Results 1 to 4 of 4

Thread: "Badparty-A" trojan warning

  1. 16-04-2004, 03:03 PM #1
    Paul Adams
    Paul Adams is offline
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber

    "Badparty-A" trojan warning

    Sophos write-up on "Badparty-A" trojan

    I get stacks of updates daily from Sophos on new worms etc, but this one I thought worth mentioning here due to its payload:


    Troj/Badparty-A displays a message box containing the text 'Press OK to install the party invitation...'.
    When the user clicks on OK the Trojan deletes the partition table in the master boot sector and the contents of the FAT. The Trojan then attempts to create a new partition table.

    The Trojan creates the following files, which are all copies of legitimate utilities:
    ginst0.dll in the Windows temp folder
    int86_16.dll, int86_32.dll, playme.exe and party.ini in the Windows folder

    Given that there's only been 1 report so far, and it doesn't mention any propagation method, it's not likely to cause widespread damage, but it does look a little nasty if someone were to receive and execute it.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
    Reply With Quote Reply With Quote
  2. 17-04-2004, 02:52 PM #2
    Steve
    Steve is offline
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts
    It says it deletes the FAT, but what about the MFT on NTFS drives?
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 
    Reply With Quote Reply With Quote
  3. 17-04-2004, 03:10 PM #3
    Atomic
    Atomic is offline
    Time for Walkies... Atomic's Avatar
    Join Date
    Apr 2004
    Location
    Norfolk, UK
    Posts
    1,959
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by kez
    It says it deletes the FAT, but what about the MFT on NTFS drives?
    Is it even possible to do that within Windows?

    Cheap & Reliable Website & Server Hosting
    Reply With Quote Reply With Quote
  4. 17-04-2004, 04:05 PM #4
    Steve
    Steve is offline
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts
    It is, partiton magic can do it, norton ghost and acronis true image write to the MBR from windows too.
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. A Trojan Horse I Just Can't Get Rid of...
    By pickers in forum Software
    Replies: 3
    Last Post: 12-04-2004, 12:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules