da isabel » lun set 28, 2009 6:51 pm
CoolWWWSearch.Svchost32: in HKEY_USERS\S-1-5-21-507386201-295874849-1398973815-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SVCHOST.EXE (1 voce identificata come hijackers)
Win32.Agent.pz in HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\UID
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\UID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID
(3 voci identificate come 3 maleware)
Fraud.SystemSecurity in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg
e un file di programma C:\WINDOWS\Temp\_ex-08.exe
(2 voci identificate come malewareC)
inoltre
Win32.Agent.jg: [SBI $AFA60660] Cartella di programma (Cartella, nothing done)
C:\WINDOWS\system32\twain_32\
Win32.Agent.jg: [SBI $D2B4E1D7] File (File, nothing done)
C:\WINDOWS\system32\twain_32\local.ds
Properties.size=18884
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1254142326
Properties.filedatetext=2009-09-28 14.52.06
Win32.Agent.jg: [SBI $48DFF879] File (File, nothing done)
C:\WINDOWS\system32\twain_32\user.ds
Properties.size=269
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1254138892
Properties.filedatetext=2009-09-28 13.54.52
Win32.Agent.jg: [SBI $5E9C320C] File (File, nothing done)
C:\WINDOWS\system32\twext.exe
Properties.size=437760
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1234174740
Properties.filedatetext=2009-02-09 12.19.00
Win32.Iksmas.ai: [SBI $06907D50] Impostazioni (Valore di registro, nothing done)
HKEY_USERS\S-1-5-21-507386201-295874849-1398973815-1005\Software\Microsoft\Windows\CurrentVersion\FWDone
Win32.Iksmas.ai: [SBI $426323A7] Impostazioni (Valore di registro, nothing done)
HKEY_USERS\S-1-5-21-507386201-295874849-1398973815-1005\Software\Microsoft\Windows\CurrentVersion\MyID
Win32.ZBot: [SBI $603F8401] File (File, nothing done)
C:\WINDOWS\system32\sdra64.exe
Properties.size=362496
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1234174740
Properties.filedatetext=2009-02-09 12.19.00
Win32.ZBot: [SBI $8D46873E] Cartella di programma (Cartella, nothing done)
C:\WINDOWS\system32\lowsec\
Win32.ZBot: [SBI $6CF375A8] Impostazioni (Valore di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=...C:\WINDOWS\system32\sdra64.exe,...
che sono trojan