Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Recently emerging trojan ntos.exe

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sat Nov 18, 2006 7:29 am    Post subject: Recently emerging trojan ntos.exe Reply with quote

Security heads up on a recently emerging trojan ntos.exe

Ok folks i have been seeing this file appear since the October 25/10/06 but judging by the research paper linked it has been with us for a little while now but is being seen with more frequency recently.A big thanks and debt of respect to Secure Science corps and Michael Ligh for their indebt analysis of this emerging trojan threat.
http://www.securescience.net/securescienceblog/malwarecasestudy.html


Because of the nature of this trojans operation i feel it needs to get some publicity since at the moment not many vendors are not up with it(as with the Gromozon trojan) & google search dose not reveal too much information.

I have seen the trojan imported as a stand alone infection and also as part of a massive CWS/infection in the past weeks.

FAO HJT log experts,one of the following 2 entries will signify the presents of this trojan.Its removal is not difficult,kill the principal executable(Ntos.exe) and the infection/effects are neutered.

O4 - HKLM\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
or
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\Userinit.exe,D:\WINDOWS\system32\ntos.exe

The bad news is as with Morphine z-lob this trojan is now being repacked as regular as clockwork(names,file size etc) to evade detections & cleaning routines but yet still retaining its thoroughly unpleasent operative capabilities listed in the PDF research paper.

1st ntos.exe sample uploaded to MIRT site
http://www.castlecops.com/t171215-barclay_ntos_exe.html
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group