MSN Virus

FoobyKamikaze · **Posted:** Sun Oct 05, 2008 2:54 am

Oh, dear o.o;;
I dun wanna' overload you D:

aj · **Joined:** Wed Jul 30, 2008 5:13 am **Posts:** 96

KitWiz4687 wrote:

Sigh...
I think I'm stretching myself a little far all over the place.
...

What the heck. My exams are over, I'll see what I can do...

Keldoth: Let's see... you're probably running Windows XP Media Center Edition on a laptop with an ATI video card. If it is a laptop, it's probably a Centrino platform (or at least uses an Intel wireless card)? You also have a Canon scanner, a HP printer, an iPod (or you use iTunes to play your music) as well as a PDA (Probably a Palm PDA). Chances are you also have a microsoft mouse and keyboard. You have installed an EA game, probably Battlefield 2142 or similar game with an online component, as well as Steam. You're also running WampServer.

Yes, that entire list was derived from your process listing. There's no obvious malicious process though, except for dllhost (which can act as a host for malicious programs) and whatever it's doing.

Other than looking at the ProcMon listing, do you know what message and links the virus sends out, and is it still happening even though you changed your password?

KitWiz4687 · **Joined:** Tue Sep 16, 2008 10:27 pm **Posts:** 99

Sorry AJ, ProcMon will put out thousands of lines of events so it is not possible to post the logs here...>.>

aj · **Joined:** Wed Jul 30, 2008 5:13 am **Posts:** 96

Good point. I assumed dllhost.exe wouldn't do a lot. Which could be true, but probably is false where he'd leave it running for about a minute. Out of curiosity, how many events did it log?

Edit: I fail at reading. The log file he'll save would contain all events, which would probably reach about 100,000 events in a minute. So, yes, too much to post. Gah. *resolves to be more careful next time*

Neybulot · **Posted:** Mon Oct 06, 2008 1:49 am

KitWiz4687 wrote:

Sorry AJ, ProcMon will put out thousands of lines of events so it is not possible to post the logs here...>.>

nopaste.org

aj · **Joined:** Wed Jul 30, 2008 5:13 am **Posts:** 96

Neybulot wrote:

KitWiz4687 wrote:

Sorry AJ, ProcMon will put out thousands of lines of events so it is not possible to post the logs here...>.>

nopaste.org

Which, considering that Keldoth has ~60 processes (+- a few), would kill it, because a 10 second capture with ~45 processes and active use produced ~40,000 events, which nopaste seems to be choking on right now...

Yep, it choked:

nopaste.org wrote:

Error

content too big (max 512KB)

Keldoth Wolfram Dekel · **Posted:** Mon Oct 06, 2008 10:53 pm

Yeah, me and Kit are currently wrestling with how to exchange a file of that size.

As for the messages, really, the only way to answer that would be to ask the people on my friends list.

Plus, to help avoid it, I've been constantly signing in as ghost, so I dunno, let's see if I can get the people on my contacts list here.

FoobyKamikaze · **Posted:** Mon Oct 06, 2008 11:54 pm

My friend did a system restore (or something to that affect) and it's seemed to go away for now, so...

RobbieThe1st · **Posted:** Mon Oct 06, 2008 11:54 pm

Keldoth Wolfram Dekel wrote:

Yeah, me and Kit are currently wrestling with how to exchange a file of that size.

As for the messages, really, the only way to answer that would be to ask the people on my friends list.

Plus, to help avoid it, I've been constantly signing in as ghost, so I dunno, let's see if I can get the people on my contacts list here.

Take the text file, zip it up, and upload it to some file-hosting site.
Simple.

-RobbieThe1st

KitWiz4687 · **Joined:** Tue Sep 16, 2008 10:27 pm **Posts:** 99

I may as well make my upload manager since it'll work kinda like ThinSlice Upload when I'm done.

Barth · **Posted:** Thu Oct 09, 2008 9:59 pm

If the file is under 5 gigs just use this site hurr:

http://www.filedropper.com/

Twokinds ARCHIVE Forums

MSN Virus

Who is online