Ran into a new rogue today called BlockScanner:
Here's a FreeFixer log which shows what modifications the Block Scanner software did on the infected computer:
FreeFixer v0.48 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2009-11-02 13:03
Registry Startups (3 whitelisted)
HKLM\..\Run, 0079dcbc.exe = C:\WINDOWS\system32\0079dcbc.exe
HKCU\..\Run, goz21.tmp.exe = C:\WINDOWS\system32\goz21.tmp.exe
HKCU\..\Run, BlockScanner = C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe -min
Processes (20 whitelisted)
C:\Program Files\FreeFixer\freefixer.exe
C:\DOCUME~1\roger\LOCALS~1\Temp\goz21.tmp.exe
C:\DOCUME~1\roger\LOCALS~1\Temp\nqn22.tmp.exe
C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe
Recently created/modified files (1 whitelisted)
3 minutes, c:\Program Files\BlockScanner Software\BlockScanner\uninstall.exe
3 minutes, c:\Documents and Settings\roger\Local Settings\Temp\nsu20.tmp\nsProcess.dll
3 minutes, c:\WINDOWS\system32\goz21.tmp.exe
3 minutes, c:\WINDOWS\system32\0079dcbc.exe
3 minutes, c:\Documents and Settings\roger\Local Settings\Temp\nqn22.tmp.exe
3 minutes, c:\Documents and Settings\roger\Local Settings\Temp\goz21.tmp.exe
3 minutes, c:\Documents and Settings\roger\Local Settings\Temp\rew1E.tmp.exe
..
Monday, 2 November 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment