Help please ;)

jaudaa · 01/08/2013, 16:08

Hey, can anyone find out the code of this program, and find out what it does? I would appreciate it a lot!

omer36 · 01/08/2013, 16:09

lol..
yeah..sure...

Chanolan · 01/08/2013, 16:11

Seems legit

~

jaudaa · 01/08/2013, 16:16

please! think my pc is part of a botnet...

Dr. Coxxy · 01/08/2013, 16:29

virus.

anubis is down, so virustotal:

several typical registry keys:
Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
Software\\Microsoft\\Windows\\CurrentVersion\\Run

paths:
drivers\\etc\\hosts

100% infected, you should reinstall.

Quote:

Opened files...

\\.\PIPE\lsarpc (successful)
C:\2a6b41e6a7c612f597955a080ddf87bd98b167a3d331522 5e63472f2e006b29f (successful)
C:\Documents and Settings\<USER>\My Documents\MSDCSC\msdcsc.exe (successful)

Read files...

C:\2a6b41e6a7c612f597955a080ddf87bd98b167a3d331522 5e63472f2e006b29f (successful)

Copied files...

SRC: C:\2a6b41e6a7c612f597955a080ddf87bd98b167a3d331522 5e63472f2e006b29f
DST: C:\Documents and Settings\<USER>\My Documents\MSDCSC\msdcsc.exe (successful)

Registry activity
Set keys...

KEY: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\MicroUpdate
TYPE: REG_SZ
VALUE: C:\Documents and Settings\<USER>\My Documents\MSDCSC\msdcsc.exe (successful)

KEY: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit
TYPE: REG_SZ
VALUE: C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\<USER>\My Documents\MSDCSC\msdcsc.exe (successful)

jaudaa · 01/08/2013, 17:47

so it's a botnet or what? ...

btw thx

»Cirruzz« · 01/08/2013, 19:48

Have u the Virus Warning ignored? You're infected.

jaudaa · 01/08/2013, 20:59

yh put it on ignore for a few secs 2 open this app...

Kraizy · 01/08/2013, 21:12

DarkComet RAT
Well, better change all your passwords etc (on a new computer or after installing Windows again)