Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Drops Child Porn On Infected Machines


  • Please log in to reply
3 replies to this topic

#1 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:10:38 PM

Posted 14 March 2006 - 12:53 PM

Troj/Multidr-FG / aka Trojan-Dropper.Win32.Agent.yf / aka Win32/TrojanDropper.Agent.VX

http://www.sophos.com/virusinfo/analyses/trojmultidrfg.html


We've had worms and trojans attempting to steal financial information, we've had them dropping adult related material on people's machines. Now we have a new breed of trojan that goes one step further. Troj/Multidr-FG will drop child related porn on a victim's machine. Needless to say this could have serious consequences for the user if the media file is not removed. If the media content was found by some unsuspecting engineer for example and they decided to inform the authorities, the user might find themselves in hot water.


When Troj/Multidr-FG is installed the following files are created and opened:

%Temp%\childporn.wmv
%System%\loadadv713.exe
%System%\msits.exe
%System%\win32.exe

It also drops 3 other trojans so keep your eye out for the combination in scan results.

Troj/Harnig-J attempts to download files to the following locations:

%Windows%\country.exe
%Windows%\hosts
%Windows%\kl1.exe
%Windows%\secure32.html
%System%\paytime.exe
%Windows%\tool1.exe
%Windows%\tool2.exe
%Windows%\tool3.exe
%Windows%\tool4.exe
%Windows%\tool5.exe
%Windows%\toolbar.exe
%Windows%\uniq


Troj/Vixup-BM

Disables the Task Manager !!

O4 - HKLM\..\Run: [System] C:\windows\system32\kernels64.exe <--HijackThis entry

%Temp%\1.qtdfmp
%Temp%\2.qtdfmp
%Temp%\3.qtdfmp
%Temp%\4.qtdfmp
%Temp%\5.qtdfmp
%Temp%\6.qtdfmp
%Temp%\7.qtdfmp
%System%\vx.tll
%System%\vxh8jkdq1.exe
%System%\vxh8jkdq2.exe
%System%\vxh8jkdq5.exe
%System%\vxh8jkdq6.exe
%System%\vxh8jkdq7.exe


Troj/Bizves-D

When first run Troj/Bizves-D copies itself to %System%\cmd32.exe and stores downloaded files with the following filenames:

asfds
cdegfr
fdsf
sdfdsf
sdfff
wdcevf
wdcsadsad
zxczxc
%System%\z11.exe
%System%\z12.exe
%System%\z13.exe
%System%\z14.exe
%System%\z15.exe
%System%\z16.exe


:thumbsup:
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

BC AdBot (Login to Remove)

 


#2 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:05:38 PM

Posted 14 March 2006 - 01:06 PM

I can't say that I am shocked. But I am throughly disgusted!
For the love of God these monsters need to be stopped!!!
This has gone beyond the pale!!!
The filth that spreads this, deserves none less than [insert any form of [i]extremly severe[/i] punishment you wish here].
Same goes for the ones who create the porn that is used!!! No never mind that, double it for such!
Drawn and quartered comes to mind.....
Posted Image

#3 rms4evr

rms4evr

  • Members
  • 812 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East Coast
  • Local time:06:38 PM

Posted 14 March 2006 - 03:43 PM

Not only do I fully agree with Scarlett, but, in addition to spreading this filth, it could send law abiding citizens to jail!!!!! People who have never done anything could have thier entire lives ruined by some :thumbsup: who wants to spread kiddie porn with a virus for no reason!!!!

They just made law enforcement's job a lot harder...police and feds who do not know about this could be going after an innocent person, while the real bad guys get off scot free :flowers: .

#4 madnlooney

madnlooney

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South London
  • Local time:06:38 PM

Posted 21 March 2006 - 10:39 AM

thats just shocking. i dont see what people get out of it and there could be some inocent person getting in alot of trouble if they got infected




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users