O.T. Programmers...

Share this page

LVent*

LVent*

disgusted
Joined
Dec 27, 2004
Messages
12,975
Reaction score
515
Points
113
Age
43
Location
pittsburgh
Hey guys I am sure there is atleast one programmer in this community lol...I need some explanation on the follow pieces of code :

ShowWindowAsync...ReleaseDC...CreateWindowExW...DefWindowProcW....ShowWindow....CreateWindowExW...LoadIconW...LoadIconW...SetTimer....GetMessageW...DefWindowProcW....GetSystemMetrics....PostMessageW....GetWindowRect...CreateWindowExW...GetWindowRect...ShowWindow....DestroyWindow...GetWindowRect...GetMessageW...GetMessageW...SetTimer....GetMessageW...DestroyWindow...PostMessageW....SetTimer....CreateWindowExW...DefWindowProcW....PostMessageW....GetDC...GetDlgItem....CreateWindowExW...CreateWindowExW.USER32.DLL....SetTextColor....GetStockObject....CreateCompatibleDC....CreateCompatibleDC....GetTextMetricsW...DeleteObject....LineTo....GetTextMetricsW...BitBlt....GetDeviceCaps...PatBlt....BitBlt....SetTextColor....LineTo....CreateCompatibleBitmap....DeleteObject....GetStockObject....BitBlt....LineTo....SelectObject....GetTextMetricsW...GetDeviceCaps...DeleteDC....SetTextColor....CreateCompatibleDC....CreateCompatibleDC....LineTo....GetDeviceCaps...GetTextMetricsW...CreateCompatibleDC....SetBkMode...GetObjectW....SetBkColor....SetBkMode...SetBkColor....MoveToEx..GDI32.DLL...RegQueryValueExA....RegOpenKeyExA...RegCreateKeyExW...RegQueryInfoKeyW....RegOpenKeyExW...CloseServiceHandle....RegDeleteValueW...SetSecurityDescriptorDacl.ADVAPI32.DLL....strcmp..MSVCRT.dll....MultiByteToWideChar...LocalFree...MultiByteToWideChar...SetUnhandledExceptionFilter...LocalAlloc....GetCurrentProcess...GetACP....GetCurrentProcess...GetCurrentThreadId....VirtualAlloc....GetCommandLineA...GetCurrentProcess...GetModuleHandleA....LocalAlloc....GetACP....QueryPerformanceCounter...GetCurrentProcessId...FormatMessageW....SetEvent....QueryPerformanceCounter...GetCommandLineW...GetACP....SetUnhandledExceptionFilter...QueryPerformanceCounter...GetProcessHeap....GetModuleHandleW....LocalFree...GetTickCount....LocalFree...GetModuleHandleW....GetModuleHandleA....GetTickCount....WaitForSingleObject...VirtualFree...GetTickCount....VirtualAlloc....VirtualAlloc....LocalFree...GetModuleFileNameA....GetTickCount....SetUnhandledExceptionFilter...GetModuleFileNameA....GetCommandLineW...FormatMessageW....GetModuleHandleW....LocalAlloc..KERNEL32.DLL


RegEnumValueW...RegOpenKeyExW...RegDeleteValueW...SetSecurityDescriptorDacl.ADVAPI32.DLL....SHGetFolderPathW....SHGetPathFromIDListW....DragQueryFileW....Shell_NotifyIconW...CommandLineToArgvW..SHELL32.DLL...VirtualFree...GetCommandLineW...VirtualFree...GetModuleFileNameA....SetEvent....VirtualFree...LocalFree...GetTickCount....GetCurrentProcessId...LocalAlloc....WaitForSingleObject...GetProcessHeap....GetModuleHandleA....LocalFree...FormatMessageW..KERNEL32.DLL....GetTextMetricsW...MoveToEx....SetBkMode...GetTextMetricsW...SetTextColor....LineTo....GetObjectW....LineTo....PatBlt....GetObjectW....DeleteObject....SelectObject....GetStockObject....SetBkColor....SetTextColor....SetTextColor....GetObjectW....MoveToEx....SetBkColor....MoveToEx....LineTo....GetStockObject....CreateCompatibleDC..GDI32.DLL...ReleaseDC...GetWindowRect...ShowWindowAsync...ShowWindow....ReleaseDC...SetTimer....DestroyWindow...SetTimer....ShowWindow....GetDlgItem....DefWindowProcW....GetDlgItem....CreateWindowExW...GetSystemMetrics....GetMessageW...SendMessageW....GetSystemMetrics....GetDC...SendMessageW....GetSystemMetrics..USER32.DLL

GetMessageW...DestroyWindow...DestroyWindow...CreateWindowExW...ShowWindowAsync...GetMessageW...SendMessageW....DefWindowProcW....DefWindowProcW....GetWindowRect...LoadIconW...CreateWindowExW...DefWindowProcW....SetTimer....PostMessageW....LoadIconW...CreateWindowExW...GetDlgItem....GetSystemMetrics....LoadIconW...GetDlgItem....PostMessageW....GetDlgItem....SendMessageW....GetWindowRect...GetDC...ReleaseDC...GetDC.USER32.DLL....GetACP....GetModuleFileNameA....GetTickCount....GetCurrentProcessId...GetCurrentProcess...SetEvent....GetACP....SetUnhandledExceptionFilter...GetModuleHandleA....WaitForSingleObject...GetCurrentThreadId....GetModuleHandleW....GetModuleHandleW....LocalFree...MultiByteToWideChar...GetCurrentProcess...GetCommandLineA...GetCurrentProcess...FormatMessageW....GetCommandLineA...GetCommandLineW...MultiByteToWideChar...WaitForSingleObject...LocalAlloc....SetUnhandledExceptionFilter...GetCommandLineW...SetEvent....GetCurrentProcessId...GetCurrentThreadId....SetEvent..KERNEL32.DLL....SetBkColor....SetTextColor....SetBkColor....LineTo....LineTo....GetStockObject....GetTextMetricsW...SetBkMode...GetDeviceCaps...SetBkMode...DeleteObject....LineTo....MoveToEx....SetTextColor....GetDeviceCaps...DeleteDC....BitBlt....GetObjectW....CreateCompatibleDC....DeleteObject....SetBkColor....SelectObject....GetDeviceCaps...GetStockObject....SetBkMode...GetStockObject....GetTextMetricsW.GDI32.DLL...


