| View previous topic :: View next topic |
| Author |
Message |
DeadMan3000
Cadet
Joined: Jun 14, 2008
Posts: 1
Location: UK
|
 Posted: Sat Jun 14, 2008 9:00 pm Post subject: Virtumonde hiding itself from AV scanners |
|
|
Hi. New here. But I just had a brush with Virtumonde. Still trying to figure out if I have removed it all at present. However I think I caught it today from a dodgey warez file (I deserve what I get I guess).
It's on a public torrent site and comments reported it to have passed many AV scans (But you cannot trust people who make comments like that anyhow).
I was wondering about posting the link to the torrent so someone could take a look at it. Or would that be a rule violation?
|
|
| Back to top |
|
 |
nosirrah
Security Expert
Special Response Team
Joined: Apr 19, 2006
Posts: 6293
Location: USA
|
| Posted: Sat Jun 14, 2008 9:39 pm Post subject: |
|
|
If you do , do it one of these ways :
http://www.virustotal.com/
http://www.virustotal.com/
hxxp://www.virustotal.com/
Anything like this will make it so it cant be directly clicked .
|
|
| Back to top |
|
|
IP: 87.74.*.*
Guest
|
| Posted: Sat Jun 14, 2008 11:54 pm Post subject: |
|
|
I'm thinking that vundo was in the setup.exe file which is autoexecuted via the rar self executing file. If you rename the file to rar or zip and open it it shows the setup.exe file and the file that installs the application. You can install the application without setup.exe so that is why I believe that is the culprit. To prevent spreading 'warez' I am going to upload the setup.exe only to rapidshare renamed as vundo.vir and leave it to whomever wishes to look at it to rename it if they need to.
I'd be interested to know if this really is where I caught the trojan or not. Otherwise it is in the warezed application itself which I would prefer not to infringe further by distributing (Suddenly I have an attack of morals).
hxxp://rapidshare.de/files/39721981/vundo.vir.html
|
|
| Back to top |
|
|
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5741
|
|
| Back to top |
|
|
hjtuser
Cadet
Joined: Jun 23, 2008
Posts: 1
Location: USA
|
| Posted: Mon Jun 23, 2008 9:50 pm Post subject: vundo |
|
|
It can become disguised in practically any warez. I just got it embedded in ACAD 08.
Pesky little critter, although norton "cough" it, browser still fires up random pages -the notoriously fake security pages- so at least it's half there.
Oh btw, MS updates are fried too, can't get the Service to run but it could be unrelated to Vundo.
|
|
| Back to top |
|
|
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5741
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
