dahmers love zombie: An analysis from researchers at security firm AlienVault shows that the malware is able to remain active even after a machine is rebooted. It does this by adding a registry entry. The RAR archive dropper is named GrooveMonitor.exe, presumably to disguise it as a legitimate Windows Office 2007 service. GrooveMonitor.exe then drops additional files named juboot.exe, jucheck.exe, SLEEP.EXE, and WmiPrv.exe.I bet the jus did this.
wildcardjack: This is pretty low brow. I'd like to see one that drops random values into databases and spreadsheets. Make it so you can't trust the output of the computers.
DanZero: [assets1.subpop.com image 605x605]Suspected./obscure?//hell yes
BumpInTheNight: wildcardjack: This is pretty low brow. I'd like to see one that drops random values into databases and spreadsheets. Make it so you can't trust the output of the computers.Patriot memory is way ahead of you.
Felgraf: What would be hysetrical would be if this was on the drone they 'captured'.
rolladuck: Felgraf: What would be hysetrical would be if this was on the drone they 'captured'.Trojan drone?
traylor: Damnit. My computer is also infected by jucheck.exe
Want to see behind the curtain? Try
It's how we feed the squirrel
Sign up for the Fark NotNewsletter!
Links are submitted by members of the Fark community.
When community members submit a link, they also write a custom headline for the story.
Other Farkers comment on the links. This is the number of comments. Click here to read them.
You need to create an account to submit links or post comments.
Click here to submit a link.
Also on Fark
Submit a Link »
Copyright © 1999 - 2018 Fark, Inc | Last updated: May 23 2018 10:07:42
Runtime: 0.216 sec (215 ms)