DeleteDC....GetTextMetricsW...CreateCompatibleBitmap....LineTo....SetBkColor....BitBlt....CreateCompatibleBitmap....GetObjectW....GetStockObject....DeleteDC....SetBkColor....GetDeviceCaps...SetBkColor....SelectObject....PatBlt....SetTextColor....SetBkColor....SetBkColor....PatBlt....DeleteDC....CreateCompatibleDC....CreateCompatibleBitmap....DeleteDC....BitBlt....SelectObject....CreateCompatibleBitmap....SetBkMode.GDI32.DLL...DefWindowProcW....ReleaseDC...GetWindowRect...GetSystemMetrics....GetDlgItem....GetSystemMetrics....PostMessageW....GetMessageW...SetTimer....GetDlgItem....CreateWindowExW...ShowWindow....PostMessageW....ShowWindowAsync...ShowWindow....SendMessageW....DestroyWindow...GetWindowRect...GetWindowRect...GetSystemMetrics..USER32.DLL....GetModuleHandleA....GetACP....LocalAlloc....MultiByteToWideChar...GetCurrentProcess...VirtualFree...QueryPerformanceCounter...VirtualFree...GetModuleHandleW....GetModuleHandleW....GetCurrentProcessId...LocalAlloc....FormatMessageW....VirtualFree...GetCurrentProcess...GetModuleHandleA....GetACP..KERNEL32.DLL....AddAccessAllowedAce.ADVAPI32.DLL



Specifically in regards to what it is attempting to do? Any help would be greatly appreciated. I am definitely out of my element in this aspect of computers.
 
Just to clarify, each one of those is a method/function found within windows, that programmers can use to do things like read the registry, create and destroy windows on the screen, handle memory, create bitmap images, etc... each individual item in your list above does something specific. You can look each one up one by one. :)
 
Claremonster said:
Just to clarify, each one of those is a method/function found within windows, that programmers can use to do things like read the registry, create and destroy windows on the screen, handle memory, create bitmap images, etc... each individual item in your list above does something specific. You can look each one up one by one. :)
Click to expand...

I pulled these from various exe's and .dll's of a virus/worm that has been ass raping my company. I was hoping that the hex editor would be able to tell me exactly what its doing...unfortunately its only giving me bits and pieces.. im ready to pull out my ****ing hair.
 
They're just Win32 API methods. Most of those come from kernel32.dll and user32.dll. The ones that end in "A" are Ansi char based and the ones that end in "W" are Unicode char based or "W"ide char.


Those are just the function names. You can't tell from that what's going on unless you had a trace of a stack dump. If it's a worm or virus, it might be trying to intercept the calls. What is the symptom?
 
CleatMarks said:
They're just Win32 API methods. Most of those come from kernel32.dll and user32.dll. The ones that end in "A" are Ansi char based and the ones that end in "W" are Unicode char based or "W"ide char.


Those are just the function names. You can't tell from that what's going on unless you had a trace of a stack dump. If it's a worm or virus, it might be trying to intercept the calls. What is the symptom?
Click to expand...

its from the qakbot w32 worm. its creating a folder here :
C:\Documents and Settings\All Users\Application Data\Microsoft\edpwc

This week its the "edpwc" file name; this has changed now 5 times. In this folder is where I used that hex editor to pull various info. Im going to be screwing around in my registry now to find out what its been up to. This shit is retarded, I would love to torture the fool who created this seriously.

The cleaver bastard also has it set to create a scheduled task that runs every 3rd day. So it keeps coming back lol...mfer...here is an example of the amount of files it creates :

alwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3957

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

4/5/2010 4:23:41 PM
mbam-log-2010-04-05 (16-23-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 657033
Time elapsed: 1 hour(s), 36 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 162

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\syvznzxky.exe (Malware.Packer.Gen) -> No action taken.
C:\tkvadlaub.exe (Malware.Packer.Gen) -> No action taken.
C:\tlsvdsco.exe (Malware.Packer.Gen) -> No action taken.
C:\iaurqcra.exe (Malware.Packer.Gen) -> No action taken.
C:\igvojowk.exe (Malware.Packer.Gen) -> No action taken.
C:\lvaabrev.exe (Malware.Packer.Gen) -> No action taken.
C:\huscbcss.exe (Malware.Packer.Gen) -> No action taken.
C:\lpicjvfw.exe (Malware.Packer.Gen) -> No action taken.
C:\fjhhfclen.exe (Malware.Packer.Gen) -> No action taken.
C:\fluhubxbh.exe (Malware.Packer.Gen) -> No action taken.
C:\vxnfkheb.exe (Malware.Packer.Gen) -> No action taken.
C:\wbuhpynlc.exe (Malware.Packer.Gen) -> No action taken.
C:\rctvyvkj.exe (Malware.Packer.Gen) -> No action taken.
C:\rdzvqocom.exe (Malware.Packer.Gen) -> No action taken.
C:\rfmakbzfk.exe (Malware.Packer.Gen) -> No action taken.
C:\keavmdsxq.exe (Malware.Packer.Gen) -> No action taken.
C:\kemywpov.exe (Malware.Packer.Gen) -> No action taken.
C:\kglqsctfc.exe (Malware.Packer.Gen) -> No action taken.
C:\kgzgllsg.exe (Malware.Packer.Gen) -> No action taken.
C:\khmncueas.exe (Malware.Packer.Gen) -> No action taken.
C:\kkenhaqk.exe (Malware.Packer.Gen) -> No action taken.
C:\unhadguf.exe (Malware.Packer.Gen) -> No action taken.
C:\utzhtuuk.exe (Malware.Packer.Gen) -> No action taken.
C:\vabxtytl.exe (Malware.Packer.Gen) -> No action taken.
C:\vasscyfbj.exe (Malware.Packer.Gen) -> No action taken.
C:\vexnumnak.exe (Malware.Packer.Gen) -> No action taken.
C:\nzrgwahc.exe (Malware.Packer.Gen) -> No action taken.
C:\nzxowyqpb.exe (Malware.Packer.Gen) -> No action taken.
C:\oefmrjgj.exe (Malware.Packer.Gen) -> No action taken.
C:\oeljbknlw.exe (Malware.Packer.Gen) -> No action taken.
C:\oipmhcrs.exe (Malware.Packer.Gen) -> No action taken.
C:\xwxrumbd.exe (Malware.Packer.Gen) -> No action taken.
C:\emujtahfm.exe (Malware.Packer.Gen) -> No action taken.
C:\cepqkbtpk.exe (Malware.Packer.Gen) -> No action taken.
C:\wsgaxtodp.exe (Malware.Packer.Gen) -> No action taken.
C:\wzfypqnty.exe (Malware.Packer.Gen) -> No action taken.
C:\ixcesleyh.exe (Malware.Packer.Gen) -> No action taken.
C:\ixhxxfutv.exe (Malware.Packer.Gen) -> No action taken.
C:\iyiintcqs.exe (Malware.Packer.Gen) -> No action taken.
C:\yuhestrjv.exe (Malware.Packer.Gen) -> No action taken.
C:\ywtjtqcwa.exe (Malware.Packer.Gen) -> No action taken.
C:\seitsdin.exe (Malware.Packer.Gen) -> No action taken.
C:\sgezyishu.exe (Malware.Packer.Gen) -> No action taken.
C:\shzanwwd.exe (Malware.Packer.Gen) -> No action taken.
C:\sjqlsmdiv.exe (Malware.Packer.Gen) -> No action taken.
C:\muyxhjwgt.exe (Malware.Packer.Gen) -> No action taken.
C:\najeopvui.exe (Malware.Packer.Gen) -> No action taken.
C:\nankftvly.exe (Malware.Packer.Gen) -> No action taken.
C:\nedktjudk.exe (Malware.Packer.Gen) -> No action taken.
C:\kykqtbpmb.exe (Malware.Packer.Gen) -> No action taken.
C:\kypevawj.exe (Malware.Packer.Gen) -> No action taken.
C:\lcvbjohi.exe (Malware.Packer.Gen) -> No action taken.
C:\oklhiyatl.exe (Malware.Packer.Gen) -> No action taken.
C:\onpkkrtyy.exe (Malware.Packer.Gen) -> No action taken.
C:\opqzatkq.exe (Malware.Packer.Gen) -> No action taken.
C:\pxyaaqef.exe (Malware.Packer.Gen) -> No action taken.
C:\qhsnyzaf.exe (Malware.Packer.Gen) -> No action taken.
C:\tyaifynh.exe (Malware.Packer.Gen) -> No action taken.
C:\uegqevyco.exe (Malware.Packer.Gen) -> No action taken.
C:\uhowockp.exe (Malware.Packer.Gen) -> No action taken.
C:\mloxntzap.exe (Malware.Packer.Gen) -> No action taken.
C:\mnrwlfso.exe (Malware.Packer.Gen) -> No action taken.
C:\mpnafgucc.exe (Malware.Packer.Gen) -> No action taken.
C:\ykwtlrxyz.exe (Malware.Packer.Gen) -> No action taken.
C:\yqmmorirk.exe (Malware.Packer.Gen) -> No action taken.
C:\ytrdvygi.exe (Malware.Packer.Gen) -> No action taken.
C:\xcjqdkshr.exe (Malware.Packer.Gen) -> No action taken.
C:\jrvwgaie.exe (Malware.Packer.Gen) -> No action taken.
C:\jxyfqfbrz.exe (Malware.Packer.Gen) -> No action taken.
C:\kbceormei.exe (Malware.Packer.Gen) -> No action taken.
C:\dauoojdgm.exe (Malware.Packer.Gen) -> No action taken.
C:\blospqzzk.exe (Malware.Packer.Gen) -> No action taken.
C:\wjebhuwtn.exe (Malware.Packer.Gen) -> No action taken.
C:\wkiuhhou.exe (Malware.Packer.Gen) -> No action taken.
C:\wmdfkqovg.exe (Malware.Packer.Gen) -> No action taken.
C:\zwkoluwuo.exe (Malware.Packer.Gen) -> No action taken.
C:\wqreqtbpy.exe (Malware.Packer.Gen) -> No action taken.
C:\gfvbgzngv.exe (Malware.Packer.Gen) -> No action taken.
C:\itijoajyv.exe (Malware.Packer.Gen) -> No action taken.
C:\rwtdutqlc.exe (Malware.Packer.Gen) -> No action taken.
C:\rydxiudr.exe (Malware.Packer.Gen) -> No action taken.
C:\sbotmcli.exe (Malware.Packer.Gen) -> No action taken.
C:\scyvjhnfb.exe (Malware.Packer.Gen) -> No action taken.
C:\sebsytvdu.exe (Malware.Packer.Gen) -> No action taken.
C:\ewrxnmqss.exe (Malware.Packer.Gen) -> No action taken.
C:\lizugxpv.exe (Malware.Packer.Gen) -> No action taken.
C:\lmkphttui.exe (Malware.Packer.Gen) -> No action taken.
C:\lnojkizwr.exe (Malware.Packer.Gen) -> No action taken.
C:\swziejrpe.exe (Trojan.Downloader) -> No action taken.
C:\osyufkyex.exe (Malware.Packer.Gen) -> No action taken.
C:\ouqdhejhc.exe (Malware.Packer.Gen) -> No action taken.
C:\oywtekzpz.exe (Malware.Packer.Gen) -> No action taken.
C:\xucwyiwlj.exe (Malware.Packer.Gen) -> No action taken.
C:\xvlhwxrtk.exe (Malware.Packer.Gen) -> No action taken.
C:\ahaanhtec.exe (Malware.Packer.Gen) -> No action taken.
C:\akrlsntvo.exe (Malware.Packer.Gen) -> No action taken.
C:\jcnrbweku.exe (Malware.Packer.Gen) -> No action taken.
C:\jgjkeqqm.exe (Malware.Packer.Gen) -> No action taken.
C:\cfgcswqxn.exe (Malware.Packer.Gen) -> No action taken.
C:\ciduqkcyj.exe (Malware.Packer.Gen) -> No action taken.
C:\nstyfxbsd.exe (Malware.Packer.Gen) -> No action taken.
C:\psajwisnh.exe (Malware.Packer.Gen) -> No action taken.
C:\mepltztda.exe (Malware.Packer.Gen) -> No action taken.
C:\mgebwrmd.exe (Malware.Packer.Gen) -> No action taken.
C:\kxiyaowpu.exe (Malware.Packer.Gen) -> No action taken.
C:\fukvcsxev.exe (Malware.Packer.Gen) -> No action taken.
C:\ttwwnxvvk.exe (Malware.Packer.Gen) -> No action taken.
C:\zeiqrgmlr.exe (Malware.Packer.Gen) -> No action taken.
C:\zoidomtdr.exe (Malware.Packer.Gen) -> No action taken.
C:\zojvnnsu.exe (Malware.Packer.Gen) -> No action taken.
C:\henoqaqtt.exe (Malware.Packer.Gen) -> No action taken.
C:\hmqiervez.exe (Malware.Packer.Gen) -> No action taken.
C:\nidetleqe.exe (Malware.Packer.Gen) -> No action taken.
C:\nnzgubwiq.exe (Malware.Packer.Gen) -> No action taken.
C:\qwhodbxps.exe (Malware.Packer.Gen) -> No action taken.
C:\qwmmwyrw.exe (Malware.Packer.Gen) -> No action taken.
C:\qzhjghux.exe (Malware.Packer.Gen) -> No action taken.
C:\qzijsfvsu.exe (Malware.Packer.Gen) -> No action taken.
C:\qzjzyozrd.exe (Malware.Packer.Gen) -> No action taken.
C:\woxnavnfs.exe (Malware.Packer.Gen) -> No action taken.
C:\exdrfxyym.exe (Malware.Packer.Gen) -> No action taken.
C:\ezhbqyzde.exe (Malware.Packer.Gen) -> No action taken.
C:\vnlsojxbl.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.6248 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.8348 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.8748 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.9131 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\oounfhunc.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.10216 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.10417 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.10447 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.11073 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.11591 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.11622 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.13834 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.14763 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.15484 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.15523 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\eaqwfrq (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\_qbotnti.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.16780 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.17388 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.20032 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.20607 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.2063 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.22252 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.22673 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.23377 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.23599 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.24308 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.25251 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.26043 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.26494 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27652 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27658 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27800 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27916 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.28788 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.29699 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.30829 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.16675 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.4681 (Malware.Packer.Gen) -> No action taken.


