Prev: Trojans with rapidshare downloads?
Next: BIOS infection - an item for discussion
From: Virus Guy on 10 Jun 2010 19:42
This link came in today in the form of email spam. Directly from a
Yahoo mail server.

hxxp://rapidshare.com/files/397453832/YAHOO.exe

Current virus total detection rate is 11/41.

Mostly id'd as backdoor tidserv.

Normally when I download from Rapidshare, I'm asked to select "free
user" or "paid user" and I select free user and then have to wait for a
timer to count down before I get the actual download link.

This link gives you the file without going through any of that - any
idea why or how?
From: David H. Lipman on 10 Jun 2010 20:27
From: "Virus Guy" <Virus(a)Guy.com>

| This link came in today in the form of email spam. Directly from a
| Yahoo mail server.

| hxxp://rapidshare.com/files/397453832/YAHOO.exe

| Current virus total detection rate is 11/41.

| Mostly id'd as backdoor tidserv.

| Normally when I download from Rapidshare, I'm asked to select "free
| user" or "paid user" and I select free user and then have to wait for a
| timer to count down before I get the actual download link.

| This link gives you the file without going through any of that - any
| idea why or how?

Yes, that is TDL3.

HKLM\SYSTEM\ControlSet001\Services\burttiqvhspxjpp
\iprykwqo\qiuxhbuy\tdl

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 | 
Pages: 1
Prev: Trojans with rapidshare downloads?
Next: BIOS infection - an item for discussion