24.04.2013, 21:15
Twoja stara napisał(a):Malware:
Działanie jak Win32/Tofsee.F(trojan downloader)
Created process: null, "C:\Users\tachion\AppData\Local\Temp\1431.bat" , C:\Users\tachion\Desktop\malware
Created process: null, "C:\Users\tachion\AppData\Local\Temp\6317.bat" , C:\Users\tachion\Desktop\malware
Created process: null, "C:\Users\tachion\peqhfb.exe", null
Created process: null, "C:\Users\tachion\xyqooian.exe", null
Created process: null, svchost.exe, null
Defined code injection in process: C:\Windows\System32\svchost.exe
Defined file type created: C:\Users\tachion\xyqooian.exe
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\MSConfig = "C:\Users\tachion\xyqooian.exe"
Hid file from user: C:\Users\tachion\xyqooian.exe
Internet connection: Connects to "188.190.99.252" on port 80
Internet connection: Connects to "50.22.1.68" on port 80
Internet connection: Connects to "94.242.250.178" on port 80
Dodano: 24 kwie 2013, 22:15
I kolejna próbka :
Treść widoczna jedynie dla zarejestrowanych użytkowników