Page 1 of 2 12 LastLast
Results 1 to 10 of 17
Discuss WARNING: DO NOT download files from www.kiscan.net! at the Turbo-, Supersim and Simcloning Solution - Hackint0sh.org; Especially their program Smart Scan, apparently a modded Woron Scan version, is sending your IMSI, ...
  1. #1
    Amazingly Knowledgeable Array

    Join Date
    Jul 2007
    Location
    Fort Meade
    Posts
    941
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    55

    Default WARNING: DO NOT download files from www.kiscan.net!

    Especially their program Smart Scan, apparently a modded Woron Scan version, is sending your IMSI, ICCID and Ki to a third party,
    using the Lydra Trojan.

    If you already installed software from them, check your Windows Dir and look for files like syswin.exe, lsassv.exe, regedit2.exe (the changed file regedit.exe is a trojan file).
    Also in the directory: servicew.exe, calc.exe and calc2.exe (both trojan files),
    If you don't have a software firewall, you'll in trouble since these programs connect to a certain IP address.

    An easy way to find out if the files mentioned are trojans is to look for the string "johnhayward843@yahoo.co.uk" in it.
    Caution: most antivirus/antitrojan programs DO NOT find this trojan once it is in place. Deleting the files doesn't work either,
    even if you "unlock" and delete them. They're back as soon as you restart Windows.

    Beware of TROJANS and MALWARE, DO NOT download from them, also DO NOT buy from them since some of the claims they make are false.

    Don't say you haven't been warned!

    Here is a "proof", how vicious this trojan is (only one scanner found it):

    Antivirus Version letzte aktualisierung Ergebnis
    AhnLab-V3 2007.8.3.0 2007.08.08 -
    AntiVir 7.4.0.57 2007.08.08 -
    Authentium 4.93.8 2007.08.08 -
    Avast 4.7.1029.0 2007.08.08 -
    AVG 7.5.0.476 2007.08.08 -
    BitDefender 7.2 2007.08.08 -
    CAT-QuickHeal 9.00 2007.08.08 -
    ClamAV 0.91 2007.08.08 -
    DrWeb 4.33 2007.08.08 Trojan.LydraSpy.1205
    eSafe 7.0.15.0 2007.07.31 -
    eTrust-Vet 31.1.5043 2007.08.08 -
    Ewido 4.0 2007.08.08 -
    FileAdvisor 1 2007.08.08 -
    Fortinet 2.91.0.0 2007.08.08 -
    F-Prot 4.3.2.48 2007.08.08 -
    F-Secure 6.70.13030.0 2007.08.08 -
    Ikarus T3.1.1.12 2007.08.08 -
    Kaspersky 4.0.2.24 2007.08.08 -
    McAfee 5093 2007.08.08 -
    Microsoft 1.2704 2007.08.08 -
    NOD32v2 2444 2007.08.08 -
    Norman 5.80.02 2007.08.08 -
    Panda 9.0.0.4 2007.08.08 Suspicious file
    Prevx1 V2 2007.08.08 -
    Rising 19.35.22.00 2007.08.08 -
    Sophos 4.19.0 2007.08.01 -
    Sunbelt 2.2.907.0 2007.08.07 -
    Symantec 10 2007.08.08 -
    TheHacker 6.1.7.164 2007.08.08 -
    VBA32 3.12.2.2 2007.08.07 -
    VirusBuster 4.3.26:9 2007.08.08 -
    Webwasher-Gateway 6.0.1 2007.08.08 -
    Last edited by 997TT; 08-08-2007 at 10:01 PM.



  2. #2
    Advanced Array

    Join Date
    Aug 2007
    Posts
    38
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Thank you for the information!!

    How did you remove it?

    Thank you for the appreciated advice

  3. #3
    Senior Professional Array Shade.sh's Avatar

    Join Date
    Jul 2007
    Location
    Germany
    Posts
    440
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    36

    Exclamation

    Quote Originally Posted by situ View Post
    Thank you for the information!!

    How did you remove it?

    Thank you for the appreciated advice
    Analysed trojan! Thanks for that notice 997TT !!

