Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 08-25-2004, 03:44 PM
owl owl is offline
Junior Member
 
Join Date: Aug 2004
Posts: 1
Default reversing malware

This is probably a stupid question, being a newby. Anyway, I am trying to RE a malware (msrll.exe) for a technical paper and I notice that the malware won't allow me to delete it from the task manager and neither the folder that it created "mfm". It also starts itself up at reboot but it is not located under the current version/update on the registry.

The question is how is sticking around, meaning how is stopping me from killing it?. So far I have only done the behaviour analysis , I haven't started with the code analysis yet.
__________________
Two roads diverged in a wood, and I took the one less traveled by, And that has made all the difference.
Reply With Quote
  #2  
Old 08-31-2004, 04:23 PM
sniffysnif sniffysnif is offline
Member
 
Join Date: Aug 2004
Posts: 8
Default

i hope this doesn't sound stupid, but is the program running as a service?
Reply With Quote
  #3  
Old 09-01-2004, 06:21 PM
Crudd Crudd is offline
Administrator
 
Join Date: Dec 2002
Posts: 22
Default

These two links might help:
hxxp://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=123027
hxxp://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=BKDR_JTRAM.A

I couldnt really find much other useful info though. Hope this helps.
Crudd [RET]
__________________
Just another freak, in the freak kingdom.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.