Re: New DC ++ Version : Watch out

Proximo420 join:2005-02-11 Grand Prairie, TX	reply to psloss Re: New DC ++ Version : Watch out It appears there has been an ongoing hack on Download.com . The versions of dc++ that have been downloaded from them are mostly all infected. This does seem to be an isolated attack on peeps that get DC++ from Download.com the virus is not attempting to harm the pc in any way it is however logging the ip of the user..... I am somewhat wondering if this isn't a way for the boys at sourcefourge to keep track of who is using their shit... Or could be a way to infect RIAA members or feds who knows.. I just thought it was odd that it hid itself with an ad bar....Could have been a way to get around the feds. Now to my ? Most virus software has added this type report as a false positive. Problem is this is a virus... It plants the loader... Anyone have a suggestion on how to protect from this.
	to forum · permalink · · 2005-02-11 13:00:13 · (locked)
sinnah join:2003-11-22 Lynchburg, VA	reply to psloss I've had this installed for a couple of weeks. I don't have the a file called cserv32.exe anywhere.
	to forum · permalink · · 2005-01-25 08:42:22 · (locked)
Tablet Premium join:2003-01-15 Czech	reply to Tablet said by Tablet : btw.. I submitted the file cserv32.exe to Kaspersky for analysis, we'll see what they're going to come up with. This is the response I received from Kaspersky Labs: quote: Hello, it is new trojan, it is added to next update. Regards, Eugene Kaspersky Lab »www.kaspersky.com »www.viruslist.com > Attachment: cserv32.exe
	to forum · permalink · · 2005-01-25 05:23:08 · (locked)
psloss Premium join:2002-02-24 Alpharetta, GA	reply to Tablet said by Tablet : btw.. I submitted the file cserv32.exe to Kaspersky for analysis, we'll see what they're going to come up with. But definitely the file hosted at download.com is different from the files hosted at official DC++ sourceforge mirrors.. For what it's worth, the EXE doesn't seem to be packed and indicates it was linked with VC++ 7.1 (timestamp says 15 Dec 2004); it also has this project/PDB string in it: c:\Documents and Settings\Fredrik\Skrivbord\trapp2\trapp\Release\trapp.pdb There is also a reference to the ouapcker.exe file and what looks like the contents of a batch file for self-deleting... Just taking a break from sleeping, so I didn't let the installer go with an open outbound connection. When run that way, it doesn't seem to do anything explicit with the network, but I wasn't monitoring the I/O closely. Philip Sloss -- Feedback? e-mail: stuff@lupwa.org
	to forum · permalink · · 2005-01-25 05:15:16 · (locked)
Tablet Premium join:2003-01-15 Czech	reply to Wildcatboy said by Wildcatboy : Is this the file you're talking about? »www.download.com/DC-/3000-2196_4···=lst-0-5 Yes, that's the file.. btw.. I submitted the file cserv32.exe to Kaspersky for analysis, we'll see what they're going to come up with. But definitely the file hosted at download.com is different from the files hosted at official DC++ sourceforge mirrors..
	to forum · permalink · · 2005-01-25 04:18:54 · (locked)
Wildcatboy Premium,Mod join:2000-10-30 Toronto, ON Host: Security Product V.. Security	reply to Franfreluche There's a mention of KAV in this thread but has anyone else scanned the file with any other AV? Is this the file you're talking about? »www.download.com/DC-/3000-2196_4···=lst-0-5 McAfee doesn't seem to detect anything. -- You can catch the Devil, but you can't hold him long.
	to forum · permalink · · 2005-01-24 22:14:57 · (locked)


Thursday, 26-Nov 08:46:10	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF