944,189 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > I need help!!!!
Ad:
Permalink
Oct 28th, 2009
0

I need help!!!!

Expand Post »
Please, help me!! I need take information about a virus Trojan.Win32.Cosmu.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Alex91 is offline Offline
3 posts
since Oct 2009
Permalink
Oct 28th, 2009
0
Re: I need help!!!!
Does anybody know smth about it??? Wright me here please!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Alex91 is offline Offline
3 posts
since Oct 2009
Permalink
Oct 28th, 2009
0
Re: I need help!!!!
Click to Expand / Collapse  Quote originally posted by Alex91 ...
Does anybody know smth about it??? Wright me here please!
Google it - see what the AV sites have to say about it.

Are you infected with it? If so, let us know and we can advise you further.

PP
Moderator
Reputation Points: 169
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,576 posts
since Dec 2006
Permalink
Oct 28th, 2009
0
Re: I need help!!!!
No, I must do my work. It is a home-task)) Google cant help me. I find there only tables with the viruses((
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Alex91 is offline Offline
3 posts
since Oct 2009
Permalink
Oct 28th, 2009
0
Re: I need help!!!!
Click to Expand / Collapse  Quote originally posted by Alex91 ...
No, I must do my work. It is a home-task)
I do not know what that means.

If you need a sample of that particular malware, I can't help you.

Quote originally posted by SOPHOS ...
Troj/Cosmu-A is a Trojan for the Windows platform.

Troj/Cosmu-A communicates via HTTP with the following locations:

kaderap . com


When Troj/Cosmu-A is installed the following files are created:

<User>\Local Settings\Application Data\Microsoft\mqtgsvc.exe
<System>\drivers\cisvc.exe
<System>\drivers\cmstp.exe
<Temp>\cisvc.exe

The following registry entries are created to run cisvc.exe and cmstp.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
CmSTP
<System>\drivers\cmstp.exe /waitservice

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Cisvc
<Temp>\cisvc.exe /waitservice

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
<System>\drivers\cisvc.exe

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
MqtgSVC
<Root>\DOCUME~1\support\LOCALS~1\APPLIC~1\MICROS~1\mqtgsvc.exe /waitservice
Moderator
Reputation Points: 169
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,576 posts
since Dec 2006

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Malware -hacked by blaze 2008
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Virus where control panel won't open





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC