Virus detected!

Discussion in 'General Discussion' started by m1st, Aug 18, 2015.

  1. m1st

    m1st Well-Known Member Elite

    Messages:
    2,764
    Likes:
    1,736
    Ratio:
    1.71
    Hello guys. Yesterday i will check thread again and found virus. I am scared about some info. Soo please, who found some virus or etc. warn about it :P
    Code:
    Select All
    https://cracking.org/topic/75875-sqli-dumper-v8-new-version-produced-by-flash/page-7
     
  2. Fluxify

    Fluxify Basic Member

    Messages:
    969
    Likes:
    383
    Ratio:
    0.62
    It is infected. MusicDragon and I confirmed it.
     
    MusicDragon likes this.
  3. MusicDragon

    MusicDragon Basic Member

    Messages:
    402
    Likes:
    390
    Ratio:
    0.28
    This was the message I sent to Sneijder and Jacob.

    "Me and Fluxify have been looking a bit closer on "SQLi Dumper v8.0" and first of all, "Flash" the author of sqli dumper never released a version 8.0. His latest release was 7.7. Then a Quick virustotal scann shows this.

    https://www.virustotal.com/en/file/ada3f7924e51055e0d27ef17bc78d8ac7898a89487c29acb25985f1b3e975e47/analysis/1439406117/#additional-info
    Fluxify took a closer look in to the file and found out that it drops a file in either of these locations.

    C:\Program Files (x86)\Mozilla Firefox\Ask Toolbar Firefox.exe
    C:\Program Files\Mozilla Firefox\Ask Toolbar Firefox.exe

    Filenames
    Ask Toolbar Firefox.exe
    22.exe
    Ask Toolbar Chrome.exe

    The original name is the 22.exe

    https://www.virustotal.com/en/file/e4536059749871614abc0970ffc4910483aece65563e37ea3f6e2ef91f74e8b5/analysis/

    And here we can see that it redicts to a DNS (downloadmanager.gotdns.ch)

    I'm 95% Sure this is a RAT or a Keylogger. Most likely a RAT.
    You really need to delete this thread and ban microsoft (I would guess this program is made by microsoft since it's reefered to as "Thanks to Microsoft")

    https://cracking.org/topic/75875-sqli-dumper-v8-new-version-produced-by-flash/

    ~Regards MusicDragon and Fluxify"
     
    m1st and Tarwin like this.
  4. MusicDragon

    MusicDragon Basic Member

    Messages:
    402
    Likes:
    390
    Ratio:
    0.28
    I went back to read some old posts on that thread, this made me laugh lol.


    [​IMG]
     
  5. m1st

    m1st Well-Known Member Elite

    Messages:
    2,764
    Likes:
    1,736
    Ratio:
    1.71
    i am trusted, because see this post lol
     
  6. m1st

    m1st Well-Known Member Elite

    Messages:
    2,764
    Likes:
    1,736
    Ratio:
    1.71
    Some what i see :)
    Some shit need delete here

    HKU\​S-1-5-21-842925246-1425521274-308236825-500\​Software\​Microsoft\​Windows\​CurrentVersion\​Run

    Ask Toolbar Firefox

    C:\​Program Files\​Mozilla Firefox\​Ask Toolbar Firefox.lnk
    +.exe
    and chrome

    HKU\​S-1-5-21-842925246-1425521274-308236825-500\​Software\​Microsoft\​Windows\​CurrentVersion\​Run

    Ask Toolbar Chrome

    C:\​Program Files\​Google\​Chrome\​Application\​Ask Toolbar Chrome.lnk
    +.exe
    Code:
    Select All
    https://anubis.iseclab.org/?action=result&task_id=17222d92feca66ac48917432159308c53&format=html
     

Share This Page