need file paths for popular trojans/spyware...

[oROEchimaru]

anyone know a good database or "top 100" type website for common infected (not legit) files, and /or the registery entries they add?

for example:
winpc
c:\WINDOWS\ieocx.dll

i have found many databases... that either are unorganized, to big (good and evil files, or go back to 1999)..

i need something simple and has an up to date list... any ideas?

i am making a script for work...


i wish their was a "avenger" and "hijackthis" collection website

 

[oROEchimaru]

other examples:

Files to delete:
C:\WINDOWS\system32\jzoiszad.dllbox
C:\Documents and Settings\All Users\Application Data\TEMP
C:\WINDOWS\system32\ansjdsqv.ini
C:\WINDOWS\system32\juhmrlgf.ini
C:\Program Files\tmp11251218.exe

C:\Program Files\tmp11239515.exe
C:\Program Files\11053328.exe
C:\Program Files\11067703.exe
C:\WINDOWS\system32\wvuspmn.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1613FC40-73BD-43E3-3CAB-54FBBC3227B1}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6e60e56e-4f29-4448-b76c-38947546a4df}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94D4C983-7FF6-4626-AB3A-56F0587F94A4}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B02C0C3D-752C-4905-82E2-E2EED48F06A1

 

[Cmustang87]

There is a good site that I use sometimes if I'm unsure about some things that I'm removing.

HiJackThis Automated

Is this something you're looking for? You just copy and paste your logfile in there.

 

[Grentz]

There are WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY too many out there.

What exactly are you looking for? To check all the paths by hand would be almost impossible.

 

[oROEchimaru]

understood...

just like top 20 problems that i would maintain...


since i work at a helpdesk we see alot of:
av2009 and av360 and av2010 etc...

those ones i got lists for and are pretty easy.

would like to just maintain a list of popular toolbars/fake trojan crap i see on the helpdesk.

then run this simple script/bat file first... and see if it helps so we can use more advance tools.

ps the hijack site is great! i can use this to isolate common issues

 

[BinarySynapse]

Why do the work that is done by hundreds of developers every day?. Install good AV and spyware software and you won't have to worry about anything. These will have the most up to date list of threats available. Hunting them down your self takes too much work for practically zero benefit. Even then, you will never have the most up to date information.

 

[oROEchimaru]

....

alot of tools are often blocked by av2009, av360 and other popular scareware/trojans...

as a remote helpdesk tech... you only have so much time to troubleshoot and lose alot of control if in safemode (cannot vnc)

if you use "Avenger" you can create a script that will delete reg/files etc upon startup. its very useful for viruses that cannot be removed if running in memory.

and its 100 times faster than a full spybot scan or malwarebytes.

 

[oROEchimaru]

please only post if you have any ideas..

thanks for staying on topic!