FWIW Windefender2009

  • Thread starter Thread starter Shadow
  • Start date Start date
S

Shadow

Drops a file called "hhsa.dll" in the system32 folder, every third
time you open a folder you get messages about girls doing things with
horses and the need of downloading more software.

Makes a key called
{EC39F8C6-50FA-4703-9A61-619A859C5A5C}
in registry too

And tries to connect to :

webfreescan.cn and windefender2009.cn

Bout time the anti-virus cos did something about it. Neither f-prot,
avast or clamav detect it. I wasted 4 hours b4 I managed to get rid of
the bl^%*&%&^%dt thing
[]'s
 
Drops a file called "hhsa.dll" in the system32 folder, every third
time you open a folder you get messages about girls doing things with
horses and the need of downloading more software.

Makes a key called
{EC39F8C6-50FA-4703-9A61-619A859C5A5C}
in registry too

And tries to connect to :

webfreescan.cn and windefender2009.cn

Bout time the anti-virus cos did something about it. Neither f-prot,
avast or clamav detect it. I wasted 4 hours b4 I managed to get rid of
the bl^%*&%&^%dt thing
[]'s
Click to expand...

Hello Shadow:

You are to be genuinely congratulated for your work. This malware seems
to have only been discovered on Sunday and probably hasn't made the full
rounds of the antimalware folks.

If you still have the hhsa.dll file quarantined, I'm sure many
antimalware folks would like to get a look at it. It might also be
helpful if we new the approximate, or exact, contamination vector.

Again - Well done indeed.

Pete
 
If you still have the hhsa.dll file quarantined, I'm sure many
antimalware folks would like to get a look at it.
Click to expand...
OK, done, sent to ad-aware and spybot. I believe I got it
though some java-script enabled site.
It might also be
helpful if we new the approximate, or exact, contamination vector.
Click to expand...
Wasn't porn, I was recently given 18 porn dvds to browse, no
point in dl from the net .
:P
I was looking for an old version of software. Some Asian site,
probably. Those with the un-readable chars and valid links.
 
OK, done, sent to ad-aware and spybot. I believe I got it
though some java-script enabled site.
Click to expand...

Another excellent site to have file analyzed is at:

It might also be
Wasn't porn, I was recently given 18 porn dvds to browse, no
point in dl from the net .
:P
I was looking for an old version of software. Some Asian site,
probably. Those with the un-readable chars and valid links.
Click to expand...

Best wishes to you.
 
Back
Top