Suspicious File Ino6.exe[solved]
Hi there:
I'm submitting this file that is spreading via autorun.inf. Bitdefender 2008 (updated today 2008/03/25) wasn't able to detect it as malware or anything alike.
It seems that it tries to write keys in the registry automatically and disables showing hidden files and protected system files.
the password is:
infected
Greetings from Mexico
Gil
Here is another file that creates when this thing infects the system. This file is on %systemroot%\system32 folder.
The password is:
infected
Help because i was careless and got myself infected 
It cannot be detect running with task manager neither with sysinternals process explorer. (I know it is running because it doesn't allows me to change the setting 'show hidden files and folders' neither 'show protected system files'
Ok I'm doing more research about this annoying freaking files. It seems that it registers the next files (see the attatchment):
amvo0.dll
amvo1.dll
I used sysinternals process monitor and it seems that amvo1 is "running" (i.e. loaded) within explorer.exe; I noticed that because explorer.exe was the process that is constantly refreshing the HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
Key value to '2'. This action efectively disables the ability to show hidden files.
The password for the zip is again:
infected
Regards.
PS. I found this information 'googling' for the files:
http://mssadik73.blogspot.com/2008/01/dcom-virus.html
Thanks a lot
Comments
-
thanks for samples
0
