? got: "Win32:Trojan-gen. {UPX!}" any info be great

[Hellfighter]

Seem a hacker got into my system and scew it up my system for me, leach onto some files i save for burn off on a cd later on if i needed to restill.

if any of you can dig up this "Win32:Trojan-gen. {UPX!}" would make me happy i move them to a secure chest seal them. going to do a boot scan to see if there any more of these crap in my system.

info i need to how it may have gotting in and how if it may have a worm to this?

Quote:

3/29/2005 5:38:18 PM SYSTEM 1400 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "F:\Documents and Settings\XXXXXXXX\Desktop\downloads\Xfire IM\flatX\flatX.exe" file.

3/29/2005 5:38:09 PM SYSTEM 1400 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "F:\Documents and Settings\XXXXXXXX\Desktop\downloads\Xfire IM\Bawls\Bawls.exe" file.

3/29/2005 5:37:38 PM SYSTEM 1400 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "F:\Documents and Settings\XXXXXXXX\Desktop\downloads\Xfire IM\AKA\AKA.exe" file.

3/29/2005 5:36:06 PM SYSTEM 1400 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "F:\Documents and Settings\XXXXXXXX\Desktop\downloads\RainBow six\Maps\SS_Ricochet.exe" file.

3/29/2005 5:06:23 PM SYSTEM 1400 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "F:\Documents and Settings\XXXXXXXXX\Desktop\downloads\RainBow six\Maps\SS_88.exe"
file.

some how it leech on to some maps i downloaded 3mo all go. and a skin for Xfire i downloaded from xfire.com don't know if this made my system crash last night or not? it is a bet weird not to think he may have a hand into it. i got the blue screen of death not to say had to use Windows Xp pro Cd to repair files that have error's or gone.

i doing the boot scan now and finish updating windows for Dx9c back in.

by the way it all so found in system restore folder i disable it and it is gone.
============================================

i was able to save all the programs from being deleted windows only did a repair dealing with windows XP Pro OS so it did not reformated the hard drive.

so BB it only leech on to the.exe files all the intro are ok, i deleted them before my system gone down, public area should not have anything bad in it at all. files were deleted 7hrs before this crash happen to me.

[DevilDog#1]

Chief,

check out this site. It has all the info you need.

Edit: this site is also helpful.

[Hellfighter]

thanks save me some time looking it up.

will that was nice all they did was talk about it still no details on it at all.

[JonM]

was probaly troj

[Hellfighter]

i know that but worms do use trojan to download item, it funny it leech on to a map package and a skin pack for xfire? anyway system seem to be clean did it in safemod and bootscan, no more viruse's found

[~MOUSE~]

INFO

[Hellfighter]

will thanks ~MOUSE~

so that it the type of virus it is not even the name of it sad
ref; "Win32:Trojan-gen. {UPX!}"

bighter side some great thing to read there, nice to know some of the lame hackers are getting busted for this crappy workmenship:
Home / News
Israeli hacker arrested after attempt to steal millions
Mar 17 2005 21:23 | comment

The Israeli National Fraud Squad together with members of the UK National Hi-Tech Crime Unit have successfully traced and arrested Yaron Bolondi, who is suspected of being part of a large international money laundering network scheme based in London.

The 32-year old was apparently also involved in the attempt to steal 423 million dollars from the London offices of London offices of the Japanese bank Sumitomo Mitsui last year in October. According to police reports, the gang attracted investigators attention after they attempted to illegally transfer large amounts of money to ten bank accounts around the world. Further investigation revealed a security breach which the gang used to install keyloggers and gain illegal access to the money.

This comes as no surprise to virus analysts, because keyloggers are known to be the tool of choice for cyber criminals. These utilities capture confidential information as it is entered and report useful details to the controller.

