Показано с 1 по 16 из 16.

Maybe, Trojan Downloader.

  1. #1
    Junior Member Репутация Репутация Репутация Репутация
    Регистрация
    19.12.2007
    Адрес
    New Jersey, USA
    Сообщений
    83
    Вес репутации
    36

    Thumbs up Maybe, Trojan Downloader.

    This is a virtualized malware infection!! This must be at the top of the list of difficult to clean.
    Maybe, Trojan Downloader. Attaches to partitions and attached drives. May have stealth or defense. Cripples KAV 7.0. Affects web connections to anti spy and like sites.
    Does not like Returnil with vista, crashes my computer, only possible to reinstall OS.

    Sorry I can't be more specific, I have wiped the original install that the infector came from. Too scared to plug in usb flash, unless I plan to wipe.

    I have plugged it in to reinfect myself. I know.

    and pinfect.zip.

    Upon load it takes a snapshot of everywhere. **[{update--It is doing this to virtualize the computer for self preservation}]**So I guess it is determining a course of action by gathering information. A report is probably sent to someone, then Pinfect.zip appears later. It's not a virus, some type of RAT. The root never seems to leave, which means it probably is on a device, or peripheral device. That explains why crashes occur with Returnil, because they are inside already. With virtualization they can't update their root with more tools. Eventually they will get to a point where they will install a frag router if I compensate for the infection. I currently cannot access online security scanners, Trend, Panda...this occurring from the root portion. Which means they are using java in some way to manage my computer. My ability to help myself is injured.

    I feel there is a part A and Part B. A. being a rootkit that is independent of the infection. B. is the Trojan downloader.
    The rootkit is interfering with the function of the security tools, like AVZ, Gmer, RKR, RKHookanalyzer, Raide, Vice, HJT, and online scans, Trend, Panda and the like. That explains why crashes occur with Returnil, because they are inside already. With virtualization they can't update their root with more tools.

    The reason I know what the Trojan does, I have plugged the flash drive in while running Process monitor. To determine what occurs. It checks everywhere, systematically.

    This is where HJT is storing the Hijackthis Log-
    C:\Users\N00dleIT\AppData\Local\VirtualStore\Progr am Files\Hijackdis\hijackthis.log
    Too long to be the HJT folder.

    These scans-----v will not show anything in a virtualized malware infection!!!
    Вложения Вложения
    Последний раз редактировалось Simple10; 29.02.2008 в 06:00. Причина: Virtualized malware infection.
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
    -Albert Einstein

  2. #2
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для rubin
    Регистрация
    15.10.2007
    Адрес
    Казань
    Сообщений
    2,934
    Вес репутации
    538
    Execute in AVZ:
    Код:
    begin
     SearchRootkit(true, true);
     SetAVZGuardStatus(true);
     QuarantineFile('C:\Users\N00dleIT\AppData\Local\Temp\ECAAMBP.exe','');
     QuarantineFile('C:\Users\N00dleIT\AppData\Local\Temp\UUBREX.exe','');  
     BC_ImportQuarantineList;
     BC_Activate;
     RebootWindows(true);
    end.
    Send the quarantine according to the rules - http://virusinfo.info/upload_virus_eng.php?tid=18811

  3. #3
    Junior Member Репутация Репутация Репутация Репутация
    Регистрация
    19.12.2007
    Адрес
    New Jersey, USA
    Сообщений
    83
    Вес репутации
    36
    Strange thing occured. I ran the script, it rebooted.
    After the reboot this message appeared:

    Toshiba flash card could not be started.
    Close the program and check for a solution online
    Close the program <----I chose this.****

    Details:
    Problem signature:
    Problem Event Name: BEX
    Application Name: TCrdMain.exe
    Application Version: 1.0.0.19
    Application Timestamp: 46529c16
    Fault Module Name: mscorwks.dll
    Fault Module Version: 2.0.50727.312
    Fault Module Timestamp: 45372457
    Exception Offset: 00226cd3
    Exception Code: c0000409
    Exception Data: 00000000
    OS Version: 6.0.6000.2.0.0.768.3
    Locale ID: 1033
    Additional Information 1: d637
    Additional Information 2: f0c24c321e1d972d395dee47d493e07e
    Additional Information 3: 4421
    Additional Information 4: 8848fe80b1d05c672b12c7817a4b4986

    Read our privacy statement:
    http://go.microsoft.com/fwlink/?link...3&clcid=0x0409

    I went to AVZ Quarentine folder view, empty. Checked the physical location, because there is a virtual part to this infection. There is a modify date of 3/1 but no files. I checked some of the virtual locations to see if it were there, no luck.
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
    -Albert Einstein

  4. #4
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для rubin
    Регистрация
    15.10.2007
    Адрес
    Казань
    Сообщений
    2,934
    Вес репутации
    538
    C:\Users\N00dleIT\AppData\Local\Temp\ECAAMBP.exe
    C:\Users\N00dleIT\AppData\Local\Temp\UUBREX.exe

    Can you pack them manually and send? Don't forget to protect quarantine by password "virus"

  5. #5
    Junior Member Репутация Репутация Репутация Репутация
    Регистрация
    19.12.2007
    Адрес
    New Jersey, USA
    Сообщений
    83
    Вес репутации
    36
    Those Two files do not exist at that location. Either through AVZ or windows search.
    I did some research and found these files on my computer:

    C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

    Apparently, it may be a Virtuamonde infection as referenced here:
    http://www.techspot.com/vb/topic96826.html

    This file is not found on google: uzm2ndi3.sys
    It exists on my computer at this location: C:\Windows\System32\drivers\uzm2ndi3.sys
    Zero information is a bad thing?

    The original threat probably had been crafted in Javascript as part of a web page.
    Are there limits to the type of threat developed in Javascript?

    This is not good:
    The presentation will first present how to generically (i.e. not relaying on any implementation bug) insert arbitrary code into the latest Vista Beta 2 kernel (x64 edition), thus effectively bypassing the (in)famous Vista policy for allowing only digitally singed code to be loaded into kernel. The presented attack does not requite system reboot.

    Next, the new technology for creating stealth malware, code-named Blue Pill, will be presented. Blue Pill utilizes the latest virtualization technology from AMD - Pacifica - to achieve unprecedented stealth.
    Subverting Vista Kernel For Fun And Profit
    Joanna Rutkowska, Senior Security Researcher, COSEINC

    Добавлено через 11 часов 22 минуты

    I scanned with MWAV/Escan and there were some hits.
    Here are the highlights:
    Object "kazaa Spyware/Adware" found in file system
    Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in file system
    Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in file system
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\vsav b7rt.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\syst em.enterpriseservices.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\msco rrc.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\msco rdbi.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\msco rsec.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\syst em.configuration.install.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\micr osoft.vsa.vb.codedomprocessor.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\wmin et_utils.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\micr osoft.jscript.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\dias ymreader.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\ieho st.dll"
    Entry "HKLM\Software\Microsoft\Windows\current version\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\V1.0.3705\syst em.data.dll"
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Programdata\Kaspersky Lab\AVP7\Data"
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Programdata\Kaspersky Lab\AVP7\Dskm"
    Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\FileExts" refers to invalid object ".22"
    " " ".C7483456-A289-439d-8115-601632D005A0"
    " " ".rar"
    File "C:\Program Files\Toshiba\Configfree\CFSSERV.EXE" infected by "NULL.Corrupted" Virus!

    I can't attach the Log. The .txt is 10.8MB and the .zip is 755kb. The available space is 355kb
    Последний раз редактировалось Simple10; 02.03.2008 в 12:53. Причина: Добавлено <--??I POSTED 24 HOURS AGO-48hrs?.
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
    -Albert Einstein

  6. #6
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для rubin
    Регистрация
    15.10.2007
    Адрес
    Казань
    Сообщений
    2,934
    Вес репутации
    538
    This file is not found on google: uzm2ndi3.sys
    That is AVZ driver.

    ftp://ftp.kaspersky.ru/utils/getsyst...SystemInfo.exe

    Pack the sysinfo.txt and attach it

  7. #7
    Junior Member Репутация Репутация Репутация Репутация
    Регистрация
    19.12.2007
    Адрес
    New Jersey, USA
    Сообщений
    83
    Вес репутации
    36

    Attachment.

    Here you go.
    Вложения Вложения
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
    -Albert Einstein

  8. #8
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для rubin
    Регистрация
    15.10.2007
    Адрес
    Казань
    Сообщений
    2,934
    Вес репутации
    538
    Mmm... nothing strange.
    So, what are the reasons that make you sure in infection?

  9. #9
    Junior Member Репутация Репутация Репутация Репутация
    Регистрация
    19.12.2007
    Адрес
    New Jersey, USA
    Сообщений
    83
    Вес репутации
    36
    1. Hijackthis saves log reports not in C:\Program Files\Trendmicro\Hijackthis, but in C:\Users\N00dleIT\AppData\Local\VirtualStore\Progr am Files\Hijackdis\hijackthis.log. I did not set it this way it did this by it self. As far as I know, it is not supposed to do that.
    Does that mean some type of virtualization?
    Previously on this computer it saved logs where it was supposed to.

    2. All Vista compatible Rootkit scanners do not work properly. including AVZGuard.

    Gmer shows some issues but does not highlight in red problems. It shows export tables and ntdll.dll hook.
    Rootkit Revealer runs in a different window, I get, Interactive Services Dialog Detection, the screen blanks out and the scan is performed in a different environment, finding 285,000+ discrepencies.
    VICE opens but will not run.
    RAIDE opens but does not run.
    RK Hook Analyzer is directly affected by the virtualization and does not run.
    RKU in combination with Webroot Registry guard, if I allow the random file it does not run. If I don't allow the the random file it will produce results.
    Rogue Remover, the scan takes only 2 seconds to complete, literally and finds nothing.
    Combofix originally would not run, so I waited a week and downloaded again, it worked this time but am not sure if it cleaned the trojan infection. It definately had no effect on the Rootkit.
    HijackThis is affected by the virtualization, saving the file in a place called virtual store instead of the root folder where the program is installed; C:\Users\N00dleIT\AppData\Local\VirtualStore\Progr am Files\Hijackdis.
    AVZ Runs but the AVZGuard driver is not allowed to load. Also detects export tables and an API CODE HIJACK ntdll.dll.
    F-Secure Blacklight runs but shows nothing.
    Panda, before the not working Combofix, I could get to the website but not click the scan button. After the working version of Combofix it would open a window that would stay blank. I believe Java is involved.
    Trend Micro Housecall 6.6, I can get to the Java kernal page but after that it does not function as it should. And this window pops up:

    Java Plug-in 1.6.0_04
    Using JRE version 1.6.0_04 Java HotSpot™ Client VM
    User home directory = C:\Users\N00dleIT


    ----------------------------------------------------
    c: clear console window
    f: finalize objects on finalization queue
    g: garbage collect
    h: display this help message
    l: dump classloader list
    m: print memory usage
    o: trigger logging
    p: reload proxy configuration
    q: hide console
    r: reload policy configuration
    s: dump system and deployment properties
    t: dump thread list
    v: dump thread stack
    x: clear classloader cache
    0-5: set trace level to <n>
    ----------------------------------------------------

    2008-02-28 19:35:19.726 SEVERE [java:hc.util.MachineInfo] Cannot get hostid for 10.0.0.3 using commandline utility (Return code:0 ) stdout:[] stderr:[]
    2008-02-28 19:35:19.729 SEVERE [java:hc.util.MachineInfo] Cannot run program "C:\Users\N00dleIT\.housecall6.6\getMac.exe": CreateProcess error=5, Access is denied
    2008-02-28 19:35:23.33 SEVERE [java:hc.impl.lib.activeupdate.UpdateImpl#Native] Update error=19, ActiveUpdate was unable to execute the patch update module. It may be missing or non-executable.

    Process Monitor, and it shows "service" opening every reg key, open, enum,close, on occasion create. It also did it with every file. This when I intentionally installed the infected usb flash drive so that Process Monitor could see what was occurring.
    These are the files that the trojan infection places on the computer:
    logo1_.exe - a folder 11:57pm
    rundl132.dll - a folder 11:57pm
    rundll16.exe - a folder 11:57pm
    zts2.exe - a folder 11:57pm
    Lic.xxx - a 1k file 11:57pm containing:
    [General]
    Version=9.6.8
    UpdatedByVersion=9.6.8
    iifgfgf.dll - a folder 11:57pm
    sol374 - a folder 11:57pm
    systems - a folder 11:57pm
    vcmgcd32.dll - a folder 11:57pm
    si - a folder 11:43pm
    tmp - a folder 11:34pm
    pinfect.zip .98megabytes 11:54pm


    3. My HD cranks during periods of inactivity. It used to crank all the time, but after saying something on the forums that changed.

    It has something to do with virtualization on my system. I have not set up any virtualization. No Returnil, No BufferZone, No Deep Freeze, No Virtual PC, NO Virtual Machine, and yet files are duplicated and security tools do not work.

    It is Virtualization Malware.

    Of course, all of this is just my uneducated opinion.

    I purchased my first computer in 2002, a lap top in 2003, both were 0wn3d before I heard about a virus scanner or a firewall. I have been behind the entire time and it sucks.

    I was at another forum and somebody crafted something specifically for my box. He is a developer of OS. He was attacking me, and I fought back. For my ideas and my position and openly targeted him. This guy pretty much Runs the Forum, he is many of the posters. After the altercation, He, inpersona, or a friend, in a post that I was asking for help, suggested that I go to an off forum web page, for information that he could have posted on the site. That is when I got this thing, the virtual malware.

    Not only have I wiped the computer twice since then, I have change the HD and memory. The anti rootkits not working behavior continues acrossed this.
    For the uneducated part I did reconnect to the internet with not much security. So if the issue is in a peripheral device like a Modem or router, when I download anything I would become infected.

    If anything else occurs inside my squirrel exerciser, I will post it here. I just hope I am not a lab mouse helping the scientists to improve the maze.

    I am happy that you are looking into this. Thank you for your help.

    Добавлено через 2 минуты

    BOLD
    Последний раз редактировалось Simple10; 03.03.2008 в 10:40. Причина: Добавлено
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
    -Albert Einstein

  10. #10
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для rubin
    Регистрация
    15.10.2007
    Адрес
    Казань
    Сообщений
    2,934
    Вес репутации
    538
    1. Where HiJackthis.exe is saved itself?
    2. Do you run these antirootkits as "Run as administrator"?

  11. #11
    Junior Member Репутация Репутация Репутация Репутация
    Регистрация
    19.12.2007
    Адрес
    New Jersey, USA
    Сообщений
    83
    Вес репутации
    36
    Цитата Сообщение от rubin Посмотреть сообщение
    1. Where HiJackthis.exe is saved itself?
    2. Do you run these antirootkits as "Run as administrator"?
    1. C:\Users\N00dleIT\AppData\Local\VirtualStore\Progr am Files\Hijackdis\hijackthis.log

    Executing, Scan and save a log- the scan occurs, the notepad log opens but is blank. When I looked in the programs folder there was no log file. I had to search for something else, all .txt and found the hijackthis log by accident.

    2. I have done both just run and "Run as administrator" the results are the same.
    What bug in Vista would cause Rootkit Revealer to run in an altered environment?
    Does Vista use Virtualization as security that gets hijacked by malware?

    Is it possible that two installs are running, Vista and WinPE? Not a virtualization but two environments alternating depending on what is running. When security tools are executed in one environment they are run in the other.
    One of the tools reports that a usb drive is installed when none is. This would be where the alternate OS is installed from.

    Found this:
    Implementing malware with virtual machines
    http://www.eecs.umich.edu/Rio/papers/king06.pdf

    We evaluate a new type of malicious software that gains
    qualitatively more control over a system. This
    new type of malware, which we call a virtual-machine
    based rootkit (VMBR), installs a virtual-machine monitor
    underneath an existing operating system and hoists
    the original operating system into a virtual machine.

    Also:
    The garbage collector (GC) [13] is an important part of the JVM and is responsible for automatic reclamation of heap-allocated storage after its last use by a Java application. Various aspects of the GC and heap subsystems can be congured at JVM runtime. This allows control over the amount of memory in the embedded device that is available to the JVM,the object allocation strategy, how often a GC cycle is triggered, and the type of GC invoked. We exploit the interaction of these tunable parameters along with a banked-memory organization to effectively reduce the memory energy (leakage and dynamic) consumption in an embedded Java environment.

    I believe that Java is involved (posted earlier). I believe that embedding is involved (also posted earlier), but now think it is in a different manner than I originally thought, not a custom crafted rootkit, but using proven techniques I had no knowledge of. The techniques utilize newer methods not well known among the general masses (Me, for one), including the implementation of embedded java and a Virtual Machine Monitor or Virtual Machine Emulation at a Lower Layer. It is extremly likely a rootkit of this type.
    The individual who crafted this isn't worried about its discovery, which explains why it is buggy with respect to security tools; Or, he wasn't very thorough due to a laziness that all of us succumb to from time to time, showcasing its less than seamless integration.
    My money is on the latter of course, because these type of programmers live in a self deluded world of invincibilities predominantly fostered by there ill-stroked egoes.

    So where on this laptop would it be? Since java was used, it is probably on a java embedded device. Would that device be bluetooth?

    Your input rubin is greatly appreciated.
    Последний раз редактировалось Simple10; 04.03.2008 в 11:48.
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
    -Albert Einstein

  12. #12
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для rubin
    Регистрация
    15.10.2007
    Адрес
    Казань
    Сообщений
    2,934
    Вес репутации
    538
    1. C:\Users\N00dleIT\AppData\Local\VirtualStore\Progr am Files\Hijackdis\hijackthis.log
    It is saved in the same directory, as HiJackthis itself, am I right?

    I can't speak about Vista surely cause I have no experience... but it restricts user and running soft greatly - it can be the reason of the bad antirootkits' work

  13. #13
    Junior Member Репутация Репутация Репутация Репутация
    Регистрация
    19.12.2007
    Адрес
    New Jersey, USA
    Сообщений
    83
    Вес репутации
    36
    Hijackthis program is here---v
    C:\Program Files\Trendmicro\Hijackthis

    Log files get saved here----v
    C:\Users\N00dleIT\AppData\Local\VirtualStore\Progr am Files\Hijackdis\hijackthis.log

    The scan occurs, the notepad log opens but is blank. When I looked in the programs folder, where hijackthis is, there was no log file. I found the log file accidentally searching for something else.

    Update:
    ECAAMBP
    UUBREX
    I have found these in services, in the administrative tools of control panel. I have disabled them in the properties menu.

    Would you like a services log from Hijackthis?

    Sorry about my novel, I will work on reducing that type of input. Maybe write in notepad before posting.

    Update from RKR folks:
    RKR uses an interactive service. Services in Vista run in session 0, and session 0 isolation in Vista means that interactive services can't display a UI in the user's session. So ui0detect.exe detects that the RKR service is trying to interact with the user, and presents the "Interactive Services Dialog Detection" message you see.

    concern-Its malware, causing this. ahh

    reply-Not likely causing this specific behavior.

    concern-I have two unknowns in services, have disabled them via properties. ECAAMBP and UUBREX

    reply-Sounds like leftover RKR services.

    My noobness is shining through.
    Последний раз редактировалось Simple10; 04.03.2008 в 23:54.
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
    -Albert Einstein

  14. #14
    Junior Member Репутация Репутация Репутация Репутация
    Регистрация
    19.12.2007
    Адрес
    New Jersey, USA
    Сообщений
    83
    Вес репутации
    36
    rubin, and all. Thank You for your kind assistance. I have found a helper on another forum. I know rubin your were poking around when you had duties on russian area, thank you for taking a look. I promise to let the helper come to a completion and final diagnosis.
    You guys are great and I like the site. A little thin though. I'll be back with some more Hi-tech posts. I will report back the final outcome. Jenkooya
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
    -Albert Einstein

  15. #15
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для rubin
    Регистрация
    15.10.2007
    Адрес
    Казань
    Сообщений
    2,934
    Вес репутации
    538
    I will report back the final outcome.
    We are looking forward to hearing from you soon...

  16. #16
    Junior Member Репутация Репутация Репутация Репутация
    Регистрация
    19.12.2007
    Адрес
    New Jersey, USA
    Сообщений
    83
    Вес репутации
    36
    Thank you for taking the time out of your other area to help. I appreciate it.
    I was asked to report back that I am clean.
    I asked him if he could put a name to it and he said it's unknown driver infection.
    For my usb drive he suggested Flash Disinfector. I've used it but not tried the usb flash yet.
    Also, I have made some n00b errors, surprise surprise. The AVZGuard error was caused by not running with >right click on AVZ4>Run as Administrator. This allowed AVZGuard to run.
    Also, Vista uses virtualization to protect the writing to registry HKLM/...Run and Program Files. Programs that create a log in Program Files will not find the log in the progs folder, but in the virtualized location.

    Thank you again,
    Simple10
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
    -Albert Einstein

Похожие темы

  1. Trojan.Java.Agent.aw Trojan-Downloader.JS.DarDuk.cl
    От alex171 в разделе Помогите!
    Ответов: 2
    Последнее сообщение: 14.01.2012, 12:30
  2. Ответов: 3
    Последнее сообщение: 12.06.2009, 23:17
  3. Ответов: 4
    Последнее сообщение: 22.02.2009, 03:31
  4. как убрать Trojan.DownLoader.19241 и Trojan.MulDrop.5516
    От Dimin75 в разделе Помогите!
    Ответов: 15
    Последнее сообщение: 22.02.2009, 01:42
  5. Ответов: 22
    Последнее сообщение: 22.05.2007, 11:54

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00985 seconds with 20 queries