3dfxzone.it ~ SFFT Drivers ~ MesaFX ~ 3D-Analyze ~ 3dfx Headlines ~ 3dfx Cards ~
Home | Profile | Register | Active Topics | Members | Search | Search with Google | FAQ | 3dfxzone.it
Save Password
Forgot your Password?

 Other Topics
 Off topic
 New Topic  Reply to Topic
 Print topic

Author Previous Topic Topic Next Topic  


24 Posts

Posted - 28/01/2006 :  00:41:09  Show Profile  Visit Caravel's Homepage  Reply with Quote
I found in a friends windows 2000 computer a highly suspicious system service. The service has a password and nothing more description wise. The service is called "cisideve" which appears to be italian, from a quick google search, but neither google babelfish or anything else will translate it.

Your help would be very much appreciated on this one, as I expect it is hacker/trojan activity.




376 Posts

Posted - 28/01/2006 :  12:32:42  Show Profile  Visit benna's Homepage  Reply with Quote
i never heard about this service but i can help you with the translation (although i don't think that is usefull)
"cisideve" cannot be translated because it isn't a word
"ci si deve" is a part of a sentence and its translation is: "we have to"..."ourself"

my PC:
AMD Athlon64 3200+ - ASUS K8V-Deluxe - 1GB DDR400 - 3DFX Voodoo 5 5500 PCI

3DAnalyze user guide http://www.3dfxzone.it/dir/articles/template.php?id=5
Go to Top of Page


24 Posts

Posted - 28/01/2006 :  16:30:01  Show Profile  Visit Caravel's Homepage  Reply with Quote
Many thanks benna. The service, as I suspected, appears to be a program made by a script kiddy using Firedaemon, a program which allows an app to run as a win32 service. The service was there to allow a hacker to enter but it seems that the hacker failed to pull it off successfully as the file that the service entry points to doesn't exist. This is spread via a trojan called "Nabload.U" that users are tricked into downloading via microsoft's crappy msn messenger service. I believe it is spread by executable file links that suddenly appear in your conversations. It mainly effects spanish speaking msn users. The files tend to be called something like "foto.exe" or "imagen.exe". This triggers the download of another file called "navupdt.exe" which copies itself to the system32 folder and creates another folder called "services" containing "services.exe". This seems to allow access to the hacker allows them to create a service on your system to allow full remote access.

This piece of malware is fairly new, late last year, as AVG didn't identify it at first and I had to update the persons AVG, which was about 3 weeks out of date, before it would identify it.



Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Print topic
Jump To:


Forum Rules

Legal Info


Contact Us





All trademarks used are properties of their respective owners - Forum Graphics and Contents 2001 - 2014 3dfxzone.it - Forum Engine Snitz Forums