Trojan Infection Again...

since yesterday, there were troubles logging into streamyx network. just when the connection got better, as i first got logged into the network.. i was attacked again. jinx... i didn't attempt any hanky-panky site ...

the symptom: mouse movement suffered problems. It was like there is another controller controlling the mouse. as i was figuring what happened... i noticed there is a file avi.dat on my C drive. I knew some trojan drop again. I am not sure what it contains.. but looks like it is trying to con you to run it because .dat file is supposed to be movie file. However, miraculously, the registry already got injected with multiple entries as follows:

1. pctspk.exe - PCTVoice
2. sapstr.exe - TForm1
3. dtours.exe - bnui
4. zxc.exe - bingo9



I tried to search for these files in the actual drive but search returned negative. If you investigate from msconfig.exe, you can confirm that there is no actual file for each entry.



Ok, so what was happening? I quickly deleted the .dat file and reboot laptop.. then everything seems normal. Thus, I figure the following explanation for this.

1. Trojan dropper dropped a client to my laptop - avi.dat
2. Third party executed script on my laptop to insert entries to my laptop.
3. These entries were meant as pre-requisite before it bring in the actual file. (zxc.exe) Those to be transferred file will act as scapegoat for the actual client which is avi.dat, becoz we would be busy deleting them via safe-mode and whatsoever while oversee the real culprit; avi.dat, giving it more time to come up with more haywire. Probably becoz the internet connection was so bad that it couldn't finish the job. Probably streamyx server was infected by these malicious codes so much that it created problems.

Comments