Notice how on this particular machine its named leeni4 instead of the edpwc...
 
LVent* said:
its from the qakbot w32 worm. its creating a folder here :
C:\Documents and Settings\All Users\Application Data\Microsoft\edpwc

This week its the "edpwc" file name; this has changed now 5 times. In this folder is where I used that hex editor to pull various info. Im going to be screwing around in my registry now to find out what its been up to. This shit is retarded, I would love to torture the fool who created this seriously.

The cleaver bastard also has it set to create a scheduled task that runs every 3rd day. So it keeps coming back lol...mfer...here is an example of the amount of files it creates :

alwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3957

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

4/5/2010 4:23:41 PM
mbam-log-2010-04-05 (16-23-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 657033
Time elapsed: 1 hour(s), 36 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 162

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\syvznzxky.exe (Malware.Packer.Gen) -> No action taken.
C:\tkvadlaub.exe (Malware.Packer.Gen) -> No action taken.
C:\tlsvdsco.exe (Malware.Packer.Gen) -> No action taken.
C:\iaurqcra.exe (Malware.Packer.Gen) -> No action taken.
C:\igvojowk.exe (Malware.Packer.Gen) -> No action taken.
C:\lvaabrev.exe (Malware.Packer.Gen) -> No action taken.
C:\huscbcss.exe (Malware.Packer.Gen) -> No action taken.
C:\lpicjvfw.exe (Malware.Packer.Gen) -> No action taken.
C:\fjhhfclen.exe (Malware.Packer.Gen) -> No action taken.
C:\fluhubxbh.exe (Malware.Packer.Gen) -> No action taken.
C:\vxnfkheb.exe (Malware.Packer.Gen) -> No action taken.
C:\wbuhpynlc.exe (Malware.Packer.Gen) -> No action taken.
C:\rctvyvkj.exe (Malware.Packer.Gen) -> No action taken.
C:\rdzvqocom.exe (Malware.Packer.Gen) -> No action taken.
C:\rfmakbzfk.exe (Malware.Packer.Gen) -> No action taken.
C:\keavmdsxq.exe (Malware.Packer.Gen) -> No action taken.
C:\kemywpov.exe (Malware.Packer.Gen) -> No action taken.
C:\kglqsctfc.exe (Malware.Packer.Gen) -> No action taken.
C:\kgzgllsg.exe (Malware.Packer.Gen) -> No action taken.
C:\khmncueas.exe (Malware.Packer.Gen) -> No action taken.
C:\kkenhaqk.exe (Malware.Packer.Gen) -> No action taken.
C:\unhadguf.exe (Malware.Packer.Gen) -> No action taken.
C:\utzhtuuk.exe (Malware.Packer.Gen) -> No action taken.
C:\vabxtytl.exe (Malware.Packer.Gen) -> No action taken.
C:\vasscyfbj.exe (Malware.Packer.Gen) -> No action taken.
C:\vexnumnak.exe (Malware.Packer.Gen) -> No action taken.
C:\nzrgwahc.exe (Malware.Packer.Gen) -> No action taken.
C:\nzxowyqpb.exe (Malware.Packer.Gen) -> No action taken.
C:\oefmrjgj.exe (Malware.Packer.Gen) -> No action taken.
C:\oeljbknlw.exe (Malware.Packer.Gen) -> No action taken.
C:\oipmhcrs.exe (Malware.Packer.Gen) -> No action taken.
C:\xwxrumbd.exe (Malware.Packer.Gen) -> No action taken.
C:\emujtahfm.exe (Malware.Packer.Gen) -> No action taken.
C:\cepqkbtpk.exe (Malware.Packer.Gen) -> No action taken.
C:\wsgaxtodp.exe (Malware.Packer.Gen) -> No action taken.
C:\wzfypqnty.exe (Malware.Packer.Gen) -> No action taken.
C:\ixcesleyh.exe (Malware.Packer.Gen) -> No action taken.
C:\ixhxxfutv.exe (Malware.Packer.Gen) -> No action taken.
C:\iyiintcqs.exe (Malware.Packer.Gen) -> No action taken.
C:\yuhestrjv.exe (Malware.Packer.Gen) -> No action taken.
C:\ywtjtqcwa.exe (Malware.Packer.Gen) -> No action taken.
C:\seitsdin.exe (Malware.Packer.Gen) -> No action taken.
C:\sgezyishu.exe (Malware.Packer.Gen) -> No action taken.
C:\shzanwwd.exe (Malware.Packer.Gen) -> No action taken.
C:\sjqlsmdiv.exe (Malware.Packer.Gen) -> No action taken.
C:\muyxhjwgt.exe (Malware.Packer.Gen) -> No action taken.
C:\najeopvui.exe (Malware.Packer.Gen) -> No action taken.
C:\nankftvly.exe (Malware.Packer.Gen) -> No action taken.
C:\nedktjudk.exe (Malware.Packer.Gen) -> No action taken.
C:\kykqtbpmb.exe (Malware.Packer.Gen) -> No action taken.
C:\kypevawj.exe (Malware.Packer.Gen) -> No action taken.
C:\lcvbjohi.exe (Malware.Packer.Gen) -> No action taken.
C:\oklhiyatl.exe (Malware.Packer.Gen) -> No action taken.
C:\onpkkrtyy.exe (Malware.Packer.Gen) -> No action taken.
C:\opqzatkq.exe (Malware.Packer.Gen) -> No action taken.
C:\pxyaaqef.exe (Malware.Packer.Gen) -> No action taken.
C:\qhsnyzaf.exe (Malware.Packer.Gen) -> No action taken.
C:\tyaifynh.exe (Malware.Packer.Gen) -> No action taken.
C:\uegqevyco.exe (Malware.Packer.Gen) -> No action taken.
C:\uhowockp.exe (Malware.Packer.Gen) -> No action taken.
C:\mloxntzap.exe (Malware.Packer.Gen) -> No action taken.
C:\mnrwlfso.exe (Malware.Packer.Gen) -> No action taken.
C:\mpnafgucc.exe (Malware.Packer.Gen) -> No action taken.
C:\ykwtlrxyz.exe (Malware.Packer.Gen) -> No action taken.
C:\yqmmorirk.exe (Malware.Packer.Gen) -> No action taken.
C:\ytrdvygi.exe (Malware.Packer.Gen) -> No action taken.
C:\xcjqdkshr.exe (Malware.Packer.Gen) -> No action taken.
C:\jrvwgaie.exe (Malware.Packer.Gen) -> No action taken.
C:\jxyfqfbrz.exe (Malware.Packer.Gen) -> No action taken.
C:\kbceormei.exe (Malware.Packer.Gen) -> No action taken.
C:\dauoojdgm.exe (Malware.Packer.Gen) -> No action taken.
C:\blospqzzk.exe (Malware.Packer.Gen) -> No action taken.
C:\wjebhuwtn.exe (Malware.Packer.Gen) -> No action taken.
