_genuine
February 28th, 2010, 15:12
Hi guys, i believe i have been infected! 
To be brief, i know how i got this infection, it was actually my own fault and i knew it was coming, now im on the chase.. Just alittle background on how i got it. I was actually chatting with a friend on msn who didnt know he was infected somehow, and this thing apparently sent a link through msn (without him noticing) and i clicked this link and downloaded the file. Now youre probably saying how can you be so stupid, but heres the irony, we were talking about some things (RE related) and he wanted to show me a pic, at this moment a jpg link came up and so i thought this was the link of the pic he wanted to show me, well, it was not..it was his infected system that sent a link via msn to me and bam, i got infected...So far i dont know too much about this infection..What i do know is this
It starts some numbered processes at "random" times, these files get created also randomly ( being controlled by some process ive yet to track down ). I got a hold of one these files and uploaded it to Virustotal, apparently this file has been found before.
heres a permalink:
http://www.virustotal.com/analisis/155c8aba16451390fdf31043f4460ab5ae7b7423247148e86b06a093234dcd6f-1267356175
Now what ive been trying to is use procmon to try and track down how these numbered files are being created. ( onto my User/Local Settings/Temp ) directory to no avail.. ill keep trying things and would like some other approaches if you have any. These files are then ran as processes and seem to compromise the system resource, making CPU usage peak at 100%. I dont have any reason yet to believe that any network related information is being processed, and i dont know exactly what this thing is doing yet..But i am determined to find out, i need to track down where its all originating from.. Ive used Hijackthis, Malware bytes, Rootkit revealing tools and none of them even budge. ( As i write this my CPU is at 100% lol) DAM.
Now i also recently found out that my wlnotify dll might also be compromised. This is on Windows XP Pro SP3. I will upload this possibly infected file here:
Can anyone with the same system specs please verify if in fact this wlnotify is infected? thanks.
FILE MAY BE MALWARE BUT ITS A DLL!
To be brief, i know how i got this infection, it was actually my own fault and i knew it was coming, now im on the chase.. Just alittle background on how i got it. I was actually chatting with a friend on msn who didnt know he was infected somehow, and this thing apparently sent a link through msn (without him noticing) and i clicked this link and downloaded the file. Now youre probably saying how can you be so stupid, but heres the irony, we were talking about some things (RE related) and he wanted to show me a pic, at this moment a jpg link came up and so i thought this was the link of the pic he wanted to show me, well, it was not..it was his infected system that sent a link via msn to me and bam, i got infected...So far i dont know too much about this infection..What i do know is this
It starts some numbered processes at "random" times, these files get created also randomly ( being controlled by some process ive yet to track down ). I got a hold of one these files and uploaded it to Virustotal, apparently this file has been found before.
heres a permalink:
http://www.virustotal.com/analisis/155c8aba16451390fdf31043f4460ab5ae7b7423247148e86b06a093234dcd6f-1267356175
Now what ive been trying to is use procmon to try and track down how these numbered files are being created. ( onto my User/Local Settings/Temp ) directory to no avail.. ill keep trying things and would like some other approaches if you have any. These files are then ran as processes and seem to compromise the system resource, making CPU usage peak at 100%. I dont have any reason yet to believe that any network related information is being processed, and i dont know exactly what this thing is doing yet..But i am determined to find out, i need to track down where its all originating from.. Ive used Hijackthis, Malware bytes, Rootkit revealing tools and none of them even budge. ( As i write this my CPU is at 100% lol) DAM.
Now i also recently found out that my wlnotify dll might also be compromised. This is on Windows XP Pro SP3. I will upload this possibly infected file here:
Can anyone with the same system specs please verify if in fact this wlnotify is infected? thanks.
FILE MAY BE MALWARE BUT ITS A DLL!
We'll see though it may be too early to tell..