|
Title: Protecting yourself from Magic PS 1.5 Second Edition Post by: Mark David on January 04, 2007, 11:58:45 PM A lot, and I mean a lot of people are infected with Magic PS. Especially with Magic PS 1.5 Second Edition. If you don't know what is Magic PS. Magic PS is a trojan, simply a program that steal your Yahoo! Messenger 5 or 6 user name and password to the sender. Magic PS 1.5 SE no longer show itself in the Message Archive, so checking there won't help.
If the sender is stupid enough, he/she would sent you the file "sender.exe", DO NOT accept it because it is the default name for a MPS created file. Check your computer for certain files such as these: regsvr.exe in c:\Winnt or c:\Windows ; depends on version of Windows MsAgent32.exe in c:\*Win installed folder*\system 32 Perflib-Perfdata in c:\*Win installed folder*\System32 PIF in c:\*Win installed folder* NTMSJRLN in c:\*Win installed folder*\system32\NtmsData Sender.exe MPSmmtask0.exe in c:\Documents settings\*User Name*\Local settings\Temp The sender.exe (can be any name) file may also contain a text string "UPX-Scrambler RC1.x -> ?OnT?oL". You can see this by using a hex editor, etc. MPS 1.5 SE hides the (sender/hacker) Yahoo! ID in the sender.exe file, it is scrambled so even with a hex-editor, you still cannot view it. To reveal the (sender/hacker) Y! ID, simply reverse-engineer the sender.exe file. Be warned that Magic PS 1.6 will be release in the near future. Keep an eye out on the file that whoever sent you, you'll probably be safe. Hope this helps everyone and understandable, because I'm so sleepy when I wrote this =P |