 Recently Appearing Trojan Ntos.exe, Your R&D needs to look into this one ;) |
  Nov 18 2006, 04:24 PM
Post
#1
|
|
 Member  Group: Members Posts: 24 Joined: 23-April 06 Member No.: 461  |
24 April 2007 IMPORTANT NOTE:
This information was posted November of 2006 about a (then) new emerging threat. The 3rd party solutions implied therein may not work properly on recent variants. Because newer variants may have emerged since, and old variants now removed by appropriated Security Software, I am closing this topic because it is now OUT OF DATE information . Should anyone have similar issues and need help with removal, please run a full system scan with an updated version of Ad-Aware and post your scan log for review into a NEW TOPIC. Thank you! CalamityJane Security heads up,new emerging trojan ntos.exe Ok folks i have been seeing this file appear since the October 25/10/06 but judging by the research paper linked it has been with us for a little while now but is being seen with more frequency recently.A big thanks and debt of respect to Secure Science corps and Michael Ligh for their indebt analysis of this emerging trojan threat. http://www.securescience.net/securescience...ecasestudy.html Because of the nature of this trojans operation i feel it needs to get some publicity since at the moment not many vendors are not up with it(as with the Gromozon trojan) & google search dose not reveal too much information. I have seen the trojan imported as a stand alone infection and also as part of a massive CWS/infection in the past weeks. FAO HJT log experts,one of the following 2 entries will signify the presents of this trojan.Its removal is not difficult,kill the principal executable(Ntos.exe) and the infection/effects are neutered. O4 - HKLM\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe or F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\Userinit.exe,D:\WINDOWS\system32\ntos.exe The bad news is as with Morphine z-lob this trojan is now being repacked as regular as clockwork(names,file size etc) to evade detections & cleaning routines but yet still retaining its thoroughly unpleasent operative capabilities listed in the PDF research paper. 1st ntos.exe sample uploaded to MIRT site http://www.castlecops.com/t171215-barclay_ntos_exe.html -------------------- |
 |
 
|
Posts in this topic
fatdcuk Recently Appearing Trojan Ntos.exe Nov 18 2006, 04:24 PM
fatdcuk ...continued.
2nd ntos.exe sample uploaded to MIR... Nov 18 2006, 04:25 PM
woodensword Ok,
I read the Secure Science corps paper regardi... Apr 15 2007, 05:58 PM RekaTech admin OK, hopefully this will help someone. I have just ... Apr 15 2007, 08:38 PM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 3rd September 2010 - 09:32 AM |
Need Expert Help?
Get Ad-Aware Pro and
- Get immediate support by chat or e-mail
- Direct, in-product access to help 24/7
- Enhance your protection against online threats
or
Premium Services
Get immediate help to solve your computer problems. Just sit back and relax, our security experts can help you.
Use of Lavasoft Premium Services constitutes an acceptance of SupportSpace Terms of Service & Privacy Policy