Sunday, September 9, 2007

new codec malware

Please stay away from site!!!!!!

hxxp://codec-fun.com/








Currently, virus detection is not good. My best recommendation is never download a video file that asks you to install a video codec. Its normally malware. Safe surfing.

2 comments:

MAD - SecuBox Labs said...

DNS: CODEC-FUN.COM
Creation: 16 April 2007
http://www.siteadvisor.com/sites/codec-fun.com

IP Range Monitoring: 64.28.184.1**
by the evil registrar ESTDOMAINS.

Source: infected://codec-fun.com/download/codec-fun4091.exe
Filename: codec-fun4091.exe
Compil on: Sat Jul 14 15:12:49 2007
Size: 207 727 octects
Packer: NullSoft PiMP SFX
MD5: 3c04ec7f05ccbfdab02e7452ad333866
SHA-1: 9c65d521d0556e10516808fce45c5b3114e9fda1
KAV: Win32.Trojan.DNSChanger.KA

An easy way for a quick analysis is to use a simple NSIS extractor tool for example, uniextrac.

Read the .NSI script:
Push "$TEMP\check.exe" e -o+ -pnLKQ3KC3DPFGgub1PP9bOEm0gg8CF package.tmp

$TEMP = %tmp%
check.exe = unrar.exe
e Extract files to current directory
-o Overwrite existing files
p[password] Set password
package.tmp = compressed files

Rename package.tmp in package.rar
Now, we can extract files on our virtual b0x.

71 205 tmp1.exe
7 199 tmp2.exe

Regards,

Ankita Sharma said...

Nice Lines.............
Technical Support For Norton
Technical Support For Kaspersky Canada
Technical Support For Kaspersky USA
Technical Support For McAfee Canada
Technical Support For Brother Printer Canada
Technical Support For Quicken Canada
Apple Repair Centre in Delhi
Iphone Repair Delhi