30.07.2012, 21:00
Waves97 napisał(a):Rootkit Zero Access
Treść widoczna jedynie dla zarejestrowanych użytkowników[Aby zobaczyć linki, zarejestruj się tutaj]
To nie rootkit to ZeroAcces - sirefef z bardzo wysoką entropią 7,63
Code injection in process: c:\windows\system32\cmd.exe
Created process: C:\Windows\system32\cmd.exe,(null),(null)
Detected privilege modification
Hide file from user: C:\Users\tachion\AppData\Local\{1376f694-f42f-02da-64eb-7e79aa9d1bf7}\@
Hide file from user: C:\Users\tachion\AppData\Local\{1376f694-f42f-02da-64eb-7e79aa9d1bf7}\n
Hide folder from user: C:\Users\tachion\AppData\Local\{1376f694-f42f-02da-64eb-7e79aa9d1bf7}
Internet connection: C:\Users\tachion\Desktop\malware2\Zero Access\44DB432F1A161BEC1A329DED1997B7F8.exe Connects to "208.91.207.10" on port 80 (TCP - HTTP).
Internet connection: C:\Users\tachion\Desktop\malware2\Zero Access\44DB432F1A161BEC1A329DED1997B7F8.exe Connects to "213.108.252.185" on port 80 (TCP - HTTP).
Query DNS: api.twitter.com
Query DNS: promos.fling.com