"Important Warning to EVERYBODY! [forum post: 1175441]
I recently had somebody I dont know (not naming names yet) on AIM send me what appeared to be a "LFS KeyGen".
DONT RUN IT! Its some little homemade trojan that NAV with latest virri defs does NOT pick up!
Here is some more technical mumbo jumbo I have found:
LFSKeyGen.zip contained the following files:
LiveForSpeed.exe -7,680 bytes
vmpatch.dll -15,872 bytes
Both UPX packed executables
Appears to do the following:
liveforspeed.exe is run and an error pops up saying this:
"VB32RT9x.dll' or one of its dependencies not correctly registered a file is missing or invalid"
In the background it takes vmpatch.dll, and copies it to the windows\system32 folder as IEAutoUpdate.exe
Creates registry entry to run the file every time windows is launched:
Upon examination of the IEAutoUpdate.exe, I found a few strings:
"explorer.zapto.org"
"hiya there oop "
"mess relhkey ÚþrehlkeyÜ%sÛ Key Software\Valve\Half-Life\Settings hlkey closeclient"
Also some various windows password commands
I believe it is a trojan that steals Halflife keys, and windows password lists!
Anybody know how to submit newly found virri to Symantec, etc. ?"