Re: New DC ++ Version : Watch out

Author	All Replies
psloss Premium join:2002-02-24 Alpharetta, GA	reply to Tablet Re: New DC ++ Version : Watch out said by Tablet : btw.. I submitted the file cserv32.exe to Kaspersky for analysis, we'll see what they're going to come up with. But definitely the file hosted at download.com is different from the files hosted at official DC++ sourceforge mirrors.. For what it's worth, the EXE doesn't seem to be packed and indicates it was linked with VC++ 7.1 (timestamp says 15 Dec 2004); it also has this project/PDB string in it: c:\Documents and Settings\Fredrik\Skrivbord\trapp2\trapp\Release\trapp.pdb There is also a reference to the ouapcker.exe file and what looks like the contents of a batch file for self-deleting... Just taking a break from sleeping, so I didn't let the installer go with an open outbound connection. When run that way, it doesn't seem to do anything explicit with the network, but I wasn't monitoring the I/O closely. Philip Sloss -- Feedback? e-mail: stuff@lupwa.org
psloss Premium join:2002-02-24 Alpharetta, GA	to forum · permalink · · 2005-01-25 05:15:16 · (locked)
sinnah join:2003-11-22 Lynchburg, VA	I've had this installed for a couple of weeks. I don't have the a file called cserv32.exe anywhere.
sinnah join:2003-11-22 Lynchburg, VA	to forum · permalink · · 2005-01-25 08:42:22 · (locked)
Proximo420 join:2005-02-11 Grand Prairie, TX	reply to psloss It appears there has been an ongoing hack on Download.com . The versions of dc++ that have been downloaded from them are mostly all infected. This does seem to be an isolated attack on peeps that get DC++ from Download.com the virus is not attempting to harm the pc in any way it is however logging the ip of the user..... I am somewhat wondering if this isn't a way for the boys at sourcefourge to keep track of who is using their shit... Or could be a way to infect RIAA members or feds who knows.. I just thought it was odd that it hid itself with an ad bar....Could have been a way to get around the feds. Now to my ? Most virus software has added this type report as a false positive. Problem is this is a virus... It plants the loader... Anyone have a suggestion on how to protect from this.
Proximo420 join:2005-02-11 Grand Prairie, TX	to forum · permalink · · 2005-02-11 13:00:13 · (locked)


Sunday, 29-Nov 00:30:46	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF