[Intrusions] MSRLL Trojan Detected

Aristeu Gil Alves Jr aristeu at wahtec.com.br
Tue Dec 7 15:06:20 GMT 2004


Sorry, I didn´t reverse engeneered such trojan. But it happened to me once,
with other trojan, that mcafee information didn't provide me enough techical
information on vil database (none at all). Sending an e-mail to the
responsible person on McAfee took a day or two for the information to be
updated/completed on vil site.

http://www.networkassociates.com/us/contact/home.htm
Try the analyst people. I can´t tell you wich would be the best contact
right now, I can't recall. If someone has it, please tell.

Cheers
--aristeu

> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 05 Dec 2004 01:01:46 +0000
> From: "Sambhav Jain" <sambhav_jain at hotmail.com>
> Subject: [Intrusions] MSRLL Trojan Detected
> To: intrusions at lists.sans.org
> Message-ID: <BAY18-F32575FFF53D67E2E0CFC95FEB30 at phx.gbl>
> Content-Type: text/plain; format=flowed
>
> It seems our company is infected with the msrll trojan.  McAfee detects
this
> as BackDoor-CGM.  McAfee detects the msrll.exe executable in the directory
> "\windows\system32\mfm".  The MD5 is 84acfe96a98590813413122c12c11aaa.
> McAfee Virus Information Library (VIL) does not provide much technical
> details.  Googling didn't yield much either.  Has anybody detected or done
> an analysis of this trojan?
> Looking forward to your reply.
> Thanks!
> Sambhav Jain
>




More information about the Intrusions mailing list