Trojan Simona - Killer MultiAV+rootkit
ciekawy trojan z rootkitem powodujący nie możność instalacji określonych programów antywirusowych bądź zabicie ich głównych procesów,eseta jak i avasta nie można było uruchomić<!-- s
-->
<!-- s
-->
[Aby zobaczyć linki, zarejestruj się tutaj]
Detailed report of suspicious malware actions:
Created a service named: AeLookupSvc
Created a service named: AudioSrv
Created a service named: CertPropSvc
Created a service named: FastUserSwitchingCompatibility
Created a service named: gpsvc
Created a service named: Ias
Created a service named: IKEEXT
Created a service named: Irmon
Created a service named: lanmanserver
Created a service named: Nla
Created a service named: Ntmssvc
Created a service named: SCPolicySvc
Defined file type created in Windows folder: C:\Windows\system32\FastUserSwitchingCompatibility.dll
Defined file type created in Windows folder: C:\Windows\system32\Nla.dll
Defined file type created in Windows folder: C:\Windows\system32\Ntmssvc.dll
Defined file type modified in Windows folder: C:\Windows\system32\Ias.dll
Defined file type modified in Windows folder: C:\Windows\system32\Irmon.dll
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\FastUserSwitchingCompatibility\DisplayName = FastUserSwitchingCompatibility
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\FastUserSwitchingCompatibility\ErrorControl = 00000001
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\FastUserSwitchingCompatibility\ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll = 43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C004600610073007400550073006500720053007700690074006300680069006E00670043006F006D007000610074006900620069006C006900740079002E0064006C006C000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\FastUserSwitchingCompatibility\Start = 00000002
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\FastUserSwitchingCompatibility\Type = 00000020
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ias\DisplayName = Ias
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ias\ErrorControl = 00000001
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ias\ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ias\Parameters\ServiceDll = 43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C004900610073002E0064006C006C000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ias\Start = 00000002
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ias\Type = 00000020
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Irmon\DisplayName = Irmon
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Irmon\ErrorControl = 00000001
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Irmon\ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Irmon\Parameters\ServiceDll = 43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C00490072006D006F006E002E0064006C006C000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Irmon\Start = 00000002
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Irmon\Type = 00000020
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Nla\DisplayName = Nla
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Nla\ErrorControl = 00000001
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Nla\ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Nla\Parameters\ServiceDll = 43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C004E006C0061002E0064006C006C000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Nla\Start = 00000002
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Nla\Type = 00000020
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ntmssvc\DisplayName = Ntmssvc
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ntmssvc\ErrorControl = 00000001
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ntmssvc\ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ntmssvc\Parameters\ServiceDll = 43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C004E0074006D0073007300760063002E0064006C006C000000
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ntmssvc\Start = 00000002
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\Ntmssvc\Type = 00000020
analiza statyczno-dynamiczna
[Aby zobaczyć linki, zarejestruj się tutaj]
[Aby zobaczyć linki, zarejestruj się tutaj]
[Aby zobaczyć linki, zarejestruj się tutaj]