Possible Trojan???(Dfind.exe)

Dev Shed Forums Sponsor:

February 3rd, 2005, 01:19 PM

ccooll00

Registered User

Join Date: Feb 2005

Posts: 1

Time spent in forums: 49 m 7 sec
Reputation Power: 0

Possible Trojan???(Dfind.exe)

hello...

Is Dfind.exe some known trojan or a virus?. This program is running on my computer and it is taking up all the CPU. If i look at the tast manager, it is showing that the Dfind.exe is taking close to 80 of the CPU. I ran couple of antivirus software such as zone alarm and also bit defender pro. but none of these were any help..

any suggestion on how to get rid of this..

thanks..

February 3rd, 2005, 11:14 PM

RogueServ

Contributing User

Join Date: Dec 2004

Posts: 102

Time spent in forums: 1 Day 11 h 2 m 31 sec
Reputation Power: 4

Actually, I have no idea. When I search google for it, I get these crazy Chinese sites. The only thing that comes close to even describing it in english is governmentsecurity.org...

February 4th, 2005, 09:17 AM

Grinler

Contributing User

Join Date: Feb 2004

Posts: 171

Time spent in forums: 4 h 24 m 14 sec
Reputation Power: 5

Can you post a hijackthis log so we can take a look?

I need to get samples of some of your files. Please create a folder called c:\submit. Now copy the following files into that directory:

dfind.exe

To copy the files simply navigate to the directory they are in and right click on them and then click on copy. Then paste these files into the c:\submit directory. Once the files are all copied I need you to zip the folder and rename submit.zip to yourmembername.zip (for example grinler.zip). If you are using XP or ME right-click on the folder and click on the Send To option and then send it to a compressed folder. You will now see a file called submit.zip. If you are using another version of Windows, please download a program called Winzip and zip it using that. Then go to http://www.bleepingcomputer.com/submit-malware.php fill in the required fields, and browse to the file. Then click on the Send File button.

__________________
Grinler
BleepingComputer.com: Computer Help & Tutorials for the beginning computer user

June 7th, 2005, 06:42 PM

moonlit

Registered User

Join Date: Jun 2005

Posts: 1

Time spent in forums: 4 m 24 sec
Reputation Power: 0

I've had dfind.exe running for quite some time, not knowing what it was.

Turns out its a zombie client of some kind, it opens up a lot of network connections.

It is indeed stored in c:\system volume information\tracking.\, along with some log files and batch files ot start it up.

The contents of my folder is here: http://negerkuk.com/dfind.zip

I'll submit it on the malware site.

June 8th, 2005, 11:29 AM

Grinler

Contributing User

Join Date: Feb 2004

Posts: 171

Time spent in forums: 4 h 24 m 14 sec
Reputation Power: 5

Your computer was hacked at some time and those files are being used to scan the internet for FTP servers and maybe open proxy servers.

Comments on this post

Tom Myboy agrees: Thanks for your input Grinler!

Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Possible Trojan???(Dfind.exe)

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump