New Startup Method?

by admin

Monday, June 27th, 2011 at 10:06 am

Nick Harbour wrote on his blog about new spyware using fxsst.dll which is present on the system when the system is running as a Fax server. Seems the explorer.exe automatically loads the dll when logging on. Mubix decided to test this out with a .dll generated in Metasploit and it worked every time on his test system (WinXP) but Win7 64bit was still having issues with the dll he generated.

TL;DR – Take any malware DLL, name it fxsst.dll and drop it in C:\WINDOWS or the System32 folder and Explorer.exe will load it at boot time.

Your IP: 172.70.39.76
Hostname: 172.70.39.76

We love our country, but fear our government.