Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   Reverse Code Engineering (http://www.reteam.org/board/forumdisplay.php?f=23)
-   -   reversing malware (http://www.reteam.org/board/showthread.php?t=141)

owl 08-25-2004 03:44 PM

reversing malware
 
This is probably a stupid question, being a newby. Anyway, I am trying to RE a malware (msrll.exe) for a technical paper and I notice that the malware won't allow me to delete it from the task manager and neither the folder that it created "mfm". It also starts itself up at reboot but it is not located under the current version/update on the registry.

The question is how is sticking around, meaning how is stopping me from killing it?. So far I have only done the behaviour analysis , I haven't started with the code analysis yet.

sniffysnif 08-31-2004 04:23 PM

i hope this doesn't sound stupid, but is the program running as a service?

Crudd 09-01-2004 06:21 PM

These two links might help:
hxxp://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=123027
hxxp://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=BKDR_JTRAM.A

I couldnt really find much other useful info though. Hope this helps.
Crudd [RET]


All times are GMT -4. The time now is 02:44 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.