ECSRO Official thread(Isro Private server)

**samurailos** · Mar 9, 2009, 11:21 AM

Just tried urs shadow and mc afee says

VIRUS DETAILS
Overview -

This detection is for a worm that attempts to copy itself to the Windows system folder. Additionally it attempts to place an autorun.inf file in the same location to automatically restart itself.
Characteristics
Characteristics -

This detection is for a worm. It attempts to spread by creating an autorun.inf file, which will run the worm automatically on systems which use the drives that are set to Autorun.

When run, the worm copies itself to the %Windir%\system32 folder and hides itself there. In addition it drops its autorun.inf file in the same location.

The worm tries to connect the following URLs:

* lemox.myhome.cx
* zkarmy.dip.jp

It makes the following changes to the registry. Notably, it changes registry values to start itself when Windows restarts.

Keys added:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty

Values modified:

* HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced "ShowSuperHidden"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer\Run "csrcs". Data: C:\WINDOWS\system32\csrcs.exe
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell". Data: Explorer.exe csrcs.exe

Symptoms
Symptoms -

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Method of Infection -

This worm may be spread by its intented method of infected removable drives or network shares.

Alternatively this may be installed by visiting a malicious web page either by clicking on a link, or by the website hosting a scripted exploit which installs the worm onto the user's system with no user interaction.
Removal -
Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations
Variants
Variants -

N/A

**madcats99** · Mar 9, 2009, 12:05 PM

shadow why you trying to hack us?

**Arch_Angel** · Mar 9, 2009, 01:01 PM

Los, most of the auto_pots are going to show up as virus or keyloggers. I can assure you the auto_potter that externflame posted isn't a keylogger because it is not accessing the internet.

ECSRO even shows up as a virus with AVG, so I'm not sure why you start complaining now about the auto pots. lol

Wolfe, dat deh auto pot look good. Send on nuh.

**ShadowWolfe Hellscream** · Mar 9, 2009, 02:25 PM

Originally Posted by madcats99

shadow why you trying to hack us?

you have anything special on your acc that I would want?

anywayz for whoever wants: http://d01.megashares.com/?d01=0524b2e
credits to DeSwa from SRM & Ecsro

**madcats99** · Mar 9, 2009, 07:00 PM

Originally Posted by ShadowWolfe Hellscream

you have anything special on your acc that I would want?

anywayz for whoever wants: http://d01.megashares.com/?d01=0524b2e
credits to DeSwa from SRM & Ecsro

me soon get sun man, doa worry

**Chyanaku** · Mar 9, 2009, 07:09 PM

i might try dat one ...

charm pm me when u on

**kev007_2002** · Mar 9, 2009, 09:51 PM

Originally Posted by ShadowWolfe Hellscream

you have anything special on your acc that I would want?

anywayz for whoever wants: http://d01.megashares.com/?d01=0524b2e
credits to DeSwa from SRM & Ecsro

does it change belts?

**Apache Kid** · Mar 9, 2009, 11:46 PM

long time mi nuh post a pic.... 8d pwnage

**zelink** · Mar 10, 2009, 12:35 AM

lol think u reach 9 d star, shud get some play time this week.

**taxiwarez** · Mar 10, 2009, 01:10 AM

Fembria??? dam im on normal ECSRO im almost 90 there when im max cap ill come ova there

Thread: ECSRO Official thread(Isro Private server)

Thread Tools

Tags for this Thread

Posting Permissions

Options

About

Social Media