May 7, 2009 at WTF! New Trojan blocking Windows!
Just a few hours ago I talked with a friend in ICQ (both via qip). We are talking about cameras, mirrors VS. soap dishes, and so on. And then an unexpected message comes from him like "Do you think this photo was taken using Photoshop and a link ..." to a file with the * .scr extension, that is, a screensaver, I think I need to open it, a reliable friend will not send a bad one, I open it and voila - at first glance an ordinary system lock trojan, about which they already wrote. But no, there is a blue screen of death, stupid supposedly system inscriptions + text SEND SMS with the text old PROBELoper to such a number and so on, the input window and button. Focus is automatically transferred to the window. None of the key combinations work (even such as Win + U, 8 seconds of the shift).
Rebooting nothing helps accordingly, the Dr.Web key generator also refuses, since there is only text in the form of a message. Inputs “0” and the words “credited” do not work either.
It booted only in debug mode, looked at the boot registry, startup, searched it with antivirus, search - nothing!
I reboot the computer again the same screen. Again I crawl under the "debugging". Now, from a few more, a message arrives with the same text, plus as it turns out, it is the same from me. Although they couldn’t crack ICQ, it was too hard for me to have a password that was unrealistic to pick up. And yet - in the history of messages, there is not a single mention of this, nor do I have any lists of my contacts.
And yet, this is clearly the client itself emulated the input, since it came from the first friend, then from me and so on, who had the quip - there is nothing left on the stories on both sides, who has another client, then there are more stories the chain did not go.
What kind of beast and how to deal with it has not yet found who knows what - unsubscribe.
I supposedly sent such “it is noticeable that the photo in Photoshop was edited or not?
vvv (replaced) .hochubilet.net / foto334.gif »Although the first file that was sent to me was with the extension * .scr
PS Only do not send SMS, so solve the problem!
UPD Blogged - Information Security.
Rebooting nothing helps accordingly, the Dr.Web key generator also refuses, since there is only text in the form of a message. Inputs “0” and the words “credited” do not work either.
It booted only in debug mode, looked at the boot registry, startup, searched it with antivirus, search - nothing!
I reboot the computer again the same screen. Again I crawl under the "debugging". Now, from a few more, a message arrives with the same text, plus as it turns out, it is the same from me. Although they couldn’t crack ICQ, it was too hard for me to have a password that was unrealistic to pick up. And yet - in the history of messages, there is not a single mention of this, nor do I have any lists of my contacts.
And yet, this is clearly the client itself emulated the input, since it came from the first friend, then from me and so on, who had the quip - there is nothing left on the stories on both sides, who has another client, then there are more stories the chain did not go.
What kind of beast and how to deal with it has not yet found who knows what - unsubscribe.
I supposedly sent such “it is noticeable that the photo in Photoshop was edited or not?
vvv (replaced) .hochubilet.net / foto334.gif »Although the first file that was sent to me was with the extension * .scr
PS Only do not send SMS, so solve the problem!
UPD Blogged - Information Security.