13.04.2012, 07:05
Waves97 napisał(a):I''m sorry but I was wrong. There actually is no single sample. If you can give a sample of this scan[Aby zobaczyć linki, zarejestruj się tutaj]
Okay (pw:infected):
Treść widoczna jedynie dla zarejestrowanych użytkowników
Dodano: 11 Apr 2012, 8:39
Malware info:
SHA256: 01bccdddf4b5bdd7f7692a0509eff9320712c22efc4aa8cff7751b18cee2d5e2
SHA1: d68db239265d900c06dadd98b23cdd74de82626a
MD5: 40632f34782e0e5088ac8374b8fe781a
File size: 331.6 KB ( 339530 bytes )
VT info:
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\Software\Microsoft\Active Setup\Installed Components\{EF3FACFA-47E2-BAFC-DE6A-FC9E8FDAE5BD}\StubPath: "%Appdata%\Application\Steamm.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Windows Defender: "%Appdata%\Application\Steamm.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender: "%Appdata%\Application\Steamm.exe"
HKCU\Software\Microsoft\Active Setup\Installed Components\{EF3FACFA-47E2-BAFC-DE6A-FC9E8FDAE5BD}\StubPath: "%Appdata%\Application\Steamm.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender: "%Appdata%\Application\Steamm.exe"
Files:
%Appdata%\Application\Steam
%Appdata%\Application\Steamm.exe
The System has caused BSOD when removing malicious file!
Treść widoczna jedynie dla zarejestrowanych użytkowników
Dodano: 11 Apr 2012, 12:25
Malware info:
SHA256: 9c9f714ce58ac7b34dfbed1d561f65236f16251f82ac197b3c29840166616af4
SHA1: dc48ab189eb53e3a348e0ca26eb6e7cff9dc5cc7
MD5: 19af9ace0f34a481844534e92c6ec6cd
File size: 43.4 KB ( 44427 bytes )
VT info:
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Bron-Spizaetus: ""%WinDir%\ShellNew\RakyatKelaparan.exe""
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus-3444: ""%Local Appdata%\br7911on.exe""
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus: ""
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: "Explorer.exe "%WinDir%\KesenjanganSosial.exe""
HKLM\System\CurrentControlSet\Control\SafeBoot\AlternateShell: "cmd-brontok.exe"
Files:
%Local Appdata%\br7911on.exe
%Local Appdata%\csrss.exe
%Local Appdata%\inetinfo.exe
%Local Appdata%\ListHost16.txt
%Local Appdata%\lsass.exe
%Local Appdata%\services.exe
%Local Appdata%\smss.exe
%Local Appdata%\Update.16.Bron.Tok.bin
%Local Appdata%\winlogon.exe
%Startup%\Empty.pif
%Profile%\Templates\14004-NendangBro.com
%WinDir%\SHELLNEW\RakyatKelaparan.exe
%SysDir%\Administrator''s Setting.scr
%SysDir%\cmd-brontok.exe
%WinDir%\Tasks\At1.job
%WinDir%\Tasks\At2.job
%WinDir%\KesenjanganSosial.exe VT Info:[Aby zobaczyć linki, zarejestruj się tutaj]
Treść widoczna jedynie dla zarejestrowanych użytkowników
Dodano: 12 Apr 2012, 10:59
Malware info:
SHA256: b7f0282cec41627b55e82db19a05e09e2285e42e5525c2f82b4bd00a6be19c4f
SHA1: a889d05ab0845dda6a2c9c272651cbdf4b676fb9
MD5: 98818c3b11dfe2113000af641c0b2b43
File size: 325.5 KB ( 333312 bytes )
VT info (24/42):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\Software\Microsoft\Active Setup\Installed Components\{FC1CDBE3-CBBE-AEAD-BDF3-2DA09DACB82E}\StubPath: "%Appdata%\06JOWEM4XN.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Atualizacoes de Seguranca: "%Appdata%\06JOWEM4XN.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Atualizacoes de Seguranca: "%Appdata%\06JOWEM4XN.exe"
HKCU\Software\Microsoft\Active Setup\Installed Components\{FC1CDBE3-CBBE-AEAD-BDF3-2DA09DACB82E}\StubPath: "%Appdata%\06JOWEM4XN.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\systemessec: "%Appdata%\cryptado.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Atualizacoes de Seguranca: "%Appdata%\06JOWEM4XN.exe"
Files:
%Appdata%\06JOWEM4XN.exe VT info (0/42):[Aby zobaczyć linki, zarejestruj się tutaj]
%Appdata%\cryptado.exe
%Appdata%\keykey
%Appdata%\YoICB.txt
Treść widoczna jedynie dla zarejestrowanych użytkowników
Dodano: 13 Apr 2012, 10:05
Malware info:
SHA256: 7353c52cc5e4776407792f4ad2dd050180b0ba5e8facc2e288e4be7d15b1c995
SHA1: 96f0086c92072825394f0e67c12f121aa6b75876
MD5: 8e9e5d1a4878dcc7fa139a61b898faf1
File size: 258.6 KB ( 264758 bytes )
VT info (22/42):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\Software\Microsoft\Active Setup\Installed Components\{ADD6FCD3-B162-A83D-72EE-BCECCFDDF8BA}\StubPath: "%Appdata%\QS8S6MUNIY.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Windows Defender: "%Appdata%\QS8S6MUNIY.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender: "%Appdata%\QS8S6MUNIY.exe"
HKCU\Software\Microsoft\Active Setup\Installed Components\{ADD6FCD3-B162-A83D-72EE-BCECCFDDF8BA}\StubPath: "%Appdata%\QS8S6MUNIY.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender: "%Appdata%\QS8S6MUNIY.exe"
Files:
%Appdata%\DGH
%Appdata%\ QS8S6MUNIY.exe
%Temp%\pic0.tmp
%Temp%\tn0010.tmp
Treść widoczna jedynie dla zarejestrowanych użytkowników