Discuss WARNING: DO NOT download files from www.kiscan.net! at the Turbo-, Supersim and Simcloning Solution - Hackint0sh.org; Especially their program Smart Scan, apparently a modded Woron Scan version, is sending your IMSI, ...
WARNING: DO NOT download files from www.kiscan.net!
Especially their program Smart Scan, apparently a modded Woron Scan version, is sending your IMSI, ICCID and Ki to a third party,
using the Lydra Trojan.
If you already installed software from them, check your Windows Dir and look for files like syswin.exe, lsassv.exe, regedit2.exe (the changed file regedit.exe is a trojan file).
Also in the directory: servicew.exe, calc.exe and calc2.exe (both trojan files),
If you don't have a software firewall, you'll in trouble since these programs connect to a certain IP address.
An easy way to find out if the files mentioned are trojans is to look for the string "firstname.lastname@example.org" in it.
Caution: most antivirus/antitrojan programs DO NOT find this trojan once it is in place. Deleting the files doesn't work either,
even if you "unlock" and delete them. They're back as soon as you restart Windows.
Beware of TROJANS and MALWARE, DO NOT download from them, also DO NOT buy from them since some of the claims they make are false.
Don't say you haven't been warned!
Here is a "proof", how vicious this trojan is (only one scanner found it):
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.8.3.0 2007.08.08 -
AntiVir 126.96.36.199 2007.08.08 -
Authentium 4.93.8 2007.08.08 -
Avast 4.7.1029.0 2007.08.08 -
AVG 188.8.131.526 2007.08.08 -
BitDefender 7.2 2007.08.08 -
CAT-QuickHeal 9.00 2007.08.08 -
ClamAV 0.91 2007.08.08 -
DrWeb 4.33 2007.08.08 Trojan.LydraSpy.1205
eSafe 184.108.40.206 2007.07.31 -
eTrust-Vet 31.1.5043 2007.08.08 -
Ewido 4.0 2007.08.08 -
FileAdvisor 1 2007.08.08 -
Fortinet 220.127.116.11 2007.08.08 -
F-Prot 18.104.22.168 2007.08.08 -
F-Secure 6.70.13030.0 2007.08.08 -
Ikarus T22.214.171.124 2007.08.08 -
Kaspersky 126.96.36.199 2007.08.08 -
McAfee 5093 2007.08.08 -
Microsoft 1.2704 2007.08.08 -
NOD32v2 2444 2007.08.08 -
Norman 5.80.02 2007.08.08 -
Panda 188.8.131.52 2007.08.08 Suspicious file
Prevx1 V2 2007.08.08 -
Rising 19.35.22.00 2007.08.08 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.07 -
Symantec 10 2007.08.08 -
TheHacker 184.108.40.206 2007.08.08 -
VBA32 220.127.116.11 2007.08.07 -
VirusBuster 4.3.26:9 2007.08.08 -
Webwasher-Gateway 6.0.1 2007.08.08 -
Last edited by 997TT; 08-08-2007 at 11:01 PM.
Thank you for the information!!
How did you remove it?
Thank you for the appreciated advice
Analysed trojan! Thanks for that notice 997TT !!
Originally Posted by situ
1. Download: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
2. Run it!
3. Open a "Run Application" and type in "msconfig"
4. Under "systemstart" delete the entry "lsassv.exe".
5. Wait until the scanner finished.
7. scan agan and delete all files which infected.
Try Max Spyware Detector, a very good detection/cleaning program.
The Detection engine is FREE, download it from their site: www.maxpcsecure.com .
Sometimes it gives false alarms but only sometimes.
If it finds the Trojan Lyra...well...
You can buy this program, you can buy others (Spysweeper from Webroot is very good too) or you can try to find freeware which works.
Only one hint: after a "removal process", double check if the trojan really has been removed. Another problem: it may "sense" that you're using a anti-spyware program, crashing your Windows installation. If you're lucky, you can restart, if not, you need the recovery console to repair your Windows installation.
I was lucky enought that I read about the www.kiscan.net website on another IT Security website and I used an old PC (my "honeypot" ) for testing www.kiscan.net and some of the programs offered there . It is definetely TRUE, this site should be AVOIDED!!!
Thank you guys! Removed perfectly!
i downloaded the program they had and saved it so that i can try it when i went to work ( where i have access on a wintel machine ) thank god im on a mac and thank god i never ran that program ! would have been screwed at work !
Wow 997TT. How did you generate this huge list of antivirus programs and their failure to detect the trojan? You have them all installed on your PC?
Chief of Administration
iPhone Dev Team
A little addition:
if you cracked your KI with that better watch out for abuse on your bill.
By 3DAWY in forum General
Last Post: 11-26-2012, 12:06 PM
By zaflyaway in forum iOS 3.x (iPhone OS 3.x)
Last Post: 12-23-2010, 11:04 AM
By floffelos in forum Free Toolchain Software (Cydia App's)
Last Post: 01-15-2008, 11:18 AM
By neilio in forum iPhone "2G" (Rev. 1)
Last Post: 10-23-2007, 01:37 AM
By fabiopigi in forum General
Last Post: 08-22-2007, 04:22 PM