Sterist
September 3rd, 2006, 05:40
my computor got hit with spyware last night, so i ran a VirusScan (via security software named "McAfee") and when i got up this morning, no spyware was found. however, there was 1 "infected" file, as it says, and the trojan's name was PSPbrick.
in the infected-file manager window i extended the directory cell to see where it was located, and it was in a file called:
PSP_devhook_memstick.rar
(yes, it detected it while it was still in the rar :) )
after that, i loaded up the security's trojan database on the web, and this trojan's effects are quite a surprise. heres the link to the database:
EDIT: link doesnt work. heres copy / paste:
(sorry, dont have time to sort out the info)
PSPBrickType Trojan SubType - Discovery Date 10/06/2005 Length 3,848 bytes Minimum DAT 4603 (10/12/2005) Updated DAT 4814 (07/25/2006) Minimum Engine 4.4.00 Description Added 10/11/2005 Description Modified 10/11/2005 3:53 PM (PT) Type Type of threat.
SubType Additional type information.
Discovery Date Date that AVERT discovered this threat.
Length File size, in bytes, of the threat.
Minimum DAT McAfee DAT files contain detection and repair information for threats. The Minimum DAT field specifies the lowest/oldest DAT version that is capable of detecting the first incarnation of a threat, and the release date. The highest/newest DAT version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Each description displays the minimum, fully tested, DAT version that includes regular detection for a particular threat. These fully tested DATs are released on a daily basis. If necessary, they are also released when a Medium, Medium On Watch, or High risk threat is discovered. An EXTRA.DAT will also be posted for these more prevalent threats, if necessary.
For each description listed, detection is always available. In the event that the DAT version specified is not yet available, an EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page. Alternatively, minimally tested HOURLY BETA DAT files are available for downloading.
Updated DAT McAfee DAT files are constantly being updated to enhance detection capabilities. The Updated DAT field specifies the released DAT version that contains the most up to date detection.
Minimum Engine The scan engine uses the DAT files to detect threats. The Minimum Engine field specifies the lowest/oldest engine version that is capable of detecting this threat. The highest/newest engine version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Description Added Date/time this description was published using Pacific Time.
Description Modified Date/time this description was last modified using Pacific Time.
Risk Assessment
Corporate User Low
Home User Low Tab Navigation
"OVERVIEW":
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Aliases
PSP/Format.A (Panda) Troj/PSPBrick-A (Sophos) TROJ_PSPBRICK.A (Trend) Trojan.PSP.Brick.a (AVP)
"CHARACTERISTICS":
This trojan purports to be a firmware hack for the Sony PlayStation Portable (PSP). This trojan deletes files which are needed to start the machine.
When run, a message is displayed:
PSP TEAM 2.0 Exploit Hack the 2.0 firmware
Thank's to toc2rta for the 2.0 exploit :)
The following files are deleted:
/vsh/etc/index.dat /kd/loadcore.prx /kd/loadexec.prx /kd/init.prx Then a final message is displayed:
Your 2.0 is hacked please reboot
Thank you PSP Team the french team
F*Ck yoshihiro and SonyxTeam Looser
(content modified with *)
Symptoms
The previous messages will be displayed The PSP will not restart after the trojan is run Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something desirable.
Removal
-
Variants
Variants
N/A
"SYMPTOMS":
Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Aliases
PSP/Format.A (Panda) Troj/PSPBrick-A (Sophos) TROJ_PSPBRICK.A (Trend) Trojan.PSP.Brick.a (AVP) Characteristics
This trojan purports to be a firmware hack for the Sony PlayStation Portable (PSP). This trojan deletes files which are needed to start the machine.
When run, a message is displayed:
PSP TEAM 2.0 Exploit Hack the 2.0 firmware
Thank's to toc2rta for the 2.0 exploit :)
The following files are deleted:
/vsh/etc/index.dat /kd/loadcore.prx /kd/loadexec.prx /kd/init.prx Then a final message is displayed:
Your 2.0 is hacked please reboot
Thank you PSP Team the french team
F*Ck yoshihiro and SonyxTeam Looser
(content modified with *)
Symptoms
The previous messages will be displayed The PSP will not restart after the trojan is run Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something desirable.
Removal
-
Variants
Variants
N/A
_______________
spreading word could potentially save a couple hundred PSPs.
in the infected-file manager window i extended the directory cell to see where it was located, and it was in a file called:
PSP_devhook_memstick.rar
(yes, it detected it while it was still in the rar :) )
after that, i loaded up the security's trojan database on the web, and this trojan's effects are quite a surprise. heres the link to the database:
EDIT: link doesnt work. heres copy / paste:
(sorry, dont have time to sort out the info)
PSPBrickType Trojan SubType - Discovery Date 10/06/2005 Length 3,848 bytes Minimum DAT 4603 (10/12/2005) Updated DAT 4814 (07/25/2006) Minimum Engine 4.4.00 Description Added 10/11/2005 Description Modified 10/11/2005 3:53 PM (PT) Type Type of threat.
SubType Additional type information.
Discovery Date Date that AVERT discovered this threat.
Length File size, in bytes, of the threat.
Minimum DAT McAfee DAT files contain detection and repair information for threats. The Minimum DAT field specifies the lowest/oldest DAT version that is capable of detecting the first incarnation of a threat, and the release date. The highest/newest DAT version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Each description displays the minimum, fully tested, DAT version that includes regular detection for a particular threat. These fully tested DATs are released on a daily basis. If necessary, they are also released when a Medium, Medium On Watch, or High risk threat is discovered. An EXTRA.DAT will also be posted for these more prevalent threats, if necessary.
For each description listed, detection is always available. In the event that the DAT version specified is not yet available, an EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page. Alternatively, minimally tested HOURLY BETA DAT files are available for downloading.
Updated DAT McAfee DAT files are constantly being updated to enhance detection capabilities. The Updated DAT field specifies the released DAT version that contains the most up to date detection.
Minimum Engine The scan engine uses the DAT files to detect threats. The Minimum Engine field specifies the lowest/oldest engine version that is capable of detecting this threat. The highest/newest engine version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Description Added Date/time this description was published using Pacific Time.
Description Modified Date/time this description was last modified using Pacific Time.
Risk Assessment
Corporate User Low
Home User Low Tab Navigation
"OVERVIEW":
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Aliases
PSP/Format.A (Panda) Troj/PSPBrick-A (Sophos) TROJ_PSPBRICK.A (Trend) Trojan.PSP.Brick.a (AVP)
"CHARACTERISTICS":
This trojan purports to be a firmware hack for the Sony PlayStation Portable (PSP). This trojan deletes files which are needed to start the machine.
When run, a message is displayed:
PSP TEAM 2.0 Exploit Hack the 2.0 firmware
Thank's to toc2rta for the 2.0 exploit :)
The following files are deleted:
/vsh/etc/index.dat /kd/loadcore.prx /kd/loadexec.prx /kd/init.prx Then a final message is displayed:
Your 2.0 is hacked please reboot
Thank you PSP Team the french team
F*Ck yoshihiro and SonyxTeam Looser
(content modified with *)
Symptoms
The previous messages will be displayed The PSP will not restart after the trojan is run Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something desirable.
Removal
-
Variants
Variants
N/A
"SYMPTOMS":
Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Aliases
PSP/Format.A (Panda) Troj/PSPBrick-A (Sophos) TROJ_PSPBRICK.A (Trend) Trojan.PSP.Brick.a (AVP) Characteristics
This trojan purports to be a firmware hack for the Sony PlayStation Portable (PSP). This trojan deletes files which are needed to start the machine.
When run, a message is displayed:
PSP TEAM 2.0 Exploit Hack the 2.0 firmware
Thank's to toc2rta for the 2.0 exploit :)
The following files are deleted:
/vsh/etc/index.dat /kd/loadcore.prx /kd/loadexec.prx /kd/init.prx Then a final message is displayed:
Your 2.0 is hacked please reboot
Thank you PSP Team the french team
F*Ck yoshihiro and SonyxTeam Looser
(content modified with *)
Symptoms
The previous messages will be displayed The PSP will not restart after the trojan is run Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something desirable.
Removal
-
Variants
Variants
N/A
_______________
spreading word could potentially save a couple hundred PSPs.