Monthly Archives: February 2010

MSN/Windows Live and/or Yahoo IM Malware

Today I was confronted with malware and here are my results: Registry:HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\conime.exe\wcoredk.exeHKLM\Software\Microsoft\Windows\CurrentVersion\Run\conime.exe C:\windows\system32\wcoredk.exeC:\windows\prefetch\WCOREDK.EXE-3A9E970E.pf netstat –aon -> showed the 203.228.244.187:32132 as destination While it runs, wcoredk.exe ‘kills’ Sysinternals Tcpview/Nirsoft CurrPorts and Sysinternals Process Explorer. –> Finally, ANVIR helped … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment