Hi, i wonder if you can explain this please.
Badware @ hxxp://www.claassen-eisbedarf.de
Allowed Scripting & Requests in FF.
Invokes FF Plugin Container which i allowed through my FW. Soon after i was notified that the Plugin Container had crashed. Avira alerted me to the Malware, but i allowed them to be DL'd after being prompted.
temp\wpbt0.dll found in Temporary Internet Files
Something automatically launched regsvr.32.exe ?
w.php?f=79&e=6 = hxxp://seriusmazaloa.com/w.php?f=79&e=6 = found in Temp file. When i copied it to my desktop it morphed into contacts[1].exe
hxxp://seriusmazaloa.com/w.php?f=79&e=6 is serving other Malware eg calc.exe
What i'm interested in, is how did w.php?f=79&e=6 morph into hxxp://seriusmazaloa.com/w.php?f=79&e=6 & then contacts[1].exe ?
TIA
PW = infected
Badware @ hxxp://www.claassen-eisbedarf.de
Allowed Scripting & Requests in FF.
Invokes FF Plugin Container which i allowed through my FW. Soon after i was notified that the Plugin Container had crashed. Avira alerted me to the Malware, but i allowed them to be DL'd after being prompted.
temp\wpbt0.dll found in Temporary Internet Files
Something automatically launched regsvr.32.exe ?
w.php?f=79&e=6 = hxxp://seriusmazaloa.com/w.php?f=79&e=6 = found in Temp file. When i copied it to my desktop it morphed into contacts[1].exe
hxxp://seriusmazaloa.com/w.php?f=79&e=6 is serving other Malware eg calc.exe
What i'm interested in, is how did w.php?f=79&e=6 morph into hxxp://seriusmazaloa.com/w.php?f=79&e=6 & then contacts[1].exe ?
TIA
PW = infected
Attachments
Temp int.gif (5.71 KiB) Viewed 709 times
Badware
(256.48 KiB) Downloaded 45 times
(256.48 KiB) Downloaded 45 times
Malware = If your names not down, you're Not coming in !