31.08.2012, 18:01
Wszystkie 3 ZA działają<!-- s--> <!-- s-->
Paczki, malware, złośliwe pliki, linki itp.
|
31.08.2012, 18:01
Wszystkie 3 ZA działają<!-- s--> <!-- s-->
31.08.2012, 18:06
ESET6
3/3
31.08.2012, 20:05
Mam ciekawą informacje na temat FakeAV - Win 8 Security Systemgadzina jedna posiada i ładuje rootkita bardzo ciekawe posunięcie<!-- s--> <!-- s-->
log wykonania i w nim zaznaczony na czerwono rootkit Automated Deployment Services (ADS) change: machine\software\microsoft\tracing\826722157075258d_rasapi32\consoletracingmask = ffff0000 Automated Deployment Services (ADS) change: machine\software\microsoft\tracing\826722157075258d_rasapi32\filedirectory = 2500770069006e0064006900720025005c00740072006100630069006e0067000000 Automated Deployment Services (ADS) change: machine\software\microsoft\tracing\826722157075258d_rasapi32\filetracingmask = ffff0000 Automated Deployment Services (ADS) change: machine\software\microsoft\tracing\826722157075258d_rasapi32\maxfilesize = 00100000 Automated Deployment Services (ADS) change: machine\software\microsoft\tracing\826722157075258d_rasmancs\consoletracingmask = ffff0000 Automated Deployment Services (ADS) change: machine\software\microsoft\tracing\826722157075258d_rasmancs\filedirectory = 2500770069006e0064006900720025005c00740072006100630069006e0067000000 Automated Deployment Services (ADS) change: machine\software\microsoft\tracing\826722157075258d_rasmancs\filetracingmask = ffff0000 Automated Deployment Services (ADS) change: machine\software\microsoft\tracing\826722157075258d_rasmancs\maxfilesize = 00100000 Checked for debuggers Checked if user is admin Code injection in process: c:\xx\tachion\defaultbox\user\current\appdata\local\826722157075258d.exe Code injection in process: c:\windows\system32\cmd.exe Created a mutex named: 5db47c90089f0685 Created a mutex named: Local\!PrivacIE!SharedMemory!Mutex Created a mutex named: Local\IESQMMUTEX_0_274 Created a mutex named: MSIMGSIZECacheMutex Created a service named: 826722157075258d.exe Created process: (null),C:\Users\tachion\AppData\Local\826722157075258d.exe,(null) Created process: (null),cmd.exe /C del /Q /F "C:\Users\tachion\AppData\Local\Temp\99c60103.tmp",(null) Defined file type created in Windows folder: C:\Windows\system32\drivers\14b1847.sys Defined file type created: C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83PVY8DV\13[1] .html Defined file type created: C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83PVY8DV\14[1] .html Defined file type created: C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC6EU9PM\alert_reg[1] .html Defined file type created: C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC6EU9PM\index[1] .html Defined file type created: C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC6EU9PM\scripts[1] .js Defined file type created: C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWGMIL5P\alert_danger[1] .html Defined file type created: C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWGMIL5P\serial[1] .html Defined file type created: C:\Users\tachion\Desktop\malware\Fake\flash.exe Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\14b1847\DisplayName = 826722157075258d.exe Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\14b1847\ImagePath = C:\Windows\system32\drivers\ 14b1847.sys Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\14b1847\Start = 00000001 Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\14b1847\Type = 00000001 Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\826722157075258d.exe = C:\Users\tachion\AppData\Local\826722157075258d.exe Got user name information Got volume information Hide file from user: C:\Users\tachion\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Hide file from user: C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat IE settings change: user\current\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range1\* = 00000001 IE settings change: user\current\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range1\:range = 127.0.0.1 Internet connection: C:\x\tachion\xx\user\current\AppData\Local\826722157075258d.exe Connects to "31.184.244.59" on port 80 (TCP - HTTP). Listed all entry names in a remote access phone book Loaded a system driver named: próba ładowania systemowego sterownika 14b1847 Opened a service named: FontCache Opened a service named: RASMAN Opened a service named: Sens Query DNS Started a service[/code]
31.08.2012, 20:06
Udało Ci się "wydobyć " Rootkita?
31.08.2012, 20:17
31.08.2012, 20:23
Bitdefender TS 2013 3/3
31.08.2012, 22:59
[Aby zobaczyć linki, zarejestruj się tutaj] 41 files - Identified as malicious on VT by tomatto007 31/41 (75,61%) spam-podszywajacy-sie-pod-znane-firmy-security-t7191.html by Waves97: 1/1 3 swieże próbki zeroaccess (z dzisiaj) by morphiusz: 3/3
Podwójne dno polega na tym, że ukrywa trzecie i czwarte...
01.09.2012, 00:15
Cytat: 2012-08-31 535 malware files Bergo
01.09.2012, 06:53
2012-08-31 535 malware files Bergo
Emsi AM 6.6415/535 (77,57%)
EIS 12 HITMAN
01.09.2012, 07:55
Comodo IS:
448/535 (85,60%) 3/3
01.09.2012, 08:26
Bergo napisał(a):Cytat: 2012-08-31 535 malware files Bergo AVG IS 2012 409/535 (76,45%)
1. PC:
Comodo Internet Security 6, WOT
01.09.2012, 08:49
KIS 2012:
431/535 ( 80,5% )
••• KASPERSKY Internet Security 2018 | ZEMANA AntiMalware 2 •••
01.09.2012, 10:20
Bergo please don''t submit packages from virussign .
01.09.2012, 16:01
Witam Wrzesień Z tej okazji Live Security Platium:
[Aby zobaczyć linki, zarejestruj się tutaj] Treść widoczna jedynie dla zarejestrowanych użytkowników
01.09.2012, 16:18
Później paka<!-- s--> <!-- s-->
01.09.2012, 16:19
AVG wykrywa po uruchomieniu.
01.09.2012, 16:26
CIS - 0/1
MBAM - 1/1 KIS 2012 - 0/1
01.09.2012, 16:30
F-Secure IS 2012 - firewall blokuje połączenie po decyzji użytkownika, ale program się uruchamia.
Sandboxie zatrzymał szkodnika. Gdyby nie on miałbym już zainfekowany system.
...
|
« Starszy wątek | Nowszy wątek »
|