.Net Virus tt6ynew.exe Part 2

During past night my brother ‘Komeil’ has just deleted all the contents from that mother f…er’s SQL Server and the other day when we checked out he has just changed his SQL server password and as I’ve mentioned in my earlier post the user name and password for the Database is hard coded so the virus cannot do its job any more.
 
as my brother said there were 250,000,000+ record in just one of his tables, WOW… look like he’s been doing just fine.
 
Hey we’ve cleaned one virus from face of internet and I’m proud myself for that 😀
Sadjad Bahmanpour

3 thoughts on “.Net Virus tt6ynew.exe Part 2”

  1. I say you two form another company and go for anti-virus software development 😉 Good job brothers …By the way you haven’t answered my question and I already have another one … what does it actually used to save in its tables?

  2. Hi Sami,
    FYI, it’s full of usernames and hashed passwords. This time it was filled in with 30 million records. He forgot to alter his other username/password’s policy over the database, so I managed to clean his whole database again: http://blog.komeil.com/2010/02/tt6ynewexe-net-virus-ok8comru-database.html
    Oh and this is the second "documented" one by either of us, since the first was "Total Security Rogue", which I have actually written a CMD patch known as "Chortkeh Virus Removal for Total Security": http://blog.komeil.com/2009/09/remove-total-security-tscexe-rogue-anti.html

Leave a Reply