Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Analysis on Unknown Malware - Assistance Requested

18 Feb 2013   #11
UsernameIssues

W7 Pro SP1 64bit
 
 

Doh! I meant to add that I think Jacee was saying to look for an exe file with some random name (e.g. twbos6h.exe)

...but I could be wrong - perhaps that was a literal reference to a file named Random.exe


My System SpecsSystem Spec
.
18 Feb 2013   #12
Vir Gnarus

Microsoft Community Contributor Award Recipient

Windows 7 64-bit
 
 

Either way nothing of the type was discovered. I would love to provide all the details I've garnered on it so far but I don't think this is the place for that. WUDFHost.exe was discovered in the Windows startup as a scheduled task which I quickly snuffed out, and the only other registry keys I've found are keys WUDFHost.exe used to store binary code to execute, again elements I have noted and wiped off. I am unfamiliar with anything else.

Btw, what I can say is this item isn't exactly that new, now that I realize it. I found the file timestamps show up at May 7 2012. That was the day when in desperation I foolishly sought out a Windows key finder to determine the cause of a Windows registration issue with a new installed system. The item wasn't to generate a Windows key or to use illegal keys but to merely extract the current existing key of a Windows installation so I could juxtapose it with the key it was supposed to have. Regardless, the application ended up being a trojan.

I disassembled it in IDA and found it uses anti-disassembly techniques so I couldn't go very far on it. It does look very suspect and I wouldn't doubt WUDFHost.exe is lurking within its seemingly random code.

Thanks again for the support. I'll try seeing what I can do about finding a community that is more accommodating for this kind of work, if it's even accessible.
My System SpecsSystem Spec
18 Feb 2013   #13
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
Doh! I meant to add that I think Jacee was saying to look for an exe file with some random name (e.g. twbos6h.exe)

...but I could be wrong - perhaps that was a literal reference to a file named Random.exe
Exactly right!
My System SpecsSystem Spec
.

Reply

 Analysis on Unknown Malware - Assistance Requested




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BSOD assistance requested please - newish install, new user
Hello I'm quite familiar with installing/using XP but I have recently upgraded to Win 7 32 bit Pro. I got a deal at the end of 2009 to buy an "upgrade" CD which I downloaded from MS - you can upgrade an existing XP installation. I installed a clean XP OS (32 bit Pro) then upgraded to Win 7...
BSOD Help and Support
Windows 7 x64 BSOD Assistance Requested
My windows 7 Enterprise 64 bit installation is crashing and I haven't been able to get help from our University IT tech dept. . . . they suggest offloading files and rebuilding the system in 32 bit mode. After googled the minidump error codes and came across the Windows 7 Forum web site, I have...
BSOD Help and Support
Driver Power State Failure Minidump Analysis Requested
Hey everyone, Ever since I assembled this computer last August I've had intermittent driver related BSODs. Invariably they have something to do with power as well. The minidump from the latest one is attached to this message. I can provide older ones if needed. I'd appreciate any help with...
Drivers
BSOD Issue - Assistance Requested (IE8?)
Hi everyone, I've had my HP e9280t for a couple of months now and it seems that every other day the computer is crashing on me. Just today it crashed twice and I'm unsure how to determine the cause. I am pretty sure that in every instance I have been using IE8 and merely clicked on a link. I'm...
BSOD Help and Support
Unknown Device assistance
Hi Win7Forums How is everyone doing? I have an unknown device in my device manager...I have never figured out what it is. I have a Compal JFT02 (which I bought from IBUYPOWER). Just tell me what info you need and let the DEBUG begin!
Drivers


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:06.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App