Author Topic: malware register as service (Read 363 times)

Z!L0G80 · « **on:** February 09, 2015, 07:47:18 PM »

cau mam tu takovou sracku(TrojLydra-U) co se registruje jako service
[MACHINE\SYSTEM\CurrentControlSet\Services\msorcvp]
"DependOnGroup" = ""
"DependOnService" = "RpcSs"
"Description" = "This service manages TCP/IP packets at Internet"
"DisplayName" = "TCPIP route manager"
"Group" = "PlugPlay"
"ObjectName" = "LocalSystem"
"ImagePath" = "c:\windows\msorcvp.exe"
"ErrorControl" = 0x00000001 (1)
"PlugPlayServiceType" = 0x00000003 (3)
"Start" = 0x00000002 (2)
"Type" = 0x00000120 (288)

a zajimalo byme kcemu slouzi to "PlugPlayServiceType" = 0x00000003 (3) jestli to ma nejaky ucel a kcemu se to da vyuzit ?
jinak tenhle servicetype v systemu ma pouze eventlog ,ze by nejaka forma pluginuu ??
googlim a nic :/
tak trebe jesli nekdo nevi nebo odkazy

pr0p4g4nd4 · « **Reply #1 on:** February 13, 2015, 12:17:57 PM »

to co hladas sa nikde nevyskytuje, ziadny popis, skratka nic. jedine miesto kde som take nieco nasiel, bolo vo "WindowsResearchKernel-WRK" (v casti "WindowsResearchKernel-WRK\WRK-v1.2\public\internal\base\inc\pnpmgr.h") - bohuzial neviem odkial to mam, takze neviem ani, ze ci neexistuje nejaka rozsirena verzia toho, kde by mozno nejaky popis bol.

Z!L0G80 · « **Reply #2 on:** February 14, 2015, 01:03:31 PM »

jo wrk sem nasel tez ,takze asi tak bud jeto nanic nebo to slouzi ktomu aby sluzba bezela jako sitova tj. v me pripadne umoznuje enumovat network resources a scanuje lan shares

RE FORUM

News:

Author Topic: malware register as service (Read 363 times)

Z!L0G80

malware register as service

pr0p4g4nd4

Re: malware register as service

Z!L0G80

Re: malware register as service