C:\wkiuhhou.exe (Malware.Packer.Gen) -> No action taken.
C:\wmdfkqovg.exe (Malware.Packer.Gen) -> No action taken.
C:\zwkoluwuo.exe (Malware.Packer.Gen) -> No action taken.
C:\wqreqtbpy.exe (Malware.Packer.Gen) -> No action taken.
C:\gfvbgzngv.exe (Malware.Packer.Gen) -> No action taken.
C:\itijoajyv.exe (Malware.Packer.Gen) -> No action taken.
C:\rwtdutqlc.exe (Malware.Packer.Gen) -> No action taken.
C:\rydxiudr.exe (Malware.Packer.Gen) -> No action taken.
C:\sbotmcli.exe (Malware.Packer.Gen) -> No action taken.
C:\scyvjhnfb.exe (Malware.Packer.Gen) -> No action taken.
C:\sebsytvdu.exe (Malware.Packer.Gen) -> No action taken.
C:\ewrxnmqss.exe (Malware.Packer.Gen) -> No action taken.
C:\lizugxpv.exe (Malware.Packer.Gen) -> No action taken.
C:\lmkphttui.exe (Malware.Packer.Gen) -> No action taken.
C:\lnojkizwr.exe (Malware.Packer.Gen) -> No action taken.
C:\swziejrpe.exe (Trojan.Downloader) -> No action taken.
C:\osyufkyex.exe (Malware.Packer.Gen) -> No action taken.
C:\ouqdhejhc.exe (Malware.Packer.Gen) -> No action taken.
C:\oywtekzpz.exe (Malware.Packer.Gen) -> No action taken.
C:\xucwyiwlj.exe (Malware.Packer.Gen) -> No action taken.
C:\xvlhwxrtk.exe (Malware.Packer.Gen) -> No action taken.
C:\ahaanhtec.exe (Malware.Packer.Gen) -> No action taken.
C:\akrlsntvo.exe (Malware.Packer.Gen) -> No action taken.
C:\jcnrbweku.exe (Malware.Packer.Gen) -> No action taken.
C:\jgjkeqqm.exe (Malware.Packer.Gen) -> No action taken.
C:\cfgcswqxn.exe (Malware.Packer.Gen) -> No action taken.
C:\ciduqkcyj.exe (Malware.Packer.Gen) -> No action taken.
C:\nstyfxbsd.exe (Malware.Packer.Gen) -> No action taken.
C:\psajwisnh.exe (Malware.Packer.Gen) -> No action taken.
C:\mepltztda.exe (Malware.Packer.Gen) -> No action taken.
C:\mgebwrmd.exe (Malware.Packer.Gen) -> No action taken.
C:\kxiyaowpu.exe (Malware.Packer.Gen) -> No action taken.
C:\fukvcsxev.exe (Malware.Packer.Gen) -> No action taken.
C:\ttwwnxvvk.exe (Malware.Packer.Gen) -> No action taken.
C:\zeiqrgmlr.exe (Malware.Packer.Gen) -> No action taken.
C:\zoidomtdr.exe (Malware.Packer.Gen) -> No action taken.
C:\zojvnnsu.exe (Malware.Packer.Gen) -> No action taken.
C:\henoqaqtt.exe (Malware.Packer.Gen) -> No action taken.
C:\hmqiervez.exe (Malware.Packer.Gen) -> No action taken.
C:\nidetleqe.exe (Malware.Packer.Gen) -> No action taken.
C:\nnzgubwiq.exe (Malware.Packer.Gen) -> No action taken.
C:\qwhodbxps.exe (Malware.Packer.Gen) -> No action taken.
C:\qwmmwyrw.exe (Malware.Packer.Gen) -> No action taken.
C:\qzhjghux.exe (Malware.Packer.Gen) -> No action taken.
C:\qzijsfvsu.exe (Malware.Packer.Gen) -> No action taken.
C:\qzjzyozrd.exe (Malware.Packer.Gen) -> No action taken.
C:\woxnavnfs.exe (Malware.Packer.Gen) -> No action taken.
C:\exdrfxyym.exe (Malware.Packer.Gen) -> No action taken.
C:\ezhbqyzde.exe (Malware.Packer.Gen) -> No action taken.
C:\vnlsojxbl.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.6248 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.8348 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.8748 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.9131 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\oounfhunc.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.10216 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.10417 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.10447 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.11073 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.11591 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.11622 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.13834 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.14763 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.15484 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.15523 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\eaqwfrq (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\_qbotnti.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.16780 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.17388 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.20032 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.20607 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.2063 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.22252 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.22673 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.23377 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.23599 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.24308 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.25251 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.26043 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.26494 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27652 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27658 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27800 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27916 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.28788 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.29699 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.30829 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.16675 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.4681 (Malware.Packer.Gen) -> No action taken.


