Hey all,

I thought I'd let you guys know that I picked up a combination password stealer/cracker/trojan over the weekend. It didn't get picked up by Ad-aware, hijackthis or NOD32. That being said, check your compies for the following files.

Running on the computer could be files

urlmon.exe
manager.exe
brute.exe
brutesav.exe

The only way I picked up on it was my computer was dragging ass on both cores of the proc, checked the window and saw that a program called brute.exe was running.

The trojan also fucked up my hosts file so that it would send passwords to a certain IP address ( 76.23.147.113 .) I managed to delete all of the files and .dll's associated and fixed my hosts file, plus I changed all my passwords, but you guys should be on the lookout for this until it gets noticed by the antivirus companies.

http://www.spywaredb.com/remove-brute-executables-1-0/

http://spywarefiles.prevx.com/RRFCGH3749357/URLMON.EXE.html

7/26/2007 7:59:32 PM

do you know where you picked it up?

dl? porn site?

7/26/2007 8:03:41 PM

Sorry about that.
I'm on a mac.

7/26/2007 8:07:32 PM

It most probably came from torrents. tho, I've got no clue to as a specific one.

7/26/2007 8:16:59 PM

Quote :

"Sorry about that. I'm on a mac."

7/27/2007 9:48:20 PM