GoFuckYourself.com - Adult Webmaster Forum - View Single Post

SmokeyTheBear · 04-13-2005, 10:55 AM

Upon execution, this Trojan checks for the system?s Internet connection. It then creates new registry entries in order to lower the Internet security settings of the user?s default browser.

This Trojan downloads files from the following URLs:

http://static.topconverting.com/acti...nningsgame.exe
http://static.topconverting.com/activex/tcupdater.exe
http://static.topconverting.com/activex/180ax.exe
http://static.topconverting.com/activex/optimize.exe
http://static.topconverting.com/activex/games.exe
It adds the following registry keys and entries:

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1
@ = "Loader2 Control"

HKEY_CLASSES_ROOT\LOADER2.Loader2PropPage.1

HKEY_CLASSES_ROOT\LOADER2.Loader2PropPage.1
@ = "Loader2 Control"

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1\CLSID

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1\CLSID
@ = "{79849612-A98F-45B8-95E9-4D13C7B6B35C}"

HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}

HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}
@ = "Loader2 Property Page"

HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1
@ = "Loader2 Control"

HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1\CLSID

HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1\CLSID
@ = "{79849612-A98F-45B8-95E9-4D13C7B6B35C}"

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{38601801-2FF5-4A62-95DA-D2007161C1B4}

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{38601801-2FF5-4A62-95DA-D2007161C1B4}
@ = "Loader2 Property Page"

Analysis By: Carlo Panganiban

Revision History:
First pattern file version: 2.364.06
First pattern file release date: Jan 21, 2005

04-13-2005, 10:55 AM
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	Upon execution, this Trojan checks for the system?s Internet connection. It then creates new registry entries in order to lower the Internet security settings of the user?s default browser. This Trojan downloads files from the following URLs: http://static.topconverting.com/acti...nningsgame.exe http://static.topconverting.com/activex/tcupdater.exe http://static.topconverting.com/activex/180ax.exe http://static.topconverting.com/activex/optimize.exe http://static.topconverting.com/activex/games.exe It adds the following registry keys and entries: HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1 HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1 @ = "Loader2 Control" HKEY_CLASSES_ROOT\LOADER2.Loader2PropPage.1 HKEY_CLASSES_ROOT\LOADER2.Loader2PropPage.1 @ = "Loader2 Control" HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1\CLSID HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1\CLSID @ = "{79849612-A98F-45B8-95E9-4D13C7B6B35C}" HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} @ = "Loader2 Property Page" HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1 @ = "Loader2 Control" HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1\CLSID @ = "{79849612-A98F-45B8-95E9-4D13C7B6B35C}" HKEY_LOCAL_MACHINE\Software\Classes\CLSID\ {38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\ {38601801-2FF5-4A62-95DA-D2007161C1B4} @ = "Loader2 Property Page" Analysis By: Carlo Panganiban Revision History: First pattern file version: 2.364.06 First pattern file release date: Jan 21, 2005 __________________ hatisblack at yahoo.com