Notice how on this particular machine its named leeni4 instead of the edpwc...
Click to expand...

Leeni4 is your computer's name. It has just ass fxcked your computer, and now it wants your computer to make it a sammich.:coffee:
 
Yeah, I can't help you with that. It looks like it's replicated all over your system. I'm not a virus expert but make sure that thing is disconnected from the network while you work on it.
 
CleatMarks said:
Yeah, I can't help you with that. It looks like it's replicated all over your system. I'm not a virus expert but make sure that thing is disconnected from the network while you work on it.
Click to expand...

yea its all over our network; im trying to formulate a plan of attack; and ive got nothing yet =/
 
I hate those things with the fire of a thousands suns.
 
LVent* said:
yea its all over our network; im trying to formulate a plan of attack; and ive got nothing yet =/
Click to expand...

You could always try this: How to remove Qakbot

You could probably write a little command line batch file that would do the work for you - if you need to change names of files, just reuse it, modifying it each time.

(It's better than doing shit manually)
 
I've always wondered how many viruses were written by the anti-virus vendors, to make sure that you buy their anti-virus products.

>)
 
LVent* said:
its from the qakbot w32 worm. its creating a folder here :
C:\Documents and Settings\All Users\Application Data\Microsoft\edpwc

This week its the "edpwc" file name; this has changed now 5 times. In this folder is where I used that hex editor to pull various info. Im going to be screwing around in my registry now to find out what its been up to. This shit is retarded, I would love to torture the fool who created this seriously.

