A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #20698  by Quads
 Tue Sep 03, 2013 7:47 am
OK Roguekiller finds the Install folder on a 32bit system located C:\Program Files\Google\Desktop\Install

But doesn't find the Install folder if located in C:\Program Files (x86)\Google\Desktop\Install

I created the C:\Program Files (x86)\Google\Desktop\Install path and folders on my system and Roguekiller does not find it

Roguekiller does find these 2 locations, I created these 2 paths and folders also

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Users\Quads\AppData\Local\Google\Desktop\Install [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND


Quads
 #20713  by 0x16/7ton
 Wed Sep 04, 2013 2:20 pm
Dropper from 01.09.2013 with mini-update
pass: infected
(100.68 KiB) Downloaded 97 times
Sirefef attempts to stop and delete in addition two services: RemoteAccess,PolicyAgent
mini_update.png
mini_update.png (11.12 KiB) Viewed 941 times
 #21066  by EP_X0FF
 Fri Oct 04, 2013 5:51 am
Blah-blah-blah with hyped marketing shit in the end, completely wrong timeline and major copy-paste work from Sophos articles. Not to mention they totally miss 2013 versions.
  • 1
  • 45
  • 46
  • 47
  • 48
  • 49
  • 56