Trojan Undetected

>of course i dont use a real email address.
> this trojan was downloaded automatically from a web site (i use opera
> but opera is blameless).the web site i visited was a warez site and it first downloaded a 7k downloader trojan call small.download.h which AVG identified straight away. i turned off AVG and ran this 7k trojan to see what it would do.
it contacted a download site (casino stuff etc) and downloaded its big
brother called rem2c4.exe which connected to the same web site.
i didnt analayse the packets to see what it was sending.
funny thing is it rem2c4.exe wont run now. maybe it only runs at
certain times of the day.
AVG, ad-aware, spybot and EZ-AV were unable to identify it as harmful.
ill post it off as you recommend.

You can "NEVER" trust a warez website nor any website or newsgroup
which hackers list on Usenet since most are owned by malicious
hackers. The malicious hackers post in Security, Anti-Virus and
Hackers Newsgroups, Egroups and Message Boards along with Telnet IP
listings; to name a few. I exposed someone hackers website listing
where the hacker wanted to learn from and the files had four
Backdoors. Beware all if you want to learn how to hack. No AVG,
ad-aware or
spybot can protect you and PLEASE learn this.


Leythos wrote:

> In article <c10ii7$ppq$>,
> says...
> > It doesn't matter what you do. AdAware and Spybot
> > know all about the droppers .. and they do nothing.
> > Don't believe me? Go get Bargain Buddy and see if
> > AdAware or Spybot can remove it ... same exact
> > thing. Those programs are only removing part of the
> > problem .. so your system will be constantly reinfected.
>
> With Spybot Search and Destroy being a free application, you can't
> really complain about it.
>
> I find that SBS&D removes about 99.9% of the things home users get hit
> with. The rest of it is stuff they installed while not understanding
> what they were doing.
>
> If you know something about a "dropper" and are just here complaining,
> then how about a different track - post a note the the developer of
> SBS&D on his site and tell him about it. I'm sure that he will add it to
> the collection of almost 13,000 things SBS&D does handle.
>
> --
> --
>
> (Remove 999 to reply to me)

They sure as hell don't remove the Redwood Broker do they? I've only
found
five Google posts pertaining to the "Elite" hackers using the Redwood
Broker.

Visit my website at http://www.geocities.com/hacking_internet_secrets

Don't forget them VPNs, canceled Cable and DSL accounts with perpaid
phone
time.


Colonel Flagg wrote:

> In article <>, sam1967
> @hetnet.nl says...
> > On Wed, 18 Feb 2004 16:13:10 GMT, Laura Fredericks
> > <> wrote:
> >
> > >-----BEGIN PGP SIGNED MESSAGE-----
> > >Hash: SHA1
> > >
> > >On Wed, 18 Feb 2004 12:55:37 +0000,
> > >"" <> wrote in post:
> > >>i turned off AVG and ran this 7k trojan to see what
> > >>it would do.
> > >
> > >Idiot.
> > >
> > Thanks Laura. Keep your informed posts coming.
> > Ever considered that some people are not as afraid of virii/trojans as
> > others and have enough analaysis tools to handle them and run them if
> > they are curious enough.
> >
> >
> >
>
> anyone that needs to ask "where to send it to" is by no means someone
> capable of doing proper analysis.
>
> --
> John Holstein,
> http://www.cotse.net
> A very unique privacy service, no other service
> compares. E-mail, Usenet, Anon Proxies, Web Hosting,
> and more. No one gives you more control over your
> e-mail than we do!
> http://www.cotse.net/servicedetails.html
>
> New Online Store:
> www.cotse.com/store

Why is that dude, this babe still needs help and I wrote a book about
Computers, the Internet and Hackers. Sorry you lead a boring life and
get
yourself a hobby.

Tracker

onepercentertracker

(onepercentertracker) wrote in
news: om:

> You can "NEVER" trust a warez website nor any website or newsgroup
> which hackers list on Usenet since most are owned by malicious
> hackers.

