Quoted
**
Hi all
Am not used to report abuse but this one goes too far.
Some contact sent me adress for website yesterday. That website proposes download to hacks like Nos, anti damage etc.
I downloaded those and launched them with no effect. As this was kinda suspicious, i disassembled 2 of the hacks to find they were both same programs, using SetWindowsHookEx Function to watch for keyboard strokes, creating log files and more.
After further investigation, i found they are based on Win32:Rebhip-B] trojan type, and sure enough i was infected.
If you caught this trojan, u should have a firefox.exe process, a fake one, visible in task manager. If u use firefox and it is opened, u should then see 2 processes with that same name. Kill them both to be sure.
When killed, open windows registry editor, search for a key containg "WinDir\Svchost.exe", mine was in HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/Microsoft/Window/CurrentVersion/Run/
Delete that key, reboot, and check registry again. If key still here, try deleting it after reboot in safe mode.
Here is the link to this website, so everybody knows who spreads the ****.
lfsrev.tk
as it is a tk domain, access to who is information is not possible, but reporting website for abuse is to
abuse@dot.tk according to whois.net query.
be wise..
**
orginal thread with all stuffs..
http://www.lfsforum.net/showthread.php?t=72597ps: I´m not sure if this is true but i thought why not post it up so the rest here knows it bcause its not really fun to get the lfsw-acc we payed for getting stolen by ppl.
regards.
