[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
10/27/2009 at 08:38AM PDT, ID: 24847604 | Points: 500
[x]
Attachment Details

zbot infection

Asked by revo1059 in Encryption for Network Security, Latest Threats

We have a system that was infected with a Zeus trojan.

According to research I have done there are 3 files included

sdra64.exe  - the binary
local.ds - file that stores stolen data
user.ds - config file (what to get, where to send,etc)

This system did NOT have the config file(user.ds) but did have the other 2 so I'm not sure the collected data was sent anywhere, however since I have the local.ds file I'd really like to find a way to decrypt it and see what was stored to be sent.

How can I open this file? Is there a company that specializes in this?

Any info in helping find out what is in this file would be appreciated.

 
Keywords: zbot infection
Title
1 Virus paranoia, or...?
 
Loading Advertisement...
 
[+][-]10/27/09 09:27 AM, ID: 25674361

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/21/09 04:35 PM, ID: 25880255

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 30-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20090824-EE-VQP-74 - Hierarchy / EE_QW_3_20080625