Backdoor

  • Thread starter Thread starter Shonk
  • Start date Start date
S

Shonk

ive been useing kaspersky for about 3 years
but ater a reinstall a few weeks ago i hadnt got around to reinstaling it
yet

anyway the last few days ive been suspecting problems
so reinstaled kav tonite

blam it found a backdoor straight away

on trying to look into what it does exactly
i couldnt realy find much info so set about trying to find out what other
av vendors call it

and ran the file through

http://www.virustotal.com/flash/index_en.html

here where my results

http://www.shonk.org/Virus.html

its the craziest thing ive ever seen

only kaspersky detects it


does anyone have any info on this thing?

cheers
 
From: "Shonk" <[email protected]>

| ive been useing kaspersky for about 3 years
| but ater a reinstall a few weeks ago i hadnt got around to reinstaling it
| yet
|
| anyway the last few days ive been suspecting problems
| so reinstaled kav tonite
|
| blam it found a backdoor straight away
|
| on trying to look into what it does exactly
| i couldnt realy find much info so set about trying to find out what other
| av vendors call it
|
| and ran the file through
|
| http://www.virustotal.com/flash/index_en.html
|
| here where my results
|
| http://www.shonk.org/Virus.html
|
| its the craziest thing ive ever seen
|
| only kaspersky detects it
|
| does anyone have any info on this thing?
|
| cheers
|

Just ptroves the quality of Kaspersky :-)

Backdoor.Win32.Delf.ahv --
http://www.viruslist.com/en/viruses/encyclopedia?virusid=96988

No information on this but it has been around since 10/18/05 and there are many variations
to the Backdoor.Win32.Delf.

If you still have the infector, could you please submit it to the various AV vendors. The
following web page has the email addresses and submission information for various AV
vendors. It is always best if sending via email to send it in a password protected ZIP file
with the password being; infected { pwd = infected }
http://www.ik-cs.com/suspicious-files.htm
 
it seems its a new variant

Backdoor.Win32.Delf.akv

is what kaspersky is calling it since i submited it

this thing has been on my pc for a fair few days

im gutted ive been on the net for nearly 11 years and this is my first
infection
 
they havnt released an update for the variant yet
will be about 10 mins away
but kaspersky removed it fine before anyway
 
i havnt got a ****ing clue

it realy is a mystery to me

i know its been on for a few days as explorers been refusing to close on
shutdown but have been to tired after getting home from work to check it out
properly
i went all through the registry but couldnt see anything
did a spybot scan
but didnt think to reinstall kaspersky until tonite
 
oh also since ive disinfected ive had loads of probes on
helkern and lovesan ports

lovesan mainly
 
i havnt got a ****ing clue

it realy is a mystery to me
Click to expand...

Realtime av isn't necessary once you do get a clue. Maybe you ran
without a firewall or external router? Maybe you don't know how to
use IE safely? Maybe you don't use a alternate browser? Maybe
you or someone else using the PC ran some email attackment? Maybe
you didn't install all security patches for your OS and for IE/OE?

You can't just install Windows and expect to go on the internet
without taking hits. You must have a firewall blocking incoming.

Art

http://home.epix.net/~artnpeg
 
i dont use ie i use firefox
this is my first backdoor in 11 years
not bad going !!
os is soo upto date its unbelieveable

it was just a stupid mistake i made
and its a very silent program
no extra exe's on taskmanager
just a dll run by explorer that you dont see

you live and learn

oh and im firewalled with a cisco pix 535

ive been on the net since the dawn of time hehe
 
ive been useing kaspersky for about 3 years
but ater a reinstall a few weeks ago i hadnt got around to reinstaling it
yet

anyway the last few days ive been suspecting problems
so reinstaled kav tonite

blam it found a backdoor straight away

on trying to look into what it does exactly
i couldnt realy find much info so set about trying to find out what other
av vendors call it

and ran the file through

http://www.virustotal.com/flash/index_en.html

here where my results

http://www.shonk.org/Virus.html

its the craziest thing ive ever seen

only kaspersky detects it


does anyone have any info on this thing?

cheers
Click to expand...

See also my message below on Program Integrity.

Authors MUST start to make safety rutins that check and make alarm when
things are malfunctioning.

Morgan O.
 
Back
Top