message bizarre....
Modérateur : Modérateurs
- 
				alain51
- Membre hyperactif 
- Messages : 1991
- Enregistré le : 02 juin 2005, 23:00:00
- Localisation : Châlons en Champagne
Salut,
Si tu peux traduire:
<TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font size=-1><b>Citation :</b></font></TD></TR></TABLE><TABLE BORDER=1 CELLPADDING=10 BORDERCOLOR=#FF0000 ALIGN=CENTER WIDTH=85%><TR BGCOLOR=#F3F2F4><TD><FONT SIZE=-1> <a href="http://www.tietokone.fi/foorumi/keskust ... areapage=6" target="_blank">http://www.tietokone.fi/foorumi/keskust ... apage=6</a>
26.11.2003
klo 19:36
file MDATA.DAT not found ERROR Timo Ahosalmi
Voisko joku kertoa mikठkyseinen tiedosto on ja miten kyseisen herjan saa pois, ilmestyy aina ruutuun koneen kà¤ynnistyessà¤. Rekisteristठkyseinen mdata.dat kyllठlà¶ytyy,
28.11.2003
klo 11:00
Re: file MDATA.DAT not found ERROR Mika Reiman
Katselimpa mdata.dat hakusanalla ja sain seuraavaa
<a href="http://www.winforums.org/showthread.php?t=1308" target="_blank">http://www.winforums.org/showthread.php?t=1308</a>
siinठolis joitain neuvoja englanniksi
T:Mika</FONT></TD></TR></TABLE>
<IMG SRC="http://pageperso.aol.fr/Mrbroniarczyk/logo2.gif" BORDER="0">
			
									
									
						Si tu peux traduire:
<TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font size=-1><b>Citation :</b></font></TD></TR></TABLE><TABLE BORDER=1 CELLPADDING=10 BORDERCOLOR=#FF0000 ALIGN=CENTER WIDTH=85%><TR BGCOLOR=#F3F2F4><TD><FONT SIZE=-1> <a href="http://www.tietokone.fi/foorumi/keskust ... areapage=6" target="_blank">http://www.tietokone.fi/foorumi/keskust ... apage=6</a>
26.11.2003
klo 19:36
file MDATA.DAT not found ERROR Timo Ahosalmi
Voisko joku kertoa mikठkyseinen tiedosto on ja miten kyseisen herjan saa pois, ilmestyy aina ruutuun koneen kà¤ynnistyessà¤. Rekisteristठkyseinen mdata.dat kyllठlà¶ytyy,
28.11.2003
klo 11:00
Re: file MDATA.DAT not found ERROR Mika Reiman
Katselimpa mdata.dat hakusanalla ja sain seuraavaa
<a href="http://www.winforums.org/showthread.php?t=1308" target="_blank">http://www.winforums.org/showthread.php?t=1308</a>
siinठolis joitain neuvoja englanniksi
T:Mika</FONT></TD></TR></TABLE>
<IMG SRC="http://pageperso.aol.fr/Mrbroniarczyk/logo2.gif" BORDER="0">
- 
				RV
- Membre actif 
- Messages : 238
- Enregistré le : 02 juin 2005, 23:00:00
- Localisation : Belgique profonde
As there are other variants of this downloader trojan the filename may vary. For earlier variants the 4248 DATS and above are required. This description is based upon the latest variant AVERT has received from the field which requires the 4252 DATS and above. 
When the downloader is run, it shows a fake error message:
Windows
File open error: invalid CRC!
 
The downloader attempts to download 2 files from the <a href="http://www.yahoo-greeting-cards.com" target="_blank">www.yahoo-greeting-cards.com</a> website
The 2 files are:
DBOLE.EXE
SICKBOY.EXE
These files are dropped in to the %System% directory.
(Note: %System% is the Windows System folder, which is usually C:WindowsSystem on Windows 9x/ME, C:WINNTSystem32 on Windows NT/2000, or C:WindowsSystem32 on Windows XP.)
The SICKBOY.EXE file is renamed to SYSVIEW.EXE file.
The following registry key is updated so that the files run after every restart
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
with the values:
"DatabaseOLE" = "%winsysdir%dbole.exe"
"SystemView" = "%winsysdir%sysview.exe"
Please note at the time AVERT received this downloader trojan the website <a href="http://www.yahoo-greeting-cards.com" target="_blank">www.yahoo-greeting-cards.com</a> has since been closed down.
			
									
									
						When the downloader is run, it shows a fake error message:
Windows
File open error: invalid CRC!
The downloader attempts to download 2 files from the <a href="http://www.yahoo-greeting-cards.com" target="_blank">www.yahoo-greeting-cards.com</a> website
The 2 files are:
DBOLE.EXE
SICKBOY.EXE
These files are dropped in to the %System% directory.
(Note: %System% is the Windows System folder, which is usually C:WindowsSystem on Windows 9x/ME, C:WINNTSystem32 on Windows NT/2000, or C:WindowsSystem32 on Windows XP.)
The SICKBOY.EXE file is renamed to SYSVIEW.EXE file.
The following registry key is updated so that the files run after every restart
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
with the values:
"DatabaseOLE" = "%winsysdir%dbole.exe"
"SystemView" = "%winsysdir%sysview.exe"
Please note at the time AVERT received this downloader trojan the website <a href="http://www.yahoo-greeting-cards.com" target="_blank">www.yahoo-greeting-cards.com</a> has since been closed down.
Qui est en ligne
Utilisateurs parcourant ce forum : Aucun utilisateur enregistré et 26 invités

