http://blog.misec.net/2007/08/21/latest-zhelatin-emails/ The latest in security - from the developers of TrojanHunter Thu, 25 Feb 2010 21:20:44 +0000 http://wordpress.com/ hourly 1 http://blog.misec.net/2007/08/21/latest-zhelatin-emails/#comment-265 Beware! Virii Alert! at Delusions of Grandeur Wed, 05 Sep 2007 17:25:14 +0000 http://blog.misec.net/2007/08/21/latest-zhelatin-emails/#comment-265 [...] picked up on it right away once I was able to get the box up enough to run, however both Mischel internet Security and PC HELL have ways posted online to correct the issue. Please be careful when dealing with this [...] [...] picked up on it right away once I was able to get the box up enough to run, however both Mischel internet Security and PC HELL have ways posted online to correct the issue. Please be careful when dealing with this [...]

]]> http://blog.misec.net/2007/08/21/latest-zhelatin-emails/#comment-132 packed Fri, 24 Aug 2007 06:58:59 +0000 http://blog.misec.net/2007/08/21/latest-zhelatin-emails/#comment-132 tcpip.sys are getting patched using undocumented API in sfc_os.dll tcpip.sys are getting patched using undocumented API in sfc_os.dll

]]> http://blog.misec.net/2007/08/21/latest-zhelatin-emails/#comment-99 P Flaggenan Wed, 22 Aug 2007 05:33:09 +0000 http://blog.misec.net/2007/08/21/latest-zhelatin-emails/#comment-99 Thanks for the quick addressing of the issue. Thanks for the quick addressing of the issue.

]]> http://blog.misec.net/2007/08/21/latest-zhelatin-emails/#comment-93 redwolfe_98 Tue, 21 Aug 2007 23:24:38 +0000 http://blog.misec.net/2007/08/21/latest-zhelatin-emails/#comment-93 i think i have seen the same variant.. i submitted the file to pctool's "threat expert" and their report said that the malware modified "kbdclass.sys".. if that is the case, then i guess you would need to restore that file rather than the "tcpip.sys" file.. i have seem other variants that, according to pctool's "threat expert", modified the "cdrom.sys" driver.. i think i have seen the same variant.. i submitted the file to pctool’s “threat expert” and their report said that the malware modified “kbdclass.sys”.. if that is the case, then i guess you would need to restore that file rather than the “tcpip.sys” file.. i have seem other variants that, according to pctool’s “threat expert”, modified the “cdrom.sys” driver..

]]>