    1. Download: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
    2. Run it!
    3. Open a "Run Application" and type in "msconfig"
    4. Under "systemstart" delete the entry "lsassv.exe".
    5. Wait until the scanner finished.
    6. Reboot
    7. scan agan and delete all files which infected.

  4. #4
    Amazingly Knowledgeable Array

    Join Date
    Jul 2007
    Location
    Fort Meade
    Posts
    941
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    55

    Default

    Try Max Spyware Detector, a very good detection/cleaning program.
    The Detection engine is FREE, download it from their site: www.maxpcsecure.com .
    Sometimes it gives false alarms but only sometimes.
    If it finds the Trojan Lyra...well...

    You can buy this program, you can buy others (Spysweeper from Webroot is very good too) or you can try to find freeware which works.

    Only one hint: after a "removal process", double check if the trojan really has been removed. Another problem: it may "sense" that you're using a anti-spyware program, crashing your Windows installation. If you're lucky, you can restart, if not, you need the recovery console to repair your Windows installation.

    I was lucky enought that I read about the www.kiscan.net website on another IT Security website and I used an old PC (my "honeypot" ) for testing www.kiscan.net and some of the programs offered there . It is definetely TRUE, this site should be AVOIDED!!!

  5. #5
    Advanced Array

    Join Date
    Aug 2007
    Posts
    38
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Thank you guys! Removed perfectly!


  6. #6
    Newbie Array

    Join Date
    Aug 2007
    Posts
    8
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    i downloaded the program they had and saved it so that i can try it when i went to work ( where i have access on a wintel machine ) thank god im on a mac and thank god i never ran that program ! would have been screwed at work !

  7. #7
    Newbie Array

    Join Date
    Aug 2007
    Posts
    1
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Wow 997TT. How did you generate this huge list of antivirus programs and their failure to detect the trojan? You have them all installed on your PC?

  8. #8
    Senior Professional Array Shade.sh's Avatar

    Join Date
    Jul 2007
    Location
    Germany
    Posts
    440
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    36

    Default

    Quote Originally Posted by digamma View Post
    Wow 997TT. How did you generate this huge list of antivirus programs and their failure to detect the trojan? You have them all installed on your PC?
    In net we have some multiscanner systems, you can submit a file and its scanned by lot's of scanners. I do the same with the suspecting files.

  9. #9
    Amazingly Knowledgeable Array

    Join Date
    Jul 2007
    Location
    Fort Meade
    Posts
    941
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    55

    Default

    Quote Originally Posted by Shade.sh View Post
    In net we have some multiscanner systems, you can submit a file and its scanned by lot's of scanners. I do the same with the suspecting files.
    Precisely.

  10. #10
    sam
    sam is offline
    Chief of Administration
    iPhone Dev Team
    Array sam's Avatar

    Join Date
    Jun 2007
    Posts
    1,852
    Post Thanks / Like
    Downloads
    35
    Uploads
    277
    Rep Power
    10

    Default

    A little addition:

    if you cracked your KI with that better watch out for abuse on your bill.


 

 
Page 1 of 2 12 LastLast

LinkBacks (?)

  1. 03-25-2009, 09:26 PM

Similar Threads

  1. Why do IPSW files download as zip files?
    By 3DAWY in forum General
    Replies: 12
    Last Post: 11-26-2012, 11:06 AM
  2. Cannot download any ISWP files
    By zaflyaway in forum iOS 3.x (iPhone OS 3.x)
    Replies: 5
    Last Post: 12-23-2010, 10:04 AM
  3. [MobileSafari] Getting it to *run* .exe files (not download)
    By floffelos in forum Free Toolchain Software (Cydia App's)
    Replies: 3
    Last Post: 01-15-2008, 10:18 AM
  4. Replies: 2
    Last Post: 10-23-2007, 12:37 AM
  5. download YouTube h.264 files?
    By fabiopigi in forum General
    Replies: 2
    Last Post: 08-22-2007, 03:22 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 02:36 PM.
twitter, follow us!