i could give you the information what all it devloped it created a something like ND*.dat file of the user and it created a csrss.dll file and it created many more files from in user folder with tlp extension
On Wed, Dec 7, 2011 at 7:12 PM, Srinivas Naik <[email protected]> wrote: > Thats good Narin that AV has removed it. > > By the way I was planning to extract more info on it from your machine. I > wish to torture it by forcefully collecting the info. > > Finally you got rid of that Malware. > > Cheers, > 0xN41K > > On Wed, Dec 7, 2011 at 11:23 AM, kura narin <[email protected]> wrote: > >> hi all I got a solution for that >> combofix is the one which could delete it from the root directly >> if any one face this problem please suggest them that combo fix tool :-) >> >> >> On Mon, Dec 5, 2011 at 8:00 PM, kura narin <[email protected]> wrote: >> >>> >>> Hi please find the Attachments of the Logs I created and help me to get >>> rid of that virus >>> >>> >>> On Sat, Dec 3, 2011 at 5:13 PM, kura narin <[email protected]> wrote: >>> >>>> yeah thank you for your response as soon as i get the logs i will send >>>> them to all and I am also trying for a solution >>>> I have observed that he is changing code of HTML pages and leaving the >>>> Title as the Search command which we enter changing the Redirect location >>>> in the Frame set tags of HTML pages >>>> >>>> >>>> On Sat, Dec 3, 2011 at 4:39 PM, Jonathan Lieberman >>>> <[email protected]>wrote: >>>> >>>>> just randomly found this thread through a google search.... I just got >>>>> the same bit of nasty malware. new computer, hadn't loaded any virus >>>>> protection and malware protection till a few days after I bought it... >>>>> looks like it's something new that's going around because I've seen a >>>>> few other new posts about it. Will update if I find something to >>>>> remove it. >>>>> >>>>> On Dec 2, 9:35 pm, Srinivas Naik <[email protected]> wrote: >>>>> > Hi Narin, >>>>> > >>>>> > Follow below instructions >>>>> > 1. Copy and Paste below 3 lines in file "*malcop.cmd*" >>>>> > >>>>> > echo Collecting Startup and Process list... >>>>> > wmic startup get caption,command,location /format:list > >>>>> startup_log.txt >>>>> > wmic process get >>>>> > >>>>> Name,Description,CommandLine,ProcessId,ParentProcessId,ExecutablePath,ThreadCount,Handle,HandleCount >>>>> > /format:list > process_log.txt >>>>> > echo Files Startup_log.txt and Process_log.txt Created...... >>>>> > >>>>> > 2. Attach the files generated startup_log.txt and process_log.txt to >>>>> this >>>>> > thread >>>>> > >>>>> > Lets analyze the malware and sort out the issue. >>>>> > >>>>> > Dont Worry ..... Trust MalCop :) >>>>> > >>>>> > Cheers, >>>>> > 0xN41K >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > On Fri, Dec 2, 2011 at 6:15 PM, narin <[email protected]> wrote: >>>>> > > Hi All >>>>> > > I have a big problem with my office computer >>>>> > > my all browsers got effected with some virus i think so >>>>> > > when ever I am trying to Open any website in search engine >>>>> > > i am getting connected to the kozanekozasearchsystem.com website >>>>> and >>>>> > > getting redirected to the >>>>> > > random website or random blogs, >>>>> > > When i Used firebug just whats happening i observed that virus >>>>> > > introducing some code >>>>> > > with title as our typed text and >>>>> > > in the Frameset Redirecting to the that website >>>>> > > and to go to the desired website of mine i need to click enter on >>>>> the >>>>> > > Address bar again. >>>>> > > Please help me >>>>> > >>>>> > > Thank you >>>>> > > Narin >>>>> > >>>>> > > -- >>>>> > > You received this message because you are subscribed to the Google >>>>> Groups >>>>> > > "nforceit" group. >>>>> > > To post to this group, send an email to [email protected]. >>>>> > > To unsubscribe from this group, send email to >>>>> > > [email protected]. >>>>> > > For more options, visit this group at >>>>> > >http://groups.google.com/group/nforceit?hl=en-GB. >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "nforceit" group. >>>>> To post to this group, send an email to [email protected]. >>>>> To unsubscribe from this group, send email to >>>>> [email protected]. >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/nforceit?hl=en-GB. >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks and Regards, >>>> >>>> K.N.NARIN. >>>> >>>> Oracle Certified Professional,Java SE 6 programmer(SCJP 6) >>>> >>>> Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) >>>> >>>> http://lifetechnology-narin.blogspot.com/ >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> Thanks and Regards, >>> >>> K.N.NARIN. >>> >>> Oracle Certified Professional,Java SE 6 programmer(SCJP 6) >>> >>> Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) >>> >>> http://lifetechnology-narin.blogspot.com/ >>> >>> >>> >>> >> >> >> -- >> Thanks and Regards, >> >> K.N.NARIN. >> >> Oracle Certified Professional,Java SE 6 programmer(SCJP 6) >> >> Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) >> >> http://lifetechnology-narin.blogspot.com/ >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "nforceit" group. >> To post to this group, send an email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/nforceit?hl=en-GB. >> > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > -- Thanks and Regards, K.N.NARIN. Oracle Certified Professional,Java SE 6 programmer(SCJP 6) Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) http://lifetechnology-narin.blogspot.com/ -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