The cleaver bastard also has it set to create a scheduled task that runs every 3rd day. So it keeps coming back lol...mfer...here is an example of the amount of files it creates :

alwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3957

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

4/5/2010 4:23:41 PM
mbam-log-2010-04-05 (16-23-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 657033
Time elapsed: 1 hour(s), 36 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 162

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\syvznzxky.exe (Malware.Packer.Gen) -> No action taken.
C:\tkvadlaub.exe (Malware.Packer.Gen) -> No action taken.
C:\tlsvdsco.exe (Malware.Packer.Gen) -> No action taken.
C:\iaurqcra.exe (Malware.Packer.Gen) -> No action taken.
C:\igvojowk.exe (Malware.Packer.Gen) -> No action taken.
C:\lvaabrev.exe (Malware.Packer.Gen) -> No action taken.
C:\huscbcss.exe (Malware.Packer.Gen) -> No action taken.
C:\lpicjvfw.exe (Malware.Packer.Gen) -> No action taken.
C:\fjhhfclen.exe (Malware.Packer.Gen) -> No action taken.
C:\fluhubxbh.exe (Malware.Packer.Gen) -> No action taken.
C:\vxnfkheb.exe (Malware.Packer.Gen) -> No action taken.
C:\wbuhpynlc.exe (Malware.Packer.Gen) -> No action taken.
C:\rctvyvkj.exe (Malware.Packer.Gen) -> No action taken.
C:\rdzvqocom.exe (Malware.Packer.Gen) -> No action taken.
C:\rfmakbzfk.exe (Malware.Packer.Gen) -> No action taken.
C:\keavmdsxq.exe (Malware.Packer.Gen) -> No action taken.
C:\kemywpov.exe (Malware.Packer.Gen) -> No action taken.
C:\kglqsctfc.exe (Malware.Packer.Gen) -> No action taken.
C:\kgzgllsg.exe (Malware.Packer.Gen) -> No action taken.
C:\khmncueas.exe (Malware.Packer.Gen) -> No action taken.
C:\kkenhaqk.exe (Malware.Packer.Gen) -> No action taken.
C:\unhadguf.exe (Malware.Packer.Gen) -> No action taken.
C:\utzhtuuk.exe (Malware.Packer.Gen) -> No action taken.
C:\vabxtytl.exe (Malware.Packer.Gen) -> No action taken.
C:\vasscyfbj.exe (Malware.Packer.Gen) -> No action taken.
C:\vexnumnak.exe (Malware.Packer.Gen) -> No action taken.
C:\nzrgwahc.exe (Malware.Packer.Gen) -> No action taken.
C:\nzxowyqpb.exe (Malware.Packer.Gen) -> No action taken.
C:\oefmrjgj.exe (Malware.Packer.Gen) -> No action taken.
C:\oeljbknlw.exe (Malware.Packer.Gen) -> No action taken.
C:\oipmhcrs.exe (Malware.Packer.Gen) -> No action taken.
C:\xwxrumbd.exe (Malware.Packer.Gen) -> No action taken.
C:\emujtahfm.exe (Malware.Packer.Gen) -> No action taken.
C:\cepqkbtpk.exe (Malware.Packer.Gen) -> No action taken.
C:\wsgaxtodp.exe (Malware.Packer.Gen) -> No action taken.
C:\wzfypqnty.exe (Malware.Packer.Gen) -> No action taken.
C:\ixcesleyh.exe (Malware.Packer.Gen) -> No action taken.
C:\ixhxxfutv.exe (Malware.Packer.Gen) -> No action taken.
C:\iyiintcqs.exe (Malware.Packer.Gen) -> No action taken.
C:\yuhestrjv.exe (Malware.Packer.Gen) -> No action taken.
C:\ywtjtqcwa.exe (Malware.Packer.Gen) -> No action taken.
C:\seitsdin.exe (Malware.Packer.Gen) -> No action taken.
C:\sgezyishu.exe (Malware.Packer.Gen) -> No action taken.
C:\shzanwwd.exe (Malware.Packer.Gen) -> No action taken.
C:\sjqlsmdiv.exe (Malware.Packer.Gen) -> No action taken.
C:\muyxhjwgt.exe (Malware.Packer.Gen) -> No action taken.
C:\najeopvui.exe (Malware.Packer.Gen) -> No action taken.
C:\nankftvly.exe (Malware.Packer.Gen) -> No action taken.
C:\nedktjudk.exe (Malware.Packer.Gen) -> No action taken.
C:\kykqtbpmb.exe (Malware.Packer.Gen) -> No action taken.
C:\kypevawj.exe (Malware.Packer.Gen) -> No action taken.
C:\lcvbjohi.exe (Malware.Packer.Gen) -> No action taken.
C:\oklhiyatl.exe (Malware.Packer.Gen) -> No action taken.
C:\onpkkrtyy.exe (Malware.Packer.Gen) -> No action taken.
C:\opqzatkq.exe (Malware.Packer.Gen) -> No action taken.
C:\pxyaaqef.exe (Malware.Packer.Gen) -> No action taken.
C:\qhsnyzaf.exe (Malware.Packer.Gen) -> No action taken.
C:\tyaifynh.exe (Malware.Packer.Gen) -> No action taken.
C:\uegqevyco.exe (Malware.Packer.Gen) -> No action taken.
C:\uhowockp.exe (Malware.Packer.Gen) -> No action taken.
C:\mloxntzap.exe (Malware.Packer.Gen) -> No action taken.
C:\mnrwlfso.exe (Malware.Packer.Gen) -> No action taken.
C:\mpnafgucc.exe (Malware.Packer.Gen) -> No action taken.
C:\ykwtlrxyz.exe (Malware.Packer.Gen) -> No action taken.
C:\yqmmorirk.exe (Malware.Packer.Gen) -> No action taken.
C:\ytrdvygi.exe (Malware.Packer.Gen) -> No action taken.
C:\xcjqdkshr.exe (Malware.Packer.Gen) -> No action taken.
C:\jrvwgaie.exe (Malware.Packer.Gen) -> No action taken.
C:\jxyfqfbrz.exe (Malware.Packer.Gen) -> No action taken.
C:\kbceormei.exe (Malware.Packer.Gen) -> No action taken.
C:\dauoojdgm.exe (Malware.Packer.Gen) -> No action taken.
C:\blospqzzk.exe (Malware.Packer.Gen) -> No action taken.
C:\wjebhuwtn.exe (Malware.Packer.Gen) -> No action taken.
C:\wkiuhhou.exe (Malware.Packer.Gen) -> No action taken.
C:\wmdfkqovg.exe (Malware.Packer.Gen) -> No action taken.
C:\zwkoluwuo.exe (Malware.Packer.Gen) -> No action taken.
C:\wqreqtbpy.exe (Malware.Packer.Gen) -> No action taken.
C:\gfvbgzngv.exe (Malware.Packer.Gen) -> No action taken.
C:\itijoajyv.exe (Malware.Packer.Gen) -> No action taken.
C:\rwtdutqlc.exe (Malware.Packer.Gen) -> No action taken.
C:\rydxiudr.exe (Malware.Packer.Gen) -> No action taken.
