This was performed on a virtual machine
Here is what you may receive before actually getting infected.
A warning message similar to the following:Pressing OK prompts you download and run a suspicious .exe file. In my case it was "SETUP_SECURITY_DEFENDER_704[1].EXE". This is your last chance to avoid getting infected.
If you choose OK, Internet Defender starts scanning your PC and falsely claims you are infected with malware. When in fact, "Internet Defender" is the malware!Luckily this one is not overbearing and you are allowed to end the task from the task manager which for me was a command run within rundll32.exe.
Here is where the "Activate" or "Remove All" buttons will take you. Remember, you should never enter any information. This is all created by malware coders in an attempt to scam you for financial information.__________________________________________________________________________________
 |
| SAS |
Trojan.Agent/Gen-Reveton
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\CD64E813-B88C-2363-C505-6DF419E1973E.AVI
C:\DOCUMENTS AND SETTINGS\INFECTEDXP\APPLICATION DATA\CD64E813-B88C-2363-C505-6DF419E1973E.AVI
C:\WINDOWS\SYSTEM32\CD64E813-B88C-2363-C505-6DF419E1973E.AVI
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\CD64E813-B88C-2363-C505-6DF419E1973E.AVI
C:\DOCUMENTS AND SETTINGS\INFECTEDXP\APPLICATION DATA\CD64E813-B88C-2363-C505-6DF419E1973E.AVI
C:\WINDOWS\SYSTEM32\CD64E813-B88C-2363-C505-6DF419E1973E.AVI
Trojan.Agent/Gen-FakeDefender
C:\DOCUMENTS AND SETTINGS\INFECTEDXP\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4K06JYK8\SETUP_SECURITY_DEFENDER_704[1].EXE
C:\DOCUMENTS AND SETTINGS\INFECTEDXP\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4K06JYK8\SETUP_SECURITY_DEFENDER_704[1].EXE
__________________________________________________________________________________
 |
| MBAM |
Files Detected: 5
C:\Documents and Settings\infectedxp\Local Settings\Application Data\CD64E813-B88C-2363-C505-6DF419E1973E.avi (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\Documents and Settings\infectedxp\Desktop\Internet Defender.lnk (Rogue.InternetDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\infectedxp\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Defender.lnk (Rogue.InternetDefender) -> Quarantined and deleted successfully.
C:\Program Files\Internet Defender\Internet Defender.dll (Rogue.InternetDefender) -> Quarantined and deleted successfully.
C:\Program Files\Internet Defender\Internet Defender.ico (Rogue.InternetDefender) -> Quarantined and deleted successfully.
___________________________________________________________________________________
C:\Program Files\Internet Defender\Internet Defender.ico (Rogue.InternetDefender) -> Quarantined and deleted successfully.
No comments:
Post a Comment