CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

I have a pretty good idea what these files do

 
Post new topic   Reply to topic       All -> FavForums -> Unknown Files [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
Techie-Micheal

Cadet
Cadet


Joined: May 27, 2004
Posts: 6
Location: USA
PostPosted: Thu Jun 03, 2004 2:02 am    Post subject: I have a pretty good idea what these files do
Reply with quote

but I'd like more information if possible. My own rather simplistic analysis showed these files in the zip as files from the malware "Popper." I found little on google about popper. I do know that it attaches itself to IE in the registry under \Software\Microsoft\Internet Explorer\New Windows\ (along with a couple of others), connects to a website to download a .bin file, and downloads itself if it finds itself corrupted or cannot run for whatever the reason (freaky o_O), but that's about the extent of my analysis. What I am asking is anything else, such as dll files it creates, registry edits, and anything else I need to watch out for. I found these files on a computer at work. I got suspicious when these files would eat cpu everytime IE was launched or went to a website, and a popup window soon after came up.
Back to top
View users profile Send private message Visit posters website
Techie-Micheal

Cadet
Cadet


Joined: May 27, 2004
Posts: 6
Location: USA
PostPosted: Fri Jun 04, 2004 1:01 pm    Post subject:
Reply with quote

Nevermind, I found out the information I need. Thanks.
Back to top
View users profile Send private message Visit posters website
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Unknown Files All times are GMT
Page 1 of 1

 
Quick Reply:
Username: 

Quote the last message
Attach signature (signatures can be changed in profile)
 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
100ppm 0.277s (0.044s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer