Help with a potential threat on my system.

[GBeats]

Hi.

i have a program which i downloaded as per request from a potential employer/contracter.
i havereason to believe this file is trying (and partially succeeded) in hijacking my browser and is trying to takeover parts of my windows, but ive caught it in action and halted it so far.

i created a mini dump file of the process that was trying to access network resources and i get a list of modules its running. ill check them later but is there going to be anything interesting there? ive not been down this road before.

but the initial program is still a mystery to me, when i ranit i got a message that .net framework isnt installed and thats it, its not a system message its from the app, so im thinking its just to distract me and its actually done what its programmed to do.

is there anyway i can find out what its doing, maybea sandbox application, or maybe i can write something to track its process?

i dont want to backwards engineer it just so its clear....... i only want to know what its doing.

ive checked the file i made a dump for and its a known trojan, but the possible infecting file file is coming up a blank.

[Philly0494]

If the original application is, in fact, a .NET application I recommend you use .NET Reflector from Red Gate. It will actually fully decompile the program if you want it to.

[GBeats]

thanks, ill give that a try, i recommend removing/editing your last message, its a very sensitive subject.

[Philly0494]

I don't think so in this case. Red Gate is a respected company and a widely used tool. Any software written in .NET is very easy to "reflect", even more so than Java. This is so that the intermediate level debugger (ILDASM) can debug .NET software. In fact, the .NET SDK comes with ILDASM which is used to disassemble .NET executables. Red Gate Reflector is just an expansion of that. Software developers know to obfuscate their code because .NET applications are vulnerable to this. A simple obfuscation will render Reflector useless.

This is all outlined in detail here: http://msdn.microsoft.com/en-us/maga...164058.aspx#S1

[Joacim Andersson]

Thread moved to the General PC forum.

[GBeats]

Turns out it doesnt look like it's a .net app.
its showing a warning sign with file is not a .net module.
this reflecter looks nice though, thanks for the link.
ill just let the sites security team handle the problem with the file

just for my own ease of mind if anyone has any details regarding these files it would be nice to know.

a file trying to access my network settings today was here :-
C:/Windows/Windows Explorer/hckmd.exe
avast isnt detecting a virus with this file, but avast did detect the action it was trying to perform, i denied access and put it in the vault

the file i downloaded has probably been renamed.
avast detected it before i started the download but i ignored it as i was expecting it to be a quick exe written to provide me a code, usually avast picks up my own programs and tries to block them.
avast is saying its got Win32:Evo-Gen[susp]

[Nightwalker83]

Doing a google search on "hckmd.exe" it suggests that it is an Intel Hotkey Command Module.