This was performed on a virtual machine
__________________________________________________________________________________
This one is very similar to Privacy Protection.This entire infection, minus any potential bundled rootkits is all tied into a single bad .exe (isecurity.exe) in the %allusersprofile% directory.
__________________________________________________________________________________
 |
| RogueKiller |
¤¤¤ Bad processes: 2 ¤¤¤
[WINDOW : Internet Security] isecurity.exe -- C:\Documents and Settings\All Users\Application Data\isecurity.exe -> KILLED [TermProc]
[SUSP PATH] isecurity.exe -- C:\Documents and Settings\All Users\Application Data\isecurity.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Internet Security (C:\Documents and Settings\All Users\Application Data\isecurity.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1844237615-688789844-842925246-1003[...]\Run : Internet Security (C:\Documents and Settings\All Users\Application Data\isecurity.exe) -> FOUND
¤¤¤ Infection : Rogue.AntiSpy-SP ¤¤¤
__________________________________________________________________________________
 |
| MBAM |
Files Detected: 2
C:\Documents and Settings\All Users\Application Data\isecurity.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\infectedxp\Local Settings\temp\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
__________________________________________________________________________________
 |
| MGtools |
"C:\Documents and Settings\All Users\Desktop\"
intern~1.lnk Feb 23 2012 794 "Internet Security.lnk"
__________________________________________________________________________________
Misc notes:
Use a tool such as RogueKiller or RKill to stop isecurity.exe from running. The majority of .exe applications will be immediately closed and reported as infected until you do.
___________________________________________________________________________________
No comments:
Post a Comment