FWIW Windefender2009

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Drops a file called "hhsa.dll" in the system32 folder, every third
time you open a folder you get messages about girls doing things with
horses and the need of downloading more software.

Makes a key called

in registry too

And tries to connect to :

webfreescan.cn  and windefender2009.cn

Bout time the anti-virus cos did something about it. Neither f-prot,
avast or clamav detect it. I wasted 4 hours b4 I managed to get rid of
the bl^%*&%&^%dt thing

Re: FWIW Windefender2009

On 01/26/2009 11:45 AM, Shadow sent:
Quoted text here. Click to load it

Hello Shadow:

You are to be genuinely congratulated for your work.  This malware seems
to have only been discovered on Sunday and probably hasn't made the full
rounds of the antimalware folks.

If you still have the hhsa.dll file quarantined, I'm sure many
antimalware folks would like to get a look at it.  It might also be
helpful if we new the approximate, or exact, contamination vector.

Again - Well done indeed.

1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Site Timeline