12.05.2012, 20:57
FAKEAV- Smart Fortress 2012
Created process: (null),"C:\ProgramData\F4D55F3B0010870E64318881B4EB238B\F4D55F3B0010870E64318881B4EB238B.exe" "C:\Users\tachion\Desktop\1cc8f8c4d02ff5085c2fd9f1dfcb15f5\files\1cc8f8c4d02ff5085c2fd9f1dfcb15f5.exe",(null)
Defined file type created: C:\ProgramData\F4D55F3B0010870E64318881B4EB238B\F4D55F3B0010870E64318881B4EB238B.exe
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\luafv\Start = 01000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\wuauserv\Start = 04000000
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\RunOnce\F4D55F3B0010870E64318881B4EB238B = C:\ProgramData\F4D55F3B0010870E64318881B4EB238B\F4D55F3B0010870E64318881B4EB238B.exe
Detected keylogger functionality
Detected process privilege elevation
Enumerated running processes
File copied itself
File deleted itself
Got computer name
Got user name information
Got volume information
Internet connection: C:\Users\tachion\Desktop\1cc8f8c4d02ff5085c2fd9f1dfcb15f5\files\1cc8f8c4d02ff5085c2fd9f1dfcb15f5.exe Connects to "220.164.140.246" on port 80 (TCP - HTTP).
[Aby zobaczyć linki, zarejestruj się tutaj]
Detailed report of suspicious malware actions:Created process: (null),"C:\ProgramData\F4D55F3B0010870E64318881B4EB238B\F4D55F3B0010870E64318881B4EB238B.exe" "C:\Users\tachion\Desktop\1cc8f8c4d02ff5085c2fd9f1dfcb15f5\files\1cc8f8c4d02ff5085c2fd9f1dfcb15f5.exe",(null)
Defined file type created: C:\ProgramData\F4D55F3B0010870E64318881B4EB238B\F4D55F3B0010870E64318881B4EB238B.exe
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\luafv\Start = 01000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\wuauserv\Start = 04000000
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\RunOnce\F4D55F3B0010870E64318881B4EB238B = C:\ProgramData\F4D55F3B0010870E64318881B4EB238B\F4D55F3B0010870E64318881B4EB238B.exe
Detected keylogger functionality
Detected process privilege elevation
Enumerated running processes
File copied itself
File deleted itself
Got computer name
Got user name information
Got volume information
Internet connection: C:\Users\tachion\Desktop\1cc8f8c4d02ff5085c2fd9f1dfcb15f5\files\1cc8f8c4d02ff5085c2fd9f1dfcb15f5.exe Connects to "220.164.140.246" on port 80 (TCP - HTTP).
Treść widoczna jedynie dla zarejestrowanych użytkowników
[Aby zobaczyć linki, zarejestruj się tutaj]