« previous next »
Pages: [1]   Go Down

Author Topic: VMware Workstation 6 Win32:Dropper-GT [Trj]  (Read 4685 times)

0 Members and 1 Guest are viewing this topic.

AHRIMANSEFID

  • Guest
VMware Workstation 6 Win32:Dropper-GT [Trj]
« on: November 28, 2009, 10:20:32 AM »
Hi All.
Me Run VMware Workstation 6 Avast Find File ( Windows XP Professional.vmdk ) Win32:Dropper-GT [Trj].
WHEREFORE ???
Plz Help For Fix.
Thanks.
Logged

Scan

  • Guest
Re: VMware Workstation 6 Win32:Dropper-GT [Trj]
« Reply #1 on: December 01, 2009, 05:36:15 AM »
Maybe its not a trojan and 99% its True.
I downloaded vmware player Before (Free version) I Ask you to be ware

Right after installing, serval services started for no reason and i haven't entered any OS (i didn't even have any idea what i am doing when i downloaded that) and Next to that internet connection Dropping all sudden DHCP Attacks and next to all of this My Firewall Turned Off and All My Ports Were opened and sharing files becomes enabled by Firewall and system.

I Really Really Really don't Recommend you to Ignore this case.
I don't know who are the hackers behind this i don't know if its the vmware company its self....

and this is the part that will hopefully make you listen:

http://ubuntuforums.org/showthread.php?t=180479


Oh and by the way the Trojans i have found were in TMP Folder were Trojan agent and another PDF Expoilt Trojan.

More from that , Hackers them selfs admit how they Do it to the victim:

http://hackaday.com/2005/10/24/how-to-vmware-player-modification/

i sure hope you learn to be careful not learn to hack...
Logged

Brandon72196

  • Guest
Re: VMware Workstation 6 Win32:Dropper-GT [Trj]
« Reply #2 on: December 02, 2009, 09:46:42 PM »
Quote from: Scan on December 01, 2009, 05:36:15 AM
Maybe its not a trojan and 99% its True.
I downloaded vmware player Before (Free version) I Ask you to be ware

Right after installing, serval services started for no reason and i haven't entered any OS (i didn't even have any idea what i am doing when i downloaded that) and Next to that internet connection Dropping all sudden DHCP Attacks and next to all of this My Firewall Turned Off and All My Ports Were opened and sharing files becomes enabled by Firewall and system.

I Really Really Really don't Recommend you to Ignore this case.
I don't know who are the hackers behind this i don't know if its the vmware company its self....

and this is the part that will hopefully make you listen:

http://ubuntuforums.org/showthread.php?t=180479


Oh and by the way the Trojans i have found were in TMP Folder were Trojan agent and another PDF Expoilt Trojan.

More from that , Hackers them selfs admit how they Do it to the victim:

http://hackaday.com/2005/10/24/how-to-vmware-player-modification/

i sure hope you learn to be careful not learn to hack...

Umm, that hackaday article was just a way to get  copies of an OS onto vmware player, before it could make VM's.
I have VMware workstation installed and it works fine on windows 7.
Also, that thread was on Ubuntu and apparently it was the persons mistake.
When it detects it click on report as false positive than quarantine it and we shall see if it is one. Also, did you download it from the VMWare site?
« Last Edit: December 02, 2009, 09:55:29 PM by Brandon72196 »
Logged

Scan

  • Guest
Re: VMware Workstation 6 Win32:Dropper-GT [Trj]
« Reply #3 on: December 03, 2009, 02:36:17 AM »
that was from UB site Yes But he spoke of VMWAREPLAYER he said once he installed it, some thing hooked into his system.
Same happend to me for some reasons
But i am not sure i may have downloaded a work station not sure maybe its what contained the trojan.

Otherwise i would probably look back at the victim like me who had his computer hacked and getting messages like 'Machine Check : Regs' in event viewer and his internet Going down some times (DHCP Loss) and contacting a random server to Gain an Unsecured service.

wow i don't even have to tell that 'imapi CD Rom service started'
Logged

Brandon72196

  • Guest
Re: VMware Workstation 6 Win32:Dropper-GT [Trj]
« Reply #4 on: December 03, 2009, 02:49:01 AM »
Quote from: Scan on December 03, 2009, 02:36:17 AM
that was from UB site Yes But he spoke of VMWAREPLAYER he said once he installed it, some thing hooked into his system.
Same happend to me for some reasons
But i am not sure i may have downloaded a work station not sure maybe its what contained the trojan.

Otherwise i would probably look back at the victim like me who had his computer hacked and getting messages like 'Machine Check : Regs' in event viewer and his internet Going down some times (DHCP Loss) and contacting a random server to Gain an Unsecured service.

wow i don't even have to tell that 'imapi CD Rom service started'
I have also installed VMWare player on this machine. Again, it worked fine, no alerts or anything, but I have since uninstalled it.
Where did you get the download for VMWare player? Was it from VMWare.com? What version was it?
Thanks.
Logged

Scan

  • Guest
Re: VMware Workstation 6 Win32:Dropper-GT [Trj]
« Reply #5 on: December 03, 2009, 03:03:07 AM »
i formatted my computer.
but before i found trojan Expoilts my OS security allowing file Sharing and Even Event Viewer Starts Random servies autmaticly and i keep getting 'Machine check' then 'Machine Check : Registery' i was using XP.

I Checked the Trojan Before Removing it and found it was Created on the date i installed vmware player and i saw another one named Trojan agent both were in TMP Folder i am sure i downloaded it from the Offical web site.

but i do admit i think i downloaded some one's work station so it might be the reason But suspesiouly that the one on UB never ran any work stations.
List of services suddenly starts:

'SS Discovery - Remote Registery - Telephoney Service' those from what i can Remmber. oh and imapi CD Rom service.
and i also found a weird folder with a strange random name i found 'Spu' 'Spu Uninstall' i tried to enter them but i get access is denied it was on one of my HDD Drivers.
Logged
Pages: [1]   Go Up
« previous next »