Cable Forum - View Single Post

Web-Junkie · 27-05-2010, 20:34

yeah zing, I think wpa.dbl is legit.

Those other files are not packed or encrypted as you can put them in a Hex editor and scan the file, this is what the InfectDirectx.dll has inside it:

f:\RControl\InfectDDrawEx\Release\InfectDDrawEx.pd b

This is the same for the other files:

f:\RControl\MaskMessage\Release\MaskMessage.pdb
f:\RControl\TrapKey\Release\TrapKey.pdb
F:\RControl\HookDisplay\objfre\i386\HookDisplay.pd b

So they all part of the same infection. Disabled all Startup items and deleted the files in DOS but they still come back, even in safe mode!!

Bit of a bugger to pin down.

27-05-2010, 20:34	#3
Web-Junkie Inactive Join Date: Aug 2004 Services: 30mb BB Posts: 1,556	Re: Is this a new Virus/Rootkit I have? yeah zing, I think wpa.dbl is legit. Those other files are not packed or encrypted as you can put them in a Hex editor and scan the file, this is what the InfectDirectx.dll has inside it: f:\RControl\InfectDDrawEx\Release\InfectDDrawEx.pd b This is the same for the other files: f:\RControl\MaskMessage\Release\MaskMessage.pdb f:\RControl\TrapKey\Release\TrapKey.pdb F:\RControl\HookDisplay\objfre\i386\HookDisplay.pd b So they all part of the same infection. Disabled all Startup items and deleted the files in DOS but they still come back, even in safe mode!! Bit of a bugger to pin down.