 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
#1
08-25-2004, 03:44 PM
|
|||
|
|||
reversing malware
This is probably a stupid question, being a newby. Anyway, I am trying to RE a malware (msrll.exe) for a technical paper and I notice that the malware won't allow me to delete it from the task manager and neither the folder that it created "mfm". It also starts itself up at reboot but it is not located under the current version/update on the registry.
The question is how is sticking around, meaning how is stopping me from killing it?. So far I have only done the behaviour analysis , I haven't started with the code analysis yet.
__________________
Two roads diverged in a wood, and I took the one less traveled by, And that has made all the difference. 
|
|
#2
08-31-2004, 04:23 PM
|
|||
|
|||
|
i hope this doesn't sound stupid, but is the program running as a service?
|
|
#3
09-01-2004, 06:21 PM
|
|||
|
|||
|
These two links might help:
hxxp://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=123027 hxxp://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=BKDR_JTRAM.A I couldnt really find much other useful info though. Hope this helps. Crudd [RET]
__________________
Just another freak, in the freak kingdom.
|
Linear Mode
