26.04.2012, 18:42
Trojan W32RansomCrypt.B
ukrywa i koduje pliki tak
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\CryptSvc\SBIE_ControlsAccepted = 85000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\CryptSvc\SBIE_CurrentState = 04000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\CryptSvc\SBIE_ProcessId = A40E0000
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\Cyewey = C:\Users\tachion\AppData\Roaming\Cyewey.exe
File copied itself
Hide file from user: F:\muzyka\AlbumArt_{36796EAE-4BB8-4E22-95E8-5B873B91B781}_Large.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{36796EAE-4BB8-4E22-95E8-5B873B91B781}_Small.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{A0386C9E-D269-4F2D-99A1-870FABDB396A}_Large.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{A0386C9E-D269-4F2D-99A1-870FABDB396A}_Small.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{AA184337-6AD9-4A77-808F-32C1CBFEBBBF}_Large.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{AA184337-6AD9-4A77-808F-32C1CBFEBBBF}_Small.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{EC2D853C-F3D0-4E76-9493-EA062C410F52}_Large.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{EC2D853C-F3D0-4E76-9493-EA062C410F52}_Small.jpg.EnCiPhErEd
Trojan-Dropper.Win32.Xpaj
ukrywa i koduje pliki tak
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\CryptSvc\SBIE_ControlsAccepted = 85000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\CryptSvc\SBIE_CurrentState = 04000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\CryptSvc\SBIE_ProcessId = A40E0000
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\Cyewey = C:\Users\tachion\AppData\Roaming\Cyewey.exe
File copied itself
Hide file from user: F:\muzyka\AlbumArt_{36796EAE-4BB8-4E22-95E8-5B873B91B781}_Large.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{36796EAE-4BB8-4E22-95E8-5B873B91B781}_Small.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{A0386C9E-D269-4F2D-99A1-870FABDB396A}_Large.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{A0386C9E-D269-4F2D-99A1-870FABDB396A}_Small.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{AA184337-6AD9-4A77-808F-32C1CBFEBBBF}_Large.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{AA184337-6AD9-4A77-808F-32C1CBFEBBBF}_Small.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{EC2D853C-F3D0-4E76-9493-EA062C410F52}_Large.jpg.EnCiPhErEd
Hide file from user: F:\muzyka\AlbumArt_{EC2D853C-F3D0-4E76-9493-EA062C410F52}_Small.jpg.EnCiPhErEd
[Aby zobaczyć linki, zarejestruj się tutaj]
Treść widoczna jedynie dla zarejestrowanych użytkowników
Trojan-Dropper.Win32.Xpaj
[Aby zobaczyć linki, zarejestruj się tutaj]
[Aby zobaczyć linki, zarejestruj się tutaj]
Treść widoczna jedynie dla zarejestrowanych użytkowników