CastleCops® I need help on MIRT submissions and using MD5 (Newbie here)

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

I need help on MIRT submissions and using MD5 (Newbie here)

All -> FavForums -> MIRT Discussion

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

raylopez99

Cadet
Cadet

Joined: Apr 03, 2007
Posts: 8
Location: USA

Posted: Tue Apr 03, 2007 6:31 pm Post subject: I need help on MIRT submissions and using MD5 (Newbie here)

I have a .sys file called ip6fw.sys that I think is infected by a virus/trojan horse. So I need to know if it's a Genuine Windows Certificate file (because this file is often used by malware to hijack the firewall I understand). How can I .zip this file, include the MD5 checksum (I have a program to generate the MD5 checksum), and upload it to the Malware Listserv? Then will somebody check it to see if it's a genuine file or whether it's infected? Do I have to pay money (I don't mind paying a donation BTW)? A few step by step instructions would be very helpful, as this is my first post here. Thank you.

nosirrah

Security Expert
Special Response Team

Joined: Apr 19, 2006
Posts: 6301
Location: USA

Posted: Tue Apr 03, 2007 6:52 pm Post subject:

Quote:

I have a .sys file called ip6fw.sys that I think is infected by a virus/trojan horse. So I need to know if it's a Genuine Windows Certificate file (because this file is often used by malware to hijack the firewall I understand).

The first question is whether or not you can copy and paste the file . Often malware can prevent this (until we use the correct tools) . If you can copy and paste the file do so to your desktop and then zip it with the password "infected" . Create a new post here : CastleCops Link

/f81-Unknown_Files.html . I or one of my MIRT hunters will process it and give you our results . The MIRT listserv is for MIRT staff only , guests and non MIRT staff must use the unknown files forum .

7Zip : http://www.7-zip.org/ is my choice for zipping and password protecting files (its free as well) . Once 7zip is installed you can right click any file and zip it with 7zip . Choose the add to archive option and change the archive format from 7z to zip .

Quote:

Do I have to pay money (I don't mind paying a donation BTW)?

Castlecops does not pay us , we do this for the warm fuzzies and the experience . You can make a donation to Castlecops though .

If you can't copy this file then we can walk you through extracting it . There are tools that will cut through it like butter . Twisted Evil

	All -> FavForums -> MIRT Discussion	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 104ppm 0.170s (0.032s) Making cybercriminals unhappy since 2002*