[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box

To: Petr Stetiar <ynezz@xxxxxxxxxxx>
Subject: Re: [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box
From: "Suhail Muhammed" <smuhammed@xxxxxxxxxx>
Date: Sun, 14 Sep 2003 17:00:50 -0400

OPTIX Trojan

http://www.annoyances.org/exec/forum/win2000/t1054107806



                                                                                
                                                  
                    Petr Stetiar                                                
                                                  
                    <ynezz@xxxxxxxxxxx>                 To:     
full-disclosure@xxxxxxxxxxxxxxxx                                  
                    Sent by:                            cc:                     
                                                  
                    full-disclosure-admin@lists.        Subject:     
[Full-Disclosure] [TROJAN Win32] Can't identify trojan found 
                    netsys.com                          on Win98SE box          
                                                  
                                                                                
                                                  
                                                                                
                                                  
                    09/14/2003 03:57 PM                                         
                                                  
                    Please respond to Petr                                      
                                                  
                    Stetiar                                                     
                                                  
                                                                                
                                                  
                                                                                
                                                  




Hi ALL,

I've found one trojan horse or whatever it is on one Win98SE box today.
I tried to find some info about it on google but didn't found anything.

This file was found in C:\Windows\System directory.
There were 2 unknown files to me actualy: msi2xec16.exe and mpldfg.exe
(both same size and content, verified by MD5)

You can download this file here:

http://takjo.net/mpldfg.exe-

win.ini
----------cut--------------
run=C:\WINDOWS\SYSTEM\MSI2XEC16.EXE
----------cut--------------

The same path was found also in registry under RUN key, if someone wants
full
key I can post it later.


I'm just curious what kind of trojan it is, because I dont have motivation
to do anything on m$ powered "OS", but maybe someone...



Cheers,

Petr

--
     (__)
--------------------------+------------------------------------------`
     (@@)  ynezz[at]hysteria[dot]sk | Customer: "I'm running WindowsXP
SP39g"  |
 /----\/  - * - * - * - * - * - * - | Tech: "Yes"
|
| |  ||    irc://ynezz@ircnet       | Customer: "My computer isn't working
now"|
* ||-||    icq: 923432434           | Tech: "Yes, you said that"
|
  ^^ ^^
----------------------------+------------------------------------------'

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: SV: [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box
Next by Date: Re: [Full-Disclosure] RE: Computer Sabotage by Microsoft
Previous by thread: [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box
Next by thread: [Full-Disclosure] IIS6 Security Issues
Index(es):
- Date
- Thread