|
 Tablet
Premium
join:2003-01-15
Czech
| Re: New DC ++ Version : Watch out Yes, that's the file..
btw.. I submitted the file cserv32.exe to Kaspersky for analysis, we'll see what they're going to come up with. But definitely the file hosted at download.com is different from the files hosted at official DC++ sourceforge mirrors.. | |
|
 | psloss
Premium
join:2002-02-24
Alpharetta, GA
| Re: New DC ++ Version : Watch out said by Tablet  :btw.. I submitted the file cserv32.exe to Kaspersky for analysis, we'll see what they're going to come up with. But definitely the file hosted at download.com is different from the files hosted at official DC++ sourceforge mirrors.. For what it's worth, the EXE doesn't seem to be packed and indicates it was linked with VC++ 7.1 (timestamp says 15 Dec 2004); it also has this project/PDB string in it:
c:\Documents and Settings\Fredrik\Skrivbord\trapp2\trapp\Release\trapp.pdb
There is also a reference to the ouapcker.exe file and what looks like the contents of a batch file for self-deleting...
Just taking a break from sleeping, so I didn't let the installer go with an open outbound connection. When run that way, it doesn't seem to do anything explicit with the network, but I wasn't monitoring the I/O closely.
Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org | |
|
| | sinnah
join:2003-11-22
Lynchburg, VA | Re: New DC ++ Version : Watch out I've had this installed for a couple of weeks. I don't have the a file called cserv32.exe anywhere. | |
|
| | Proximo420
join:2005-02-11
Grand Prairie, TX
| It appears there has been an ongoing hack on Download.com . The versions of dc++ that have been downloaded from them are mostly all infected. This does seem to be an isolated attack on peeps that get DC++ from Download.com the virus is not attempting to harm the pc in any way it is however logging the ip of the user..... I am somewhat wondering if this isn't a way for the boys at sourcefourge to keep track of who is using their shit... Or could be a way to infect RIAA members or feds who knows.. I just thought it was odd that it hid itself with an ad bar....Could have been a way to get around the feds.
Now to my ? Most virus software has added this type report as a false positive. Problem is this is a virus... It plants the loader... Anyone have a suggestion on how to protect from this. | |
|
| Tablet
Premium
join:2003-01-15
Czech
| said by Tablet :btw.. I submitted the file cserv32.exe to Kaspersky for analysis, we'll see what they're going to come up with. This is the response I received from Kaspersky Labs:
quote:
Hello,
it is new trojan, it is added to next update.
Regards, Eugene
Kaspersky Lab
»www.kaspersky.com
»www.viruslist.com
> Attachment: cserv32.exe
| |
|
|
| (topic locked) |
|
