Ran into a new faked anti-virus program today. This time it's called BlockProtector and claims to have found 700+ "SPYWARE Objects":
Here's a FreeFixer log from the infected system. I've marked the malware files with red:
FreeFixer v0.49 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2009-11-06 22:55
Registry Startups (3 whitelisted)
HKLM\..\Run, BlockProtector.exe = C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe
HKCU\..\Run, gdm1F.tmp.exe = C:\WINDOWS\system32\gdm1F.tmp.exe
Processes (23 whitelisted)
C:\Program Files\FreeFixer\freefixer.exe
C:\DOCUME~1\roger\LOCALS~1\Temp\gdm1F.tmp.exe
C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe
Application modules (85 whitelisted)
C:\WINDOWS\system32\MSVCR71.dll
Recently created/modified files (27 whitelisted)
2 minutes, c:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\tzchange.dll
2 minutes, c:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\tzchange.dll
2 minutes, c:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\tzchange.exe
End of FreeFixer log
Friday 6 November 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment