|
#14
18-02-2008, 02:07
|
|||
|
|||
|
I think I found the culprit!
As the DLL was upx'ed (UPX 3.00) I ran a search for other upx'ed files and found one: C:\WINDOWS\SYSTEM32\fsusd32.dll At every logon fsusd32.dll created C:\WINDOWS\TEMP\1EB725F9.dll, this DLL was killed using Unlocker (http://ccollomb.********/unlocker) as regsvr32 did not work. Great tool btw using a GUI to show/kill file locks. Unlocker could not kill fsusd32.dll as this would result in a logout as it is being loaded thru winlogon.exe Then I used HijackThis to see if fsusd32.dll was being loaded, it did: O20 - Winlogon Notify: fsusd32 - C:\WINDOWS\SYSTEM32\fsusd32.dll Removed it using HijackThis, rebooted and fsusd32.dll could be deleted Hope this will do it.... I could only find 2 references to fsusd32.dll in google, one link says it is: Trojan-Downloader.Win32.Adload.dq (10-2006, ASPacked) So maybe is was not "used" that much or this is an "update" (because of the UPX 3.00 packer instead of ASPack) and therefor is not recognized by any AV/Malware software?! I still do not know how this server got infected as updates are run asap, nothing was installed on it and it has only the necessary ports available I checked for references to changes using winlogon.exe and found them in setupapi.log, so I think it got installed on 2007/07/09... I am keeping my fingers crossed 
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Connecting to servers on BF2142 | JonaTh0ng | General Gaming | 3 | 03-11-2007 12:56 |
| Battlefield 2 1.4 cracked servers | Badabingea | PC Games | 4 | 13-09-2006 07:15 |
| Are there servers for diablo 2 exp? | giraffe | PC Games | 0 | 28-07-2002 16:58 |
| zombie revenge 1st_read.bin patch | phil31169 | DC Games | 1 | 07-08-2001 21:59 |
| Quake 3 Servers (UK) | Rhythmic | PC Games | 0 | 15-04-2001 06:27 |
Threaded Mode