TT Livescan - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: TT Livescan

On Thu, 30 Apr 2009 13:25:48 -0700, 1PW wrote:

Quoted text here. Click to load it

*CYBAX*
--
My hero!!    http://tr.im/2ghc

Re: TT Livescan

On Thu, 30 Apr 2009 12:54:51 -0400, Brian "Goober" Gwaltney wrote:

Quoted text here. Click to load it

png fraqf pbaqbyraprf. Gur napvrag Rtlcgvnaf unq zber erfcrpg.

--
You gotta fight, for your right, to party...
The best of the best in Freeware
http://www.pricelesswarehome.org /
Registered Linux User #485718

Re: TT Livescan

@news.motzarella.org:

Quoted text here. Click to load it

My cats do as well.


--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
  


Re: TT Livescan

"idbeholda" wrote:

Quoted text here. Click to load it

There's something there now but there wasn't when I tried it shortly
after you posted your link. There should at least be a 'readme' file
in the archive package explaining how to install, which exe to run,
what to expect, etc. *I* can work out what to do but your average
computer user will need hand-holding and reassurance.

Quoted text here. Click to load it

No, they shouldn't.

Quoted text here. Click to load it

Use something other than VB6, perhaps. I'm just indicating a possible
problem with compiled Visual Basic programs using FTP. Unfortunately,
VB6 has become the script kiddies choice for writing password stealing
trojans using FTP. Many of these are currently being posted to binary
newsgroups. However, I see that only Prevx flagged it as being a
problem in a scan posted by VG so you may be ok.

Quoted text here. Click to load it

Yes, it's no better.

Quoted text here. Click to load it

So how do you keep up with one of these that I posted about in message
<quote>
Additionally, there are 11 bytes tacked on to the end of the file which
are not part of the PE. These bytes change on each download so the file
signature (MD5, checksum, etc.) is different every time.
</quote>

That's a heck of a lot of signatures for just one executable.

Quoted text here. Click to load it

Calm down. I'm not your target audience and have no need of a
signature scanner. I know you've previously been a regular poster and
I don't believe it's trojaned. The point is, how are others to know
when, in your OP, all you post is a link to a .rar package with no
documentation.



Site Timeline