Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > General Computer Security
Reload this Page some kind of loader, I think
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


General Computer Security Get Help With System Security - This forum is not for malware removal assistance. For malware removal assistance, read the sticky topic at the top of the Virus/Trojan/Spyware Help forum, or the "First Steps" link at the top right of each page.

Reply
 
LinkBack Thread Tools
Old 04-23-2007, 03:46 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 1
OS: XP


some kind of loader, I think
Hello
Trying to help a friend that had his site hacked. Not sure how they got in, but they were able to modify the index.html page of the site and add a one pixel iframe that was all encode javascript. Unencoded, the url for the iframe looks like http://remove.81.95.146.98/index.html (I put remove in so the someone would not go there accidentally)

I posted the url to http://www.nz-honeynet.org and the results are below. Anyone have any idea what this is?

Thanks


>>> The URL you have submitted to us seems to be malicious. <<<
process: created C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
file: Write C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
registry: SetValueKey C:\sysesbn.exe -> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xxy_Shell
registry: SetValueKey C:\sysesbn.exe -> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\xxy_id
registry: SetValueKey C:\sysesbn.exe -> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\xxy_options
registry: SetValueKey C:\sysesbn.exe -> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\xxy_version
file: Write C:\sysesbn.exe -> C:\Documents and Settings\Administrator\xxy_ejkf.exe
file: Write C:\sysesbn.exe -> C:\Documents and Settings\Administrator\xxy_ejkf.exe
file: Write C:\sysesbn.exe -> C:\Documents and Settings\Administrator\xxy_ejkf.exe
process: terminated C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\sysesbn.exe
registry: SetValueKey C:\WINDOWS\explorer.exe -> HKU\S-1-5-21-2000478354-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
registry: SetValueKey C:\WINDOWS\explorer.exe -> HKU\S-1-5-21-2000478354-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
registry: DeleteValueKey C:\WINDOWS\explorer.exe -> HKU\S-1-5-21-2000478354-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
registry: DeleteValueKey C:\WINDOWS\explorer.exe -> HKU\S-1-5-21-2000478354-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
registry: DeleteValueKey C:\WINDOWS\explorer.exe -> HKU\S-1-5-21-2000478354-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
registry: SetValueKey C:\WINDOWS\explorer.exe -> HKLM\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable
registry: SetValueKey C:\WINDOWS\explorer.exe -> HKU\S-1-5-21-2000478354-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
registry: SetValueKey C:\WINDOWS\explorer.exe -> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\xxy_crc
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
file: Write C:\WINDOWS\explorer.exe -> C:\Documents and Settings\cseifert\xxy_tempopt.bin
mhughes is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:59 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85