[Release]GreYFoX NoDC 1.141 Beta 2 (Memory Patch)

Quote:

Originally Posted by antares what you are not going to obtain is my PW!!;)

Quote:

Originally Posted by antares nformation about the Sohanad Worm(detected in Analysis of the file GreYFoX_NoDC_1.141_Beta_2_Memory_): Sohanad is a worm. The worm will infect Windows systems and spreads through Yahoo! Messenger, a popular instant messaging application. The worm arrives as a downloaded file via Yahoo! Messenger. Upon execution, this worm copies itself as SVHOST32.EXE and SVHOST.EXE in the Windows folder. The worm modifies registry at the following location to load itself during each startup. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRun It also creates the following registry keys to modify the settings of Yahoo! Messenger. HKEY_CURRENT_USERSoftwareYahoopagerViewYMSGR_buzz HKEY_CURRENT_USERSoftwareYahoopagerViewYMSGR_Launc hcast The worm also modifies the registry to disable Registry Editor and Task Manager. It also changes the Internet Explorer (IE) home page to; [Only registered and activated users can see links. Click Here To Register...] This worm propagates via Yahoo! Messenger by sending an instant message to all the contacts of an active user. This message contains a link to a remote copy of itself. When the recipient clicks the link, a copy of this worm is downloaded and executed on the recipients' system. The details of the message sent out by this worm are; Do you realize who is in this image: http://{BLOCKED}coolpics.net/who.jpg . Just think for a moment and tell me soon ;)) :D who is beside you in this pic [Only registered and activated users can see links. Click Here To Register...] so good-looking :( the page cannot be displayed http://{BLOCKED}coolpics.net/error.jpg Something was wrong !!! Check it again and tell me later. THanks Images shot in Iraq _ The war will never end http://{BLOCKED}coolpics.net/Iraqwar.jpg << :( Miss World 2006: http://{BLOCKED}coolpics.net/MissWorld.jpg !! << oh my god , i've won a 20000 usd lottery :O http://{BLOCKED}coolpics.net/mylottery.jpg << It also attempts to connect to the following website to download and execute some malicious files. http://{BLOCKED}vey-sales.com/ipn/transactions/en.exe http://{BLOCKED}vey-sales.com/ipn/transactions/link-en.exe The worm tries to terminate some of the security related processes. This worm first appeared on November 12, 2006. Blueball Other names of Sohanad Worm: This Worm is also known as WORM_SOHANAD.AE.