Path: news.nzbot.com!news.astraweb.com!border6.newsrouter.astraweb.com!feed.news.qwest.net!mpls-nntp-02.inet.qwest.net!nx01.iad01.newshosting.com!newshosting.com!69.16.185.112.MISMATCH!peer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!fx08.iad.POSTED!not-for-mail
From: "Torq" <Torq@gmail.com>
Subject: Amplitude 3 virus
Newsgroups: alt.binaries.sounds.utilities
Lines: 9
Message-ID: <VGa5v.100806$cz2.8229@fx08.iad>
X-Complaints-To: abuse@easynews.com
Organization: Easynews - www.easynews.com
X-Complaints-Info: Please be sure to forward a copy of ALL headers otherwise we will be unable to process your complaint properly.
Date: Mon, 21 Apr 2014 10:20:22 -0500
X-Received-Bytes: 1221
X-Received-Body-CRC: 2025374043
Xref: news.nzbot.com alt.binaries.sounds.utilities:10
This is definitely not a false positive. Those are quite common but this one is a trojan. The keygen is modifying the registry and adding files. Once you run the program the registration process itself sets up even more. It sets up a service and broadcasts your IP to a series of IP addresses at 5.xxx.xxx.xx. I think that's Russia. It's turning your PC into a Bot. Once evrything is installed, Trend Micro or Malware Antibytes does not detect it.
There are true R2R versions you can find on IRC that are good. You might want to skip this turd.
--------------= Posted using GrabIt =----------------
------= Binary Usenet downloading made easy =---------
-= Get GrabIt for free from http://www.shemes.com/ =-
|
|