Saturday, March 31, 2012

Gimemo - France - Gendarmerie Nationale (Ransom Trojan) - 04.01.2012 - Analysis and Removal

__________________________________________________________________________________

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows|Load
"C:\DOCUME~1\owner\LOCALS~1\Temp\4A7DE4666052AD44198A.exe,"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit
"C:\WINDOWS\system32\09AE2D586052AD446FE6.exe," [53760 2012-03-31] (nJin
IMEO\msconfig.exe: [Debugger] P9KDMF.EXE
IMEO\regedit.exe: [Debugger] P9KDMF.EXE
IMEO\taskmgr.exe: [Debugger] P9KDMF.EXE
HKU\owner\...\Policies\system: [DisableRegistryTools] 1
HKU\owner\...\Policies\system: [DisableRegedit] 1


2012-03-31 18:48 - 2012-03-01 03:26 - 0960056 ____A C:\Windows\System32\winsh324
2012-03-31 18:48 - 2012-03-01 03:26 - 0960056 ____A C:\Windows\System32\winsh320
2012-03-31 18:48 - 2012-03-01 03:08 - 0960056 ____A C:\Windows\System32\winsh323
2012-03-31 18:48 - 2012-03-01 03:07 - 0960056 ____A C:\Windows\System32\winsh322
2012-03-31 18:48 - 2012-03-01 03:07 - 0960056 ____A C:\Windows\System32\winsh321
C:\WINDOWS\system32\09AE2D586052AD446FE6.exe
C:\DOCUME~1\owner\LOCALS~1\Temp\4A7DE4666052AD44198A.exe
__________________________________________________________________________________

Posted by at
Labels: , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)