15.01.2013, 06:33
tachion napisał(a): FakeAV # Braviax # Win7 Internet Security 2013
Treść widoczna jedynie dla zarejestrowanych użytkowników
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Defined registry AutoStart location created or modified: user\current_classes\.exe\shell\open\command= "C:\Users\TACHION\AppData\Local\wgc.exe" -a "%1" %*
Defined registry AutoStart location created or modified: user\current_classes\.exe\shell\open\command\IsolatedCommand = "%1" %*
Defined registry AutoStart location created or modified: user\current_classes\exefile\shell\open\command= "C:\Users\TACHION\AppData\Local\wgc.exe" -a "%1" %*
Defined registry AutoStart location created or modified: user\current_classes\exefile\shell\open\command\IsolatedCommand = "%1" %*
File deleted itself
Hide file from user: C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
Hide file from user: C:\Users\TACHION\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
Hide file from user: C:\Users\TACHION\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Hide file from user: C:\Users\TACHION\AppData\Local\Temp\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
Hide file from user: C:\Users\TACHION\AppData\Local\wgc.exe
Hide file from user: C:\Users\TACHION\AppData\Roaming\Microsoft\Windows\Templates\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
Hide file from user: C:\Windows\System32\sysprep\CRYPTBASE.DLL
Internet connection: C:\TACHION\DefaultBox\user\current\AppData\Local\wgc.exe Connects to "84.22.104.243" on port 80 (TCP - HTTP)
+ C:\Windows\System32\sysprep\CRYPTBASE.DLL
+ C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
+ C:\Users\TACHION\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
= C:\Users\TACHION\AppData\Local\GDIPFONTCACHEV1.DAT
= C:\Users\TACHION\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ C:\Users\TACHION\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DHJ76YEN\data[1] .exe
~ C:\Users\TACHION\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ C:\Users\TACHION\AppData\Local\Temp\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
+ C:\Users\TACHION\AppData\Local\Temp\d9f8d997.tmp
+ C:\Users\TACHION\AppData\Local\wgc.exe
= C:\Users\TACHION\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ C:\Users\TACHION\AppData\Roaming\Microsoft\Windows\Templates\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
- C:\Users\TACHION\Desktop\c98a38bd8fbd685246fe282a09ca3ab5.exe
Terminated process: \users\tachion\desktop\c98a38bd8fbd685246fe282a09ca3ab5.exe
Terminated process: \windows\explorer.exe
Terminated process: \windows\system32\dllhost.exe
[Aby zobaczyć linki, zarejestruj się tutaj]
KASPEREK wykrywa i usuwa te zagrożenie -> Trojan.Win32.FakeAV.pqww
••• KASPERSKY Internet Security 2018 | ZEMANA AntiMalware 2 •••