Full Disclosure mailing list archives
RE: Possible New Malware....
From: "Kane Lightowler" <Kane () contentsecurity com au>
Date: Tue, 24 Aug 2004 18:45:19 +1000
Trend Micro detects this as WORM_RORON.C Regards, Kane -----Original Message----- From: full-disclosure-admin () lists netsys com on behalf of Aditya , ALD [ Aditya Lalit Deshmukh ] Sent: Tue 24/08/2004 1:03 AM To: Full-Disclosure@Lists. Netsys. Com Cc: Subject: [Full-Disclosure] Possible New Malware.... Hi List, Possible new malware makes startup entries and copies itself to the windows folder this is where it was found, creates a CurruntPowerProfile reg startup key with a value of Rundll32.exe,powrprof.dll,LoadCurrentPwrScheme2.exe cant find anything else that it is doing except that it is written in VB anyone willing to have a look at it ? the files are attached as they are just ~ 40 KB -aditya ( simply ren *.txt to *.exe )
Current thread:
- Possible New Malware.... Aditya , ALD [ Aditya Lalit Deshmukh ] (Aug 23)
- RE: Possible New Malware.... Kane Lightowler (Aug 24)
- RE: Possible New Malware.... Ron DuFresne (Aug 24)
- <Possible follow-ups>
- RE: Possible New Malware.... Aditya , ALD [ Aditya Lalit Deshmukh ] (Aug 24)
- RE: Possible New Malware.... Harlan Carvey (Aug 24)
- Re: Possible New Malware.... Valdis . Kletnieks (Aug 24)
- RE: Possible New Malware.... Harlan Carvey (Aug 24)
- RE: Possible New Malware.... Kane Lightowler (Aug 24)