basic stuff.
I know how to deal with it. I want to know what EXACTLY it is, what it
does, how did it get there?

Did the internic thing,

inetnum: 81.177.3.0 - 81.177.3.255netname: BESTTEST-RUdescr:
besTTest - HW lab,descr: Moscow, Russiacountry:
RUadmin-c: AV1919-RIPEtech-c: AV1919-RIPEstatus:
ASSIGNED PAmnt-by: AS8342-MNTsource: RIPE # Filtered
person: Anatoliy Voroninaddress: BesTTest HardWare
Lab.address: 125364, Moscow, Russiaaddress: Norilskaya
str., 13Ae-mail: admin@xxxxxxxxxxxxxxxxx:
vandal@xxxxxxxxxxxxxxxxxx: phone: +7 095 5447337phone:
+7 495 5447337remarks: fax-no: +7 095
5447337fax-no:
+7 495 5447337nic-hdl: AV1919-RIPEsource: RIPE
#
Filteredremarks: modified for Russian phone area changes

Looks like a Russian Zombie Bot Master. My question would be "How did
he get his little file on my machine???"

Safe Hex:

http://www.wilderssecurity.com/showthread.php?t=27971 - So How Did I Get
Infected Anyway?
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP
Harry Waldron - The Family PC - How to stay safe on the Internet
http://www.spywarewarrior.com/rogue_anti-spyware.htm - Eric Howes on
Rogue Antispyware Programs
http://www.microsoft.com/security/protect/default.asp - Protect Your PC
http://www.cert.org/homeusers/HomeComputerSecurity/ - Home Computer
Security

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
.

References:
- voblaizdupla.exe
  - From: Frank
- Re: voblaizdupla.exe
  - From: mark . reinertson
- Re: voblaizdupla.exe
  - From: Malke
- Re: voblaizdupla.exe
  - From: mark . reinertson

Prev by Date: Re: voblaizdupla.exe
Next by Date: Re: Admin User Accounts - privilages lost
Previous by thread: Re: voblaizdupla.exe
Next by thread: Re: voblaizdupla.exe
Index(es):
- Date
- Thread

Relevant Pages

Re: finding records in my computer
... When you access that email using Firefox or Internet Explorer for the first time with any computer FF or IE may ask you if you want to save the password. ... If it was something like "My boss has been a jackass all day" then he needs to grow up, if it is something likely to "Damage" the company or is otherwise libelous then it is liable to go against you. ... Every webpage you visit is downloaded to a location on your hard drive, and with a little knowledge anyone can read those pages, and that includes web email. ... If your boss used a key-recorder on your work computer to get your email password, it would not show up on your home computer. ...
(microsoft.public.windows.vista.general)
Re: Making it Happen - Jason C
... Otherwise sound advise - a companies policies are ... using my home computer which has broadband ... >> to go to any internet site, ... I think the setup I'm trying to achieve is something ...
(microsoft.public.windowsxp.security_admin)
Re: Making it Happen - Jason C
... can call the help desk or tech support and report the problem. ... using my home computer which has broadband ... > to go to any internet site, ... I think the setup I'm trying to achieve is something similar ...
(microsoft.public.windowsxp.security_admin)
Re: Apple TV question
... Do you believe the Internet won't be a major distribution channel ... the home computer will be significant for the same reason it is ...
(comp.sys.mac.advocacy)
Re: system hijacked. being used as proxy server. how fix?
... Harry Waldron - The Family PC - How to stay safe on the Internet ... http://www.cert.org/homeusers/HomeComputerSecurity/ - Home Computer ... he should not connect the newly-clean box to the Internet ... until it has SP2 with the Windows Firewall and an av installed. ...
(microsoft.public.windowsxp.basics)