"If you have to rely on e-banking - and I have to say I'm a great fan of it - choose your bank wisely. One time pad authentication or hardware tokens are a sine qua non. Assuming that the bank's internal bank network isn't breached, your money should be safe", comments Costin Raiu, Head of Research & Development, Kaspersky Lab Romania.
=====================================
Home / News
Phisher caught in security net
Nov 12 2004 16:24 | comment

The Boston Herald reports that Andrew Schwarmkoff, 28, has been charged with multiple counts of fraud, identity theft, larceny and receiving stolen goods. The arraignment took place in a Boston-area District Court, and Schwarmkofff was ordered to be held on $100,000 cash bail.

The Russian was arrested on Friday. Police reportedly found more than 100 identity cards with false information, credit card scanning devices, $200,000 worth of stolen goods, and a large amount of cash.

Schwarmkoff obtained the personal information via phishing attacks: phoney emails which ask the recipient to provide confidential information such as bank account details. Phishing is a relatively new cyber-threat, and is evolving rapidly, with new attacks being launched every week.

Security analysts believe that most phishing activity is linked to organised crime. Previous legal action against phishing suspects has focussed on groups in Eastern Europe and the former Soviet Union. Sources suggest that Schwarmkoff may be linked to Russian organised crime, but he is refusing to comment.

The first phishing emails, which supposedly came from banks, were often full of spelling and grammar errors. Now, however, attacks are becoming increasingly sophisticated. Emails will often include a link to a forged site which is identical to a legitimate banking site. Information such as credit card or bank account details entered on this site will be sent to the criminals who set up the site.

Users should be extremely cautious about providing any personal information on line. You should check the legitimacy of any email by getting in touch with the bank or institution which purportedly sent the email. Finally, for more information, visit the Anti-Phishing Working Group site. It provides regular updates on new phishing attacks. The site includes advice on what to do if you think you have been a victim of such an attack.
===========================================
Source: http://www.viruslist.com/en/news

will at lease some of them are getting busted for crime they did. only can hope more will die off the internet soon

[Hellfighter]

dang they had this there too?

Quote:

American arrested for sale of Windows source code
Nov 15 2004 18:35 | comments (2)

William Genovese, a 27 year old from Connecticut is facing charges of economic espionage for selling Windows source code over the Internet. He claims he is being used as a scapegoat. Genovese believes that the software giant is choosing to prosecute him simply because the company cannot find the person who actually stole the source code in the first place.

Windows 2000 and Windows NT source code first started circulating on the Internet in February 2004. The code was in two 200 MB files. Although it seems that these files came from Mainsoft, a Microsoft partner which develops UNIX tools for Windows, it is unknown who actually leaked the files.

When the code appeared, Genovese posted a short message on his site, saying that he had the code, and that anyone who wanted it should 'make a donation' via his site. He says that this was a joke, as the code was freely available from other sources. When he was contacted by someone asking for the code, he was surprised - but he accepted a donation of $20 made via the PayPal button on his site, and allowed the unknown contact to download a copy of the source code from his server.

In July, Genovese was contacted again by the same man, who said he had formatted his computer and wanted the source code again. Genovese had by this time removed the code from his server, but located it on a P2P network and sent it as requested.

However, this request for the source code was not from an inquisitive geek, but from a representative of a security firm. Microsoft hired the firm to track the source code over the Internet. Once the first transaction was complete, Microsoft reported it to the FBI. The FBI then asked the security firm to complete a second transaction.

Genovese was arrested on Tuesday, and is accused of violating the 1996 Economic Espionage Act. This piece of legislation is rarely used, and was designed to punish those who steal trade secrets for personal gain, or for the economic benefit of a third party. Violators face up to 10 years in prison. Both the benefit the violator accrued from the stolen information, and their criminal history, are taken into account when sentencing is carried out. Genovese has already received two years probation for penetrating personal computers and using key logging programs.

Whatever the outcome, the case raises some interesting legal issues. 'The real question is whether this information remains a trade secret after it is globally available to anyone with an Internet connection," comments Jennifer Granick, from the Stanford Centre for Internet and Society. "This is something that the courts have been grappling with, so it's pretty shocking that the government would pursue criminal charges for something that the civil courts can't even agree on."

source: http://www.viruslist.com/en/news?id=154863301

dang ~MOUSE~ thats a hell of a good site to go to thanks for pointing out to me love it.