Показано с 1 по 1 из 1.

new trojan errors

  1. #1
    Junior Member Репутация
    Регистрация
    25.07.2008
    Сообщений
    1
    Вес репутации
    38

    new trojan errors

    <AVZ_CollectSysInfo>
    --------------------
    Start time: 07/25/2008 10:29:26 AM
    Duration: 00:01:40
    Finish time: 07/25/2008 10:31:06 AM


    <AVZ_CollectSysInfo>
    --------------------
    Time Event
    ---- -----
    07/25/2008 10:29:28 AM 1.1 Searching for user-mode API hooks
    07/25/2008 10:29:28 AM Analysis: kernel32.dll, export table found in section .text
    07/25/2008 10:29:28 AM Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42
    07/25/2008 10:29:28 AM Hook kernel32.dll:CreateProcessA (99) blocked
    07/25/2008 10:29:28 AM Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040
    07/25/2008 10:29:28 AM Hook kernel32.dll:CreateProcessW (103) blocked
    07/25/2008 10:29:28 AM Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ABDE->61F041FC
    07/25/2008 10:29:28 AM Hook kernel32.dll:FreeLibrary (241) blocked
    07/25/2008 10:29:28 AM Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B4CF->61F040FB
    07/25/2008 10:29:28 AM Hook kernel32.dll:GetModuleFileNameA (372) blocked
    07/25/2008 10:29:28 AM Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B3D5->61F041A0
    07/25/2008 10:29:28 AM Hook kernel32.dll:GetModuleFileNameW (373) blocked
    07/25/2008 10:29:28 AM Function kernel32.dll:GetProcAddress (40 intercepted, method ProcAddressHijack.GetProcAddress ->7C80ADA0->61F04648
    07/25/2008 10:29:28 AM Hook kernel32.dll:GetProcAddress (40 blocked
    07/25/2008 10:29:28 AM Function kernel32.dlloadLibraryA (57 intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F
    07/25/2008 10:29:28 AM Hook kernel32.dlloadLibraryA (57 blocked
    07/25/2008 10:29:28 AM >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
    07/25/2008 10:29:28 AM Function kernel32.dlloadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF
    07/25/2008 10:29:28 AM Hook kernel32.dlloadLibraryExA (579) blocked
    07/25/2008 10:29:28 AM >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
    07/25/2008 10:29:28 AM Function kernel32.dlloadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A
    07/25/2008 10:29:28 AM Hook kernel32.dlloadLibraryExW (580) blocked
    07/25/2008 10:29:28 AM Function kernel32.dlloadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE4B->61F03D0C
    07/25/2008 10:29:28 AM Hook kernel32.dlloadLibraryW (581) blocked
    07/25/2008 10:29:28 AM IAT modification detected: GetModuleFileNameW - 00AA0010<>7C80B3D5
    07/25/2008 10:29:28 AM Analysis: ntdll.dll, export table found in section .text
    07/25/2008 10:29:28 AM Function ntdll.dlldrGetProcedureAddress (65) intercepted, method ProcAddressHijack.GetProcAddress ->7C919B88->2F7467A
    07/25/2008 10:29:28 AM Hook ntdll.dlldrGetProcedureAddress (65) blocked
    07/25/2008 10:29:28 AM Analysis: user32.dll, export table found in section .text
    07/25/2008 10:29:28 AM IAT modification detected: TranslateMessage - 02F7392E<>7E418BF6
    07/25/2008 10:29:28 AM Analysis: advapi32.dll, export table found in section .text
    07/25/2008 10:29:28 AM Analysis: ws2_32.dll, export table found in section .text
    07/25/2008 10:29:28 AM Analysis: wininet.dll, export table found in section .text
    07/25/2008 10:29:28 AM Analysis: rasapi32.dll, export table found in section .text
    07/25/2008 10:29:29 AM Analysis: urlmon.dll, export table found in section .text
    07/25/2008 10:29:29 AM Analysis: netapi32.dll, export table found in section .text
    07/25/2008 10:29:29 AM 1.2 Searching for kernel-mode API hooks
    07/25/2008 10:29:30 AM Driver loaded successfully
    07/25/2008 10:29:30 AM SDT found (RVA=0846E0)
    07/25/2008 10:29:30 AM Kernel ntkrnlpa.exe found in memory at address 804D7000
    07/25/2008 10:29:30 AM SDT = 8055B6E0
    07/25/2008 10:29:30 AM KiST = 80503940 (284)
    07/25/2008 10:29:31 AM Functions checked: 284, intercepted: 0, restored: 0
    07/25/2008 10:29:31 AM 1.3 Checking IDT and SYSENTER
    07/25/2008 10:29:31 AM Analysis for CPU 1
    07/25/2008 10:29:31 AM Analysis for CPU 2
    07/25/2008 10:29:31 AM Checking IDT and SYSENTER - complete
    07/25/2008 10:29:32 AM >>>> Suspicion for Rootkit utk0mtm2 C:\WINDOWS\system32\Drivers\utk0mtm2.sys
    07/25/2008 10:29:32 AM 1.4 Searching for masking processes and drivers
    07/25/2008 10:29:32 AM Checking not performed: extended monitoring driver (AVZPM) is not installed
    07/25/2008 10:29:32 AM Driver loaded successfully
    07/25/2008 10:29:32 AM 1.5 Checking of IRP handlers
    07/25/2008 10:29:32 AM Checking - complete
    07/25/2008 10:29:33 AM C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll --> Suspicion for Keylogger or Trojan DLL
    07/25/2008 10:29:33 AM C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll>>> Behavioral analysis
    07/25/2008 10:29:33 AM Behaviour typical for keyloggers not detected
    07/25/2008 10:29:33 AM C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll --> Suspicion for Keylogger or Trojan DLL
    07/25/2008 10:29:33 AM C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll>>> Behavioral analysis
    07/25/2008 10:29:33 AM Behaviour typical for keyloggers not detected
    07/25/2008 10:29:34 AM C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-F3TUN\avzkrnl.dll --> Suspicion for Keylogger/Trojan DLL, being masked as system file
    07/25/2008 10:29:34 AM C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-F3TUN\avzkrnl.dll>>> Behavioral analysis
    07/25/2008 10:29:34 AM 1. Reacts to events: keyboard, all events
    07/25/2008 10:29:34 AM C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-F3TUN\avzkrnl.dll>>> Neural net: file with probability 0.00% like a typical keyboard/mouse events interceptor
    07/25/2008 10:29:34 AM Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
    07/25/2008 10:29:51 AM Latent loading of libraries through AppInit_DLLs suspected: "C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
    07/25/2008 10:29:52 AM >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
    07/25/2008 10:29:52 AM >> Services: potentially dangerous service allowed: TermService (Terminal Services)
    07/25/2008 10:29:52 AM >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)

  2. Будь в курсе!
    Реклама на VirusInfo

    Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

    Anti-Malware Telegram
     

Похожие темы

  1. all programs causing errors
    От yoelian в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 23.10.2009, 23:33
  2. kaspersky errors
    От CAMILLMARTIN в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 28.08.2009, 12:43
  3. PML Driver Errors
    От meshanya2007 в разделе Помогите!
    Ответов: 4
    Последнее сообщение: 22.02.2009, 01:53
  4. Critical System Errors!
    От Zion в разделе Помогите!
    Ответов: 5
    Последнее сообщение: 05.12.2006, 16:18
  5. Critical System Errors!
    От Валерий в разделе Помогите!
    Ответов: 26
    Последнее сообщение: 04.12.2006, 11:05

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00915 seconds with 15 queries