C:\sbotmcli.exe (Malware.Packer.Gen) -> No action taken.
C:\scyvjhnfb.exe (Malware.Packer.Gen) -> No action taken.
C:\sebsytvdu.exe (Malware.Packer.Gen) -> No action taken.
C:\ewrxnmqss.exe (Malware.Packer.Gen) -> No action taken.
C:\lizugxpv.exe (Malware.Packer.Gen) -> No action taken.
C:\lmkphttui.exe (Malware.Packer.Gen) -> No action taken.
C:\lnojkizwr.exe (Malware.Packer.Gen) -> No action taken.
C:\swziejrpe.exe (Trojan.Downloader) -> No action taken.
C:\osyufkyex.exe (Malware.Packer.Gen) -> No action taken.
C:\ouqdhejhc.exe (Malware.Packer.Gen) -> No action taken.
C:\oywtekzpz.exe (Malware.Packer.Gen) -> No action taken.
C:\xucwyiwlj.exe (Malware.Packer.Gen) -> No action taken.
C:\xvlhwxrtk.exe (Malware.Packer.Gen) -> No action taken.
C:\ahaanhtec.exe (Malware.Packer.Gen) -> No action taken.
C:\akrlsntvo.exe (Malware.Packer.Gen) -> No action taken.
C:\jcnrbweku.exe (Malware.Packer.Gen) -> No action taken.
C:\jgjkeqqm.exe (Malware.Packer.Gen) -> No action taken.
C:\cfgcswqxn.exe (Malware.Packer.Gen) -> No action taken.
C:\ciduqkcyj.exe (Malware.Packer.Gen) -> No action taken.
C:\nstyfxbsd.exe (Malware.Packer.Gen) -> No action taken.
C:\psajwisnh.exe (Malware.Packer.Gen) -> No action taken.
C:\mepltztda.exe (Malware.Packer.Gen) -> No action taken.
C:\mgebwrmd.exe (Malware.Packer.Gen) -> No action taken.
C:\kxiyaowpu.exe (Malware.Packer.Gen) -> No action taken.
C:\fukvcsxev.exe (Malware.Packer.Gen) -> No action taken.
C:\ttwwnxvvk.exe (Malware.Packer.Gen) -> No action taken.
C:\zeiqrgmlr.exe (Malware.Packer.Gen) -> No action taken.
C:\zoidomtdr.exe (Malware.Packer.Gen) -> No action taken.
C:\zojvnnsu.exe (Malware.Packer.Gen) -> No action taken.
C:\henoqaqtt.exe (Malware.Packer.Gen) -> No action taken.
C:\hmqiervez.exe (Malware.Packer.Gen) -> No action taken.
C:\nidetleqe.exe (Malware.Packer.Gen) -> No action taken.
C:\nnzgubwiq.exe (Malware.Packer.Gen) -> No action taken.
C:\qwhodbxps.exe (Malware.Packer.Gen) -> No action taken.
C:\qwmmwyrw.exe (Malware.Packer.Gen) -> No action taken.
C:\qzhjghux.exe (Malware.Packer.Gen) -> No action taken.
C:\qzijsfvsu.exe (Malware.Packer.Gen) -> No action taken.
C:\qzjzyozrd.exe (Malware.Packer.Gen) -> No action taken.
C:\woxnavnfs.exe (Malware.Packer.Gen) -> No action taken.
C:\exdrfxyym.exe (Malware.Packer.Gen) -> No action taken.
C:\ezhbqyzde.exe (Malware.Packer.Gen) -> No action taken.
C:\vnlsojxbl.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.6248 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.8348 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.8748 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.9131 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\oounfhunc.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.10216 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.10417 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.10447 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.11073 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.11591 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.11622 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.13834 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.14763 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.15484 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.15523 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\eaqwfrq (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\_qbotnti.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.16780 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.17388 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.20032 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.20607 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.2063 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.22252 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.22673 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.23377 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.23599 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.24308 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.25251 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.26043 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.26494 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27652 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27658 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27800 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.27916 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.28788 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.29699 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.30829 (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.16675 (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\leeni4\q1.4681 (Malware.Packer.Gen) -> No action taken.


Notice how on this particular machine its named leeni4 instead of the edpwc...
Click to expand...


I'm no expert, but i think it's broken:coffee:
 
dchester said:
I've always wondered how many viruses were written by the anti-virus vendors, to make sure that you buy their anti-virus products.

>)
Click to expand...

You aint lying man, I'm sure ill still be bitching about this at the DP
Posted via Mobile Device
 
You must log in or register to reply here.
Back
Top