Saturday, June 09, 2012

ZeroAccess CLSID variant versus ComboFix

 http://www.youtube.com/watch?v=B0sY_1ZXxTU
http://youtu.be/B0sY_1ZXxTU
Posted by at No comments:
Labels: , , , , , , , , , , ,

Saturday, June 02, 2012

Live Security Platinum (FakeAV) - 06.02.2012 - Analysis and Removal



_______________________________________________________________________________


RogueKiller





¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] 529C538A0010DF0D672037BFD151FC4E.exe -- C:\Documents and Settings\All Users\Application Data\529C538A0010DF0D672037BFD151FC4E\529C538A0010DF0D672037BFD151FC4E.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKCU\[...]\RunOnce : 529C538A0010DF0D672037BFD151FC4E (C:\Documents and Settings\All Users\Application Data\529C538A0010DF0D672037BFD151FC4E\529C538A0010DF0D672037BFD151FC4E.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1454471165-492894223-854245398-1003[...]\RunOnce : 529C538A0010DF0D672037BFD151FC4E (C:\Documents and Settings\All Users\Application Data\529C538A0010DF0D672037BFD151FC4E\529C538A0010DF0D672037BFD151FC4E.exe) -> FOUND
_________________________________________________________________________________
MBAM
 




Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|529C538A0010DF0D672037BFD151FC4E (Trojan.LameShield) -> Data: C:\Documents and Settings\All Users\Application Data\529C538A0010DF0D672037BFD151FC4E\529C538A0010DF0D672037BFD151FC4E.exe -> Quarantined and deleted successfully.

Files Detected: 2
C:\Documents and Settings\All Users\Application Data\529C538A0010DF0D672037BFD151FC4E\529C538A0010DF0D672037BFD151FC4E.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Documents and Settings\thisisu\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
_________________________________________________________________________________
Other traces:

Folder: C:\Documents and Settings\All Users\Application Data\529C538A0010DF0D672037BFD151FC4E

Contains this file: 529C538A0010DF0D672037BFD151FC4E (no extension | 848 bytes)

Delete entire folder...
_________________________________________________________________________________
Posted by at No comments:
Labels: , , , , , , , , , , ,
Subscribe to: Posts (Atom)