file is a MSVB exe, here are some fun strings from the binary... ( spyware, but not a trojan )
http://www.maxmind.com:8010/a?l=PeAyF1sgrZYw&i=\tempf.txt \usta32.ini http://mmm.media-motor.net/bundle.php?aff=\affbun.txt phases sewers outers c:\asdf.txt randomdll mydll randomocx \regsvr32 /s randomexe myexe SOFTWARE\Microsoft\Windows\CurrentVersion\Run uinstaller unstall.exe SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor DisplayName Media-motor \unstall.exe http://logs.media-motor.net/log3.php?c=&what=newinstall&aff=&country= \tempf2.txt &what=dupinstall&aff= > anyone familiar with this group (media-motor.net/Roings.com) ? they > seem to be sending downloader.trojan files to unsuspecting people > using everyone.net webmail accounts. > http://mmm.media-motor.net/soft/default.exe > the webmail i discovered it on was from sunguru.com > tries to download that file everytime i log in or log out.? proally using IE huh????? fun stuff, m.w _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
