justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
1 edit | reply to Cudni
Re: asdf.exe / theonion.com
yep
ntiVir 6.31.1.0/20050822 found [TR/Dldr.Small.bhf]
Avast 4.6.695.0/20050822 found nothing
AVG 718/20050822 found nothing
Avira 6.31.1.0/20050822 found [TR/Dldr.Small.bhf]
BitDefender 7.0/20050822 found [Trojan.Downloader.Small.GJ]
CAT-QuickHeal 8.00/20050822 found [TrojanDownloader.Small.bhf]
ClamAV devel-20050725/20050822 found nothing
DrWeb 4.32b/20050822 found nothing
eTrust-Iris 7.1.194.0/20050823 found nothing
eTrust-Vet 11.9.1.0/20050822 found [Win32.SillyDl.TQ]
Fortinet 2.41.0.0/20050823 found [W32/Dloader.AB-dldr]
F-Prot 3.16c/20050822 found [could be infected with an unknown virus]
Ikarus 0.2.59.0/20050822 found nothing
Kaspersky 4.0.2.24/20050823 found
[Trojan-Downloader.Win32.Small.bhf]
McAfee 4564/20050822 found [Generic Downloader.ab]
NOD32v2 1.1199/20050822 found [Win32/TrojanDownloader.Small.NEU]
Norman 5.70.10/20050818 found [W32/Downloader]
Panda 8.02.00/20050822 found [Trj/Downloader.EGF]
Sophos 3.96.0/20050822 found nothing
Sybari 7.5.1314/20050823 found [Win32.SillyDl.TQ]
Symantec 8.0/20050821 found nothing
TheHacker 5.8.2.092/20050822 found nothing
VBA32 3.10.4/20050822 found [Trojan-Downloader.Win32.Small.bhf]
And here is the sequence from processguard:
(visit theonion.com - crashes firefox)
Mon 22 - 20:38:50 [EXECUTION] "c:\windows\system32\dwwin.exe" was blocked from running
[EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [1432]
[EXECUTION] Commandline - [ c:\windows\system32\dwwin.exe -x -s 1072 ]
Mon 22 - 20:38:51 [EXECUTION] "c:\windows\system32\drwtsn32.exe" was blocked from running
[EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [1432]
[EXECUTION] Commandline - [ drwtsn32 -p 1432 -e 3024 -g ]
(restart firefox)
Mon 22 - 20:38:54 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1932]
[EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]
(visit theonion.com again - firefox tries to run asdf.exe dated 8:39pm)
Mon 22 - 20:40:21 [EXECUTION] "c:\asdf.exe" was blocked from running
[EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [5964]
[EXECUTION] Commandline - [ c:\asdf.exe ]
(I wig out and open a command line, and deny asdf.exe)
Mon 22 - 20:40:22 [EXECUTION] "c:\windows\system32\cmd.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1932]
[EXECUTION] Commandline - [ "c:\windows\system32\cmd.exe" ]
(firefox crashes again because I denied asdf or because of theonion.com or both)
Mon 22 - 20:41:18 [EXECUTION] "c:\windows\system32\dwwin.exe" was blocked from running
[EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [5964]
[EXECUTION] Commandline - [ c:\windows\system32\dwwin.exe -x -s 536 ]
Mon 22 - 20:41:21 [EXECUTION] "c:\windows\system32\drwtsn32.exe" was blocked from running
[EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [5964]
[EXECUTION] Commandline - [ drwtsn32 -p 5964 -e 668 -g ]
(i re-open firefox to post here, and ping theonion.com to get an IP address)
Mon 22 - 20:41:25 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1932]
[EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]
Mon 22 - 20:52:29 [EXECUTION] "c:\windows\system32\cmd.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\cmd.exe" [4712]
[EXECUTION] Commandline - [ c:\windows\system32\cmd.exe /s /d /c" dir " ]
Mon 22 - 20:53:35 [EXECUTION] "c:\windows\system32\ping.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\cmd.exe" [4712]
[EXECUTION] Commandline - [ ping theonion.com ] |
