Sample Submission

I am uploading the sample you asked for in a .Zip file.

Password is infected.

Link to the topic is : http://forum.bitdefender.com/index.php?showtopic=5201

P.S.: the files MAGIC.exe and ALI.exe you have asked for are files of a program that i use. though i have included the files but i thought u should know.

Here is the SDFix report.

SDFix: Version 1.171

Run by Administrator on Tue 04/15/2008 at 09:57 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\sdfix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-15 22:00:48

Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI

detected NTDLL code modification:

ZwClose

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:Remote Assistance"

"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"

"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:Remote Assistance"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Finished!

/applications/core/interface/file/attachment.php?id=1886" data-fileid="1886" rel="">Desktop.zip

Find more posts tagged with

Comments

snnygrover

ALso my spyware doctor picks up the malware when it tries to change my registry as BACKDOOR.AGENT.ARK

Niels

Hello sunnygrover,

Please update BitDefender and perform a deep scan. And post the scan report.

After you have done that please go to start,my computer,double click on the icon of your hard disk,open the windows folder,tasks, delete everything that begins with At. After you have done that please make a new hijack this and combo fix log.

Best regards

Niels