Full Disclosure mailing list archives
RE: Possible New Malware....
From: "Kane Lightowler" <Kane () contentsecurity com au>
Date: Tue, 24 Aug 2004 18:45:19 +1000
Trend Micro detects this as WORM_RORON.C
Regards,
Kane
-----Original Message-----
From: full-disclosure-admin () lists netsys com on behalf of Aditya , ALD [ Aditya Lalit Deshmukh ]
Sent: Tue 24/08/2004 1:03 AM
To: Full-Disclosure@Lists. Netsys. Com
Cc:
Subject: [Full-Disclosure] Possible New Malware....
Hi List, Possible new malware makes startup entries and copies itself to the windows folder this is where it
was found, creates a CurruntPowerProfile reg startup key with a value of
Rundll32.exe,powrprof.dll,LoadCurrentPwrScheme2.exe cant find anything else that it is doing except that it is written
in VB anyone willing to have a look at it ? the files are attached as they are just ~ 40 KB -aditya ( simply ren *.txt
to *.exe )
Current thread:
- Possible New Malware.... Aditya , ALD [ Aditya Lalit Deshmukh ] (Aug 23)
- RE: Possible New Malware.... Kane Lightowler (Aug 24)
- RE: Possible New Malware.... Ron DuFresne (Aug 24)
- <Possible follow-ups>
- RE: Possible New Malware.... Aditya , ALD [ Aditya Lalit Deshmukh ] (Aug 24)
- RE: Possible New Malware.... Harlan Carvey (Aug 24)
- Re: Possible New Malware.... Valdis . Kletnieks (Aug 24)
- RE: Possible New Malware.... Harlan Carvey (Aug 24)
- RE: Possible New Malware.... Kane Lightowler (Aug 24)