Posted: Tue Sep 04, 2007 10:07 pm Post subject: j6229622.exe, BALLOONDIALOG6.5`.exe and Prevx AV
Singularly astonishing that only Prevx lists j6229622.exe as identified during a websearch, especially as early as August 6, 2007.
Observed local activity:
-disables safe mode
-opens and instantaneously closes 6 DOS windows on startup the first of which is j6229622.exe
-appends a string of random numbers to filename msvbvm60.dll consequently rendering hijack this! unexecutable. attempts to delete the string refreshes explorer where a new msvbvm60.dll.### is generated. tricky blokes have apparently responded to Trend Micro's challenge.
-blocks popular antivirus urls and terminates the browser
-terminates AVG, EasyCleaner, taskmanager and regedit
-leaves antivirus icon on system tray only to vanish when pointer reaches it. cheeky bastards, nice touch that.
and all sorts of unspeakable mayhem. Hats off to the cleverness of the coders. Now, my learned sirs, your opinions please.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum