Monday 2 November 2009

BlockScanner Rogue

Ran into a new rogue today called BlockScanner:



Here's a FreeFixer log which shows what modifications the Block Scanner software did on the infected computer:

FreeFixer v0.48 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2009-11-02 13:03


Registry Startups (3 whitelisted)
HKLM\..\Run, 0079dcbc.exe = C:\WINDOWS\system32\0079dcbc.exe
HKCU\..\Run, goz21.tmp.exe = C:\WINDOWS\system32\goz21.tmp.exe
HKCU\..\Run, BlockScanner = C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe -min

Processes (20 whitelisted)
C:\Program Files\FreeFixer\freefixer.exe
C:\DOCUME~1\roger\LOCALS~1\Temp\goz21.tmp.exe
C:\DOCUME~1\roger\LOCALS~1\Temp\nqn22.tmp.exe
C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe

Recently created/modified files (1 whitelisted)
3 minutes, c:\Program Files\BlockScanner Software\BlockScanner\uninstall.exe
3 minutes, c:\Documents and Settings\roger\Local Settings\Temp\nsu20.tmp\nsProcess.dll
3 minutes, c:\WINDOWS\system32\goz21.tmp.exe
3 minutes, c:\WINDOWS\system32\0079dcbc.exe
3 minutes, c:\Documents and Settings\roger\Local Settings\Temp\nqn22.tmp.exe
3 minutes, c:\Documents and Settings\roger\Local Settings\Temp\goz21.tmp.exe
3 minutes, c:\Documents and Settings\roger\Local Settings\Temp\rew1E.tmp.exe
..

No comments:

Post a Comment