DLSS Posted March 5, 2008 Share Posted March 5, 2008 yeah i got sent a link to this exe by someone who's clearely been infected with a msn virus seeing i got this message while she was in offline mode and doesnt speak english : (6:15:19 PM) [(F)Sanne... [Christophe(K)...: http://photo.msn.isuisse.com/?photo=dlss2smart (6:15:20 PM) [(F)Sanne... [Christophe(K)...: your photos are published on this site :S i dloaded it n did a scan but weirdly enough it passes the av test ... ofcoarse i'm not stupid enough to execute it , but am rly wondering what it'd do , anyone got a sandbox or vc to test it in ? peace, DLSS update : yeah as if it wasnt obvious enough she was infected i now got this XD (6:39:04 PM) [(F)Sanne... [Christophe(K)...: enlarge your penis almost 4 free !! look at htdo not click thistp://wdo not click thisww.124rhsaf.com (6:39:04 PM) [(F)Sanne... [Christophe(K)...: enlarge your penis almost 4 free !! look at htdo not click thistp://wdo not click thisww.124rhsaf.com (6:39:04 PM) [(F)Sanne... [Christophe(K)...: enlarge your penis almost 4 free !! look at htdo not click thistp://wwdo not click thisw.124rhsaf.com (i added the do not click this ) someone's gonna get kicked off of my msn list ... Quote Link to comment Share on other sites More sharing options...
deleted Posted March 5, 2008 Share Posted March 5, 2008 I did a Scan with SuperScan (uses the engines of several AV's), and it says it has "HackTool.A". Quote Link to comment Share on other sites More sharing options...
digip Posted March 5, 2008 Share Posted March 5, 2008 See ----> http://www.virustotal.com/analisis/f0b1a3d...c00398d845d8ca3 and http://info.prevx.com/aboutprogramtext.asp...9E3BB0061283314 edit: Just ran it and it creates two files. Image.jpg and Services.exe http://www.twistedpairrecords.com/digip/virusCrap1.jpg[/img] Files it creates, I put them in a rar file: http://www.twistedpairrecords.com/digip/crapola1.rar Scan of the exe file it created: http://www.virustotal.com/analisis/25deda6...4a2e390b193ad03 Quote Link to comment Share on other sites More sharing options...
K1u Posted March 5, 2008 Share Posted March 5, 2008 Spammers, always trying to find new ways to annoy people. Quote Link to comment Share on other sites More sharing options...
snakey Posted March 6, 2008 Share Posted March 6, 2008 open it in a vm Quote Link to comment Share on other sites More sharing options...
DLSS Posted March 6, 2008 Author Share Posted March 6, 2008 I did a Scan with SuperScan (uses the engines of several AV's), and it says it has "HackTool.A". hm weird my avast didnt give a kick ... See ----> http://www.virustotal.com/analisis/f0b1a3d...c00398d845d8ca3 and http://info.prevx.com/aboutprogramtext.asp...9E3BB0061283314 edit: Just ran it and it creates two files. Image.jpg and Services.exe http://www.twistedpairrecords.com/digip/virusCrap1.jpg[/img] Files it creates, I put them in a rar file: http://www.twistedpairrecords.com/digip/crapola1.rar Scan of the exe file it created: http://www.virustotal.com/analisis/25deda6...4a2e390b193ad03 thnx m8 i'll check tht out right now :p *upd8* hey you reckon the guy in the jpg is the creater ? Quote Link to comment Share on other sites More sharing options...
digip Posted March 6, 2008 Share Posted March 6, 2008 I did a Scan with SuperScan (uses the engines of several AV's), and it says it has "HackTool.A". hm weird my avast didnt give a kick ... See ----> http://www.virustotal.com/analisis/f0b1a3d...c00398d845d8ca3 and http://info.prevx.com/aboutprogramtext.asp...9E3BB0061283314 edit: Just ran it and it creates two files. Image.jpg and Services.exe http://www.twistedpairrecords.com/digip/virusCrap1.jpg[/img] Files it creates, I put them in a rar file: http://www.twistedpairrecords.com/digip/crapola1.rar Scan of the exe file it created: http://www.virustotal.com/analisis/25deda6...4a2e390b193ad03 thnx m8 i'll check tht out right now :p Yea, the services.txt file is the executable. Do Not Run It locally! But go ahead and disect it or VM it if you want to see what its doing. I just got a new pc, so I still need to reinstall Windows in a VM to test the file. Best thign is to wireshark it and see what its trying to conenct to on the internet and see if you can get its logon and password to the site its trying to reach. Quote Link to comment Share on other sites More sharing options...
nicatronTg Posted March 10, 2008 Share Posted March 10, 2008 Because Windows hides the extension for known file types, the file is named services.txt.exe. So I suggest you disable this option (like me) Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted March 10, 2008 Share Posted March 10, 2008 Because Windows hides the extension for known file types, the file is named services.txt.exe. So I suggest you disable this option (like me)um.. no I believe he renamed it .txt to protect noobs from running it Quote Link to comment Share on other sites More sharing options...
MrNaysayer Posted March 10, 2008 Share Posted March 10, 2008 I clicked the link. There was penus. o.o Quote Link to comment Share on other sites More sharing options...
digip Posted March 10, 2008 Share Posted March 10, 2008 I clicked the link. There was penus. o.o ? Quote Link to comment Share on other sites More sharing options...
nicatronTg Posted March 13, 2008 Share Posted March 13, 2008 I clicked the link. There was penus. o.o I wonder why they put "do not click this" into the link... Quote Link to comment Share on other sites More sharing options...
darkjoker Posted March 17, 2008 Share Posted March 17, 2008 I have a question that is a little off topic, but i just recently started using sandboxie and was wondering if i can load a different os in it? Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted March 17, 2008 Share Posted March 17, 2008 I have a question that is a little off topic, but i just recently started using sandboxie and was wondering if i can load a different os in it?what do you mean? Quote Link to comment Share on other sites More sharing options...
deleted Posted March 17, 2008 Share Posted March 17, 2008 I have a question that is a little off topic, but i just recently started using sandboxie and was wondering if i can load a different os in it? No, it integrates with your Windows Installation. You Would have to use a Virtual Machine. Quote Link to comment Share on other sites More sharing options...
digip Posted March 17, 2008 Share Posted March 17, 2008 No, it integrates with your Windows Installation. You Would have to use a Virtual Machine. QFE! Everything that runs in Sandboxie does so by making a shadow registry and path environment. Also, it tries to isolate running code in memory. It has no way to load an OS, just programs based on the current OS its running inside of since it mimics windows reg and folder layout. You would need a hypervisor to load a full OS like Vmware, Microsoft Virtual PC, etc. Quote Link to comment Share on other sites More sharing options...
darkjoker Posted March 17, 2008 Share Posted March 17, 2008 do u know of any free Virtual Machines? Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted March 17, 2008 Share Posted March 17, 2008 http://www.microsoft.com/windows/products/...c/overview.mspx beer http://www.vmware.com/ speech Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.