This was performed on a live (not Virtual) machine.
 |
| RogueKiller |
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] uijultenx.exe -- C:\DOCUME~1\BFF093~1.MAU\LOCALS~1\APPLIC~1\uijultenx.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Documents and Settings\B.F. Maupin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1801674531-706699826-1177238915-1004[...]\Run : cdloader ("C:\Documents and Settings\B.F. Maupin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
__________________________________________________________________________________
 |
| SAS |
Trojan.Agent/Gen-FakeAlert[Local]
C:\DOCUMENTS AND SETTINGS\B.F. MAUPIN\LOCAL SETTINGS\APPLICATION DATA\UIJULTENX.EXE
__________________________________________________________________________________
Rootkit/hidden partition/MBR infection NOT included
__________________________________________________________________________________
No comments:
Post a Comment