Sujet Précédent Sujet Suivant

Information pour Coolman et autres

Fermé
Elite - 23 sept. 2011 à 14:36
 Elite - 25 sept. 2011 à 13:46
rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,2\1 +composant indésirable
--------------------------------------------------------------------------------------------------------------------------------------
Rundll_As <~~ camoufflage ;)
--------------------------------------------------------------------------------------------------------------------------------------
[NoLoad] --> cpl
--------------------------------------------------------------------------------------------------------------------------------------
/!\ Encryption --> ROT13 <~~ controle tout /!\
--------------------------------------------------------------------------------------------------------------------------------------
Norton fake pwnz
--------------------------------------------------------------------------------------------------------------------------------------
Service executer<--> installer:

Comme par exemple: 

[SQL Server (32 bits)]
Driver=C:\WINDOWS\system32\SQLSRV32.dll
Setup=C:\WINDOWS\system32\sqlsrv32.dll
32Bit=1
[ODBC 32 bit Drivers]
SQL Server (32 bits)=Installed
Microsoft Access Driver (*.mdb) (32 bits)=Installed
Microsoft Text Driver (*.txt; *.csv) (32 bits)=Installed
Microsoft Excel Driver (*.xls) (32 bits)=Installed
Microsoft dBase Driver (*.dbf) (32 bits)=Installed
Microsoft Paradox Driver (*.db ) (32 bits)=Installed
Microsoft Visual FoxPro Driver (32 bits)=Installed
Microsoft FoxPro VFP Driver (*.dbf) (32 bits)=Installed
Microsoft dBase VFP Driver (*.dbf) (32 bits)=Installed
Microsoft Access-Treiber (*.mdb) (32 bits)=Installed
Microsoft Text-Treiber (*.txt; *.csv) (32 bits)=Installed
Microsoft Excel-Treiber (*.xls) (32 bits)=Installed
Microsoft dBase-Treiber (*.dbf) (32 bits)=Installed
Microsoft Paradox-Treiber (*.db ) (32 bits)=Installed
Microsoft Visual FoxPro-Treiber (32 bits)=Installed
Driver do Microsoft Access (*.mdb) (32 bits)=Installed
Driver da Microsoft para arquivos texto (*.txt; *.csv) (32 bits)=Installed
Driver do Microsoft Excel(*.xls) (32 bits)=Installed
Driver do Microsoft dBase (*.dbf) (32 bits)=Installed
Driver do Microsoft Paradox (*.db ) (32 bits)=Installed
Driver para o Microsoft Visual FoxPro (32 bits)=Installed
Microsoft ODBC for Oracle (32 bits)=Installed
[Microsoft Access Driver (*.mdb) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odbcjt32.dll
32Bit=1
[Microsoft Text Driver (*.txt; *.csv) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odtext32.dll
32Bit=1
[Microsoft Excel Driver (*.xls) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odexl32.dll
32Bit=1
[Microsoft dBase Driver (*.dbf) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\oddbse32.dll
32Bit=1
[Microsoft Paradox Driver (*.db ) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odpdx32.dll
32Bit=1
[Microsoft Visual FoxPro Driver (32 bits)]
Driver=C:\WINDOWS\system32\vfpodbc.dll
Setup=C:\WINDOWS\system32\vfpodbc.dll
32Bit=1
[Microsoft FoxPro VFP Driver (*.dbf) (32 bits)]
Driver=C:\WINDOWS\system32\vfpodbc.dll
Setup=C:\WINDOWS\system32\vfpodbc.dll
32Bit=1
[Microsoft dBase VFP Driver (*.dbf) (32 bits)]
Driver=C:\WINDOWS\system32\vfpodbc.dll
Setup=C:\WINDOWS\system32\vfpodbc.dll
32Bit=1
[Microsoft Access-Treiber (*.mdb) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odbcjt32.dll
32Bit=1
[Microsoft Text-Treiber (*.txt; *.csv) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odtext32.dll
32Bit=1
[Microsoft Excel-Treiber (*.xls) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odexl32.dll
32Bit=1
[Microsoft dBase-Treiber (*.dbf) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\oddbse32.dll
32Bit=1
[Microsoft Paradox-Treiber (*.db ) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odpdx32.dll
32Bit=1
[Microsoft Visual FoxPro-Treiber (32 bits)]
Driver=C:\WINDOWS\system32\vfpodbc.dll
Setup=C:\WINDOWS\system32\vfpodbc.dll
32Bit=1
[Driver do Microsoft Access (*.mdb) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odbcjt32.dll
32Bit=1
[Driver da Microsoft para arquivos texto (*.txt; *.csv) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odtext32.dll
32Bit=1
[Driver do Microsoft Excel(*.xls) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odexl32.dll
32Bit=1
[Driver do Microsoft dBase (*.dbf) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\oddbse32.dll
32Bit=1
[Driver do Microsoft Paradox (*.db ) (32 bits)]
Driver=C:\WINDOWS\system32\odbcjt32.dll
Setup=C:\WINDOWS\system32\odpdx32.dll
32Bit=1
[Driver para o Microsoft Visual FoxPro (32 bits)]
Driver=C:\WINDOWS\system32\vfpodbc.dll
Setup=C:\WINDOWS\system32\vfpodbc.dll
32Bit=1
[Microsoft ODBC for Oracle (32 bits)]
Driver=C:\WINDOWS\system32\msorcl32.dll
Setup=C:\WINDOWS\system32\msorcl32.dll
32Bit=1

--------------------------------------------------------------------------------------------------------------------------------------
Sur écriture //1
-----------------------------------------------------------------------------------------------------------------------------------------
Vérifier MBAMService
Vérifier Firefox
------------------------------------------------------------------------------------------------------------------------------------------
Et y a du ZeroAccess derrière

------------------------------------------------------------------------------------------------------------------------------------------
HHCTRL.OCX +[ui] ; user32.dll, ntdll

/!\ Exploit movie maker / front page /!\
------------------------------------------------------------------------------------------------------------------------------------------
C:\WINDOWS\system32\Setup\iis.dll <--- Boo
------------------------------------------------------------------------------------------------------------------------------------------
Vérification approfondie sur les "printers" & Trojan server Printer
------------------------------------------------------------------------------------------------------------------------------------------
Langue utiliser&version pack installer <--|
^
[rapport avec le framework] WMI overflow

[V2] principalement en cause pour le moment
pas encore finni avec ça

----------------------------------------------------------------------------------------------------------------------------------------

Bonne Recherche pour ton tool :P

1 réponse

Réponse 1 / 1
Elite
Modifié par Elite le 25/09/2011 à 13:58
Bon pour firefox qui bug en dedoublement dans ton soft jpense avoir trouvé squ'il voit pas au scan

xul.dll ; dwmapi.dll ; msvcrt


Base: 77D1A937// E4DA7398 // 77F45669 // F2A12789 // 77D5DFE6 // E9A96F98
0

Discussions similaires

Transparence en tete et bas de page
Sabrina -
sabrina -

8 réponses
chaima csc
chaima -
chaima -

1 réponse
Nicolas Coolman
hamendejl -
hamendejl -

3 réponses
Corriger fautes d'orthographe
Marie -
Raymond PENTIER -

8 réponses
En tête qui n'apparaît pas
Léo1986 -
Léo1986 -

10 réponses