DUH!!!!!!!!!!!!!!

donutbandit

On 23 Feb 2004 08:58:43 GMT, donutbandit <> wrote:

> (onepercentertracker) wrote in
>news:. com:
>
>> You can "NEVER" trust a warez website nor any website or newsgroup
>> which hackers list on Usenet since most are owned by malicious
>> hackers.
>
>DUH!!!!!!!!!!!!!!

ah those mystical malicious hackers. They think of nothing
but penetrating debbie.
--
Jim Watt http://www.gibnet.com

Jim Watt

"onepercentertracker" <> wrote in message
news: om...
>
> You can "NEVER" trust a warez website nor any website or newsgroup
> which hackers list on Usenet since most are owned by malicious
> hackers. The malicious hackers post in Security, Anti-Virus and
> Hackers Newsgroups, Egroups and Message Boards along with Telnet IP
> listings; to name a few. I exposed someone hackers website listing
> where the hacker wanted to learn from and the files had four
> Backdoors. Beware all if you want to learn how to hack. No AVG,
> ad-aware or
> spybot can protect you and PLEASE learn this.

## lets take a closer look shall we tracker.
YOU post in secuirty, Av and hacker newsgroups.
YOU post on "egroups" and message boards
YOU post logs, IP's and proxy listings
YOU keep getting owned
YOU keep getting viruses

So by YOUR OWN post, YOU are a non trustworthy malicious person.


> They sure as hell don't remove the Redwood Broker do they? I've only
> found
> five Google posts pertaining to the "Elite" hackers using the Redwood
> Broker.
>

## Funny i found 442 with the initial search, narrowed down to 222. Not very
good with computers are you tracker. infact one result is a post by you
where you
state : "The Redwood Broker Backdoor is not a virus or Trojan Horse, this is
a Backdoor "
So how do you expect AntiAd software to remove a "backdoor". Clearly you
dont
even know what the redwood broker is. As for "not much" information on it,
yuh maybe
its **** and no one uses it.


>
> Why is that dude, this babe still needs help and I wrote a book about
> Computers, the Internet and Hackers. Sorry you lead a boring life and
> get
> yourself a hobby.
>
> Tracker

Youre gunna need more that my little hombre


--
Mimic

ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
"Without knowledge you have fear. With fear you create your own nightmares."
"Alzheimer's, cheaper than rohypnol"
"There are 10 types of people in the world. Those that understand Binary,
and those that dont."
"He who controls Google, controls the world".

Mimic

In article <>,
says...
> Why is that dude, this babe still needs help and I wrote a book about
> Computers, the Internet and Hackers. Sorry you lead a boring life and
> get yourself a hobby.
>
> Tracker

Kind of funny "I wrote a book about..." that never got published and
never will get published.

Just so you know Tracker, many of us have published articles in quite a
few trade mags and popular mags too.

The only thing you've come close to being published in is the list of
Prozac abusers by the products vendor. From your postings, and from your
examples of lame content it would appear as though "you lead a boring
life" and you need to "get yourself a hobby".

I can't think of one post by anyone that has ever said you were able to
HELP them, not one in the two years I've seen you post!

--
--

(Remove 999 to reply to me)

Leythos

* Jim Watt <_way>:
> On 23 Feb 2004 08:58:43 GMT, donutbandit <> wrote:
>
>> (onepercentertracker) wrote in
>>news: .com:
>>
>>> You can "NEVER" trust a warez website nor any website or newsgroup
>>> which hackers list on Usenet since most are owned by malicious
>>> hackers.
>>
>>DUH!!!!!!!!!!!!!!
>
> ah those mystical malicious hackers. They think of nothing
> but penetrating debbie.
> --
> Jim Watt http://www.gibnet.com

Now there is a picture I just did not ever need in my head. aaahhh the
horror of it all.

Jason

Jason