Share it, If possible the browser configuration and Temp files in Browser also.
Cheers, 0xN41K On Dec 7, 5:37 pm, kura narin <[email protected]> wrote: > i could give you the information what all it devloped > it created a something like ND*.dat file of the user > and it created a csrss.dll file and it created many more files from in user > folder with tlp extension > > > > > > On Wed, Dec 7, 2011 at 7:12 PM, Srinivas Naik <[email protected]> wrote: > > Thats good Narin that AV has removed it. > > > By the way I was planning to extract more info on it from your machine. I > > wish to torture it by forcefully collecting the info. > > > Finally you got rid of that Malware. > > > Cheers, > > 0xN41K > > > On Wed, Dec 7, 2011 at 11:23 AM, kura narin <[email protected]> wrote: > > >> hi all I got a solution for that > >> combofix is the one which could delete it from the root directly > >> if any one face this problem please suggest them that combo fix tool :-) > > >> On Mon, Dec 5, 2011 at 8:00 PM, kura narin <[email protected]> wrote: > > >>> Hi please find the Attachments of the Logs I created and help me to get > >>> rid of that virus > > >>> On Sat, Dec 3, 2011 at 5:13 PM, kura narin <[email protected]> wrote: > > >>>> yeah thank you for your response as soon as i get the logs i will send > >>>> them to all and I am also trying for a solution > >>>> I have observed that he is changing code of HTML pages and leaving the > >>>> Title as the Search command which we enter changing the Redirect location > >>>> in the Frame set tags of HTML pages > > >>>> On Sat, Dec 3, 2011 at 4:39 PM, Jonathan Lieberman > >>>> <[email protected]>wrote: > > >>>>> just randomly found this thread through a google search.... I just got > >>>>> the same bit of nasty malware. new computer, hadn't loaded any virus > >>>>> protection and malware protection till a few days after I bought it... > >>>>> looks like it's something new that's going around because I've seen a > >>>>> few other new posts about it. Will update if I find something to > >>>>> remove it. > > >>>>> On Dec 2, 9:35 pm, Srinivas Naik <[email protected]> wrote: > >>>>> > Hi Narin, > > >>>>> > Follow below instructions > >>>>> > 1. Copy and Paste below 3 lines in file "*malcop.cmd*" > > >>>>> > echo Collecting Startup and Process list... > >>>>> > wmic startup get caption,command,location /format:list > > >>>>> startup_log.txt > >>>>> > wmic process get > > >>>>> Name,Description,CommandLine,ProcessId,ParentProcessId,ExecutablePath,ThreadCount,Handle,HandleCount > >>>>> > /format:list > process_log.txt > >>>>> > echo Files Startup_log.txt and Process_log.txt Created...... > > >>>>> > 2. Attach the files generated startup_log.txt and process_log.txt to > >>>>> this > >>>>> > thread > > >>>>> > Lets analyze the malware and sort out the issue. > > >>>>> > Dont Worry ..... Trust MalCop :) > > >>>>> > Cheers, > >>>>> > 0xN41K > > >>>>> > On Fri, Dec 2, 2011 at 6:15 PM, narin <[email protected]> wrote: > >>>>> > > Hi All > >>>>> > > I have a big problem with my office computer > >>>>> > > my all browsers got effected with some virus i think so > >>>>> > > when ever I am trying to Open any website in search engine > >>>>> > > i am getting connected to the kozanekozasearchsystem.com website > >>>>> and > >>>>> > > getting redirected to the > >>>>> > > random website or random blogs, > >>>>> > > When i Used firebug just whats happening i observed that virus > >>>>> > > introducing some code > >>>>> > > with title as our typed text and > >>>>> > > in the Frameset Redirecting to the that website > >>>>> > > and to go to the desired website of mine i need to click enter on > >>>>> the > >>>>> > > Address bar again. > >>>>> > > Please help me > > >>>>> > > Thank you > >>>>> > > Narin > > >>>>> > > -- > >>>>> > > You received this message because you are subscribed to the Google > >>>>> Groups > >>>>> > > "nforceit" group. > >>>>> > > To post to this group, send an email to [email protected]. > >>>>> > > To unsubscribe from this group, send email to > >>>>> > > [email protected]. > >>>>> > > For more options, visit this group at > >>>>> > >http://groups.google.com/group/nforceit?hl=en-GB. > > >>>>> -- > >>>>> You received this message because you are subscribed to the Google > >>>>> Groups "nforceit" group. > >>>>> To post to this group, send an email to [email protected]. > >>>>> To unsubscribe from this group, send email to > >>>>> [email protected]. > >>>>> For more options, visit this group at > >>>>>http://groups.google.com/group/nforceit?hl=en-GB. > > >>>> -- > >>>> Thanks and Regards, > > >>>> K.N.NARIN. > > >>>> Oracle Certified Professional,Java SE 6 programmer(SCJP 6) > > >>>> Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) > > >>>>http://lifetechnology-narin.blogspot.com/ > > >>> -- > >>> Thanks and Regards, > > >>> K.N.NARIN. > > >>> Oracle Certified Professional,Java SE 6 programmer(SCJP 6) > > >>> Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) > > >>>http://lifetechnology-narin.blogspot.com/ > > >> -- > >> Thanks and Regards, > > >> K.N.NARIN. > > >> Oracle Certified Professional,Java SE 6 programmer(SCJP 6) > > >> Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) > > >>http://lifetechnology-narin.blogspot.com/ > > >> -- > >> You received this message because you are subscribed to the Google Groups > >> "nforceit" group. > >> To post to this group, send an email to [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]. > >> For more options, visit this group at > >>http://groups.google.com/group/nforceit?hl=en-GB. > > > -- > > You received this message because you are subscribed to the Google Groups > > "nforceit" group. > > To post to this group, send an email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > >http://groups.google.com/group/nforceit?hl=en-GB. > > -- > Thanks and Regards, > > K.N.NARIN. > > Oracle Certified Professional,Java SE 6 programmer(SCJP 6) > > Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) > > http://lifetechnology-narin.blogspot.com/- Hide quoted text - > > - Show quoted text - -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
