[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Win32.Trojan.Agent appear when close Torpark



Thanks for all your feedback, and that "dead cow" stuff sounds really creepy. 
Someone have a good explanation? 

I´ll test that alternative .bat start Tor later on reformatted drive in 
resetted computer on clean Win XP install, to see how it goes. 

Concerning my original malware warning problem, after deeper digging I found 
a better F-secure log file wherein is to see this: 
 
C:\DOCUMENTS AND SETTINGS\*****\LOCAL SETTINGS\TEMP\*****.TMP\KILLPROCDLL.DLL
 
User name and last folder are here replaced with ***** but the last folder 
temporary created by Torpark, always consists of 5 characters period tmp, 
that vary random for every time Torpark is running (note that, despite the 
folder name ends as an file extension .tmp, it are in fact an folder). 

My theory is that file "KILLPROCDLL.DLL" are what trigging the warnings. 
When afterwards examinating the last folders, this file is always gone. 
Probably it´s purpose is somehow to close Torpark, I suppose. Now the 
question will be if something had infected the creation of that file. 
As an test, I´ve completely deleted all Torpark stuff and then reinsert 
the Torpark from clean, but the same warning occurr anyway. 

I´ve also did a full computer manual search (whit Torpark closed and 
internet shut down) but this "Win32.Trojan.Agent" wasn´t to be found. 
 



-- 
http://www.fastmail.fm - Access your email from home and the web