Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » asdf.exe / theonion.com
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
HJT Log - only boots w/o networking »
« [Help] Norton Antivirus 2003 auto-disables itself  
AuthorAll Replies


justin
Australian
join:1999-05-28
Brooklyn, NY

Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
1 edit		reply to Cudni
Re: asdf.exe / theonion.com

yep

ntiVir 6.31.1.0/20050822 found [TR/Dldr.Small.bhf]
Avast 4.6.695.0/20050822 found nothing
AVG 718/20050822 found nothing
Avira 6.31.1.0/20050822 found [TR/Dldr.Small.bhf]
BitDefender 7.0/20050822 found [Trojan.Downloader.Small.GJ]
CAT-QuickHeal 8.00/20050822 found [TrojanDownloader.Small.bhf]
ClamAV devel-20050725/20050822 found nothing
DrWeb 4.32b/20050822 found nothing
eTrust-Iris 7.1.194.0/20050823 found nothing
eTrust-Vet 11.9.1.0/20050822 found [Win32.SillyDl.TQ]
Fortinet 2.41.0.0/20050823 found [W32/Dloader.AB-dldr]
F-Prot 3.16c/20050822 found [could be infected with an unknown virus]
Ikarus 0.2.59.0/20050822 found nothing
Kaspersky 4.0.2.24/20050823 found
[Trojan-Downloader.Win32.Small.bhf]
McAfee 4564/20050822 found [Generic Downloader.ab]
NOD32v2 1.1199/20050822 found [Win32/TrojanDownloader.Small.NEU]
Norman 5.70.10/20050818 found [W32/Downloader]
Panda 8.02.00/20050822 found [Trj/Downloader.EGF]
Sophos 3.96.0/20050822 found nothing
Sybari 7.5.1314/20050823 found [Win32.SillyDl.TQ]
Symantec 8.0/20050821 found nothing
TheHacker 5.8.2.092/20050822 found nothing
VBA32 3.10.4/20050822 found [Trojan-Downloader.Win32.Small.bhf]

And here is the sequence from processguard:

(visit theonion.com - crashes firefox)

Mon 22 - 20:38:50 [EXECUTION] "c:\windows\system32\dwwin.exe" was blocked from running
[EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [1432]
[EXECUTION] Commandline - [ c:\windows\system32\dwwin.exe -x -s 1072 ]
Mon 22 - 20:38:51 [EXECUTION] "c:\windows\system32\drwtsn32.exe" was blocked from running
[EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [1432]
[EXECUTION] Commandline - [ drwtsn32 -p 1432 -e 3024 -g ]

(restart firefox)

Mon 22 - 20:38:54 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1932]
[EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]

(visit theonion.com again - firefox tries to run asdf.exe dated 8:39pm)

Mon 22 - 20:40:21 [EXECUTION] "c:\asdf.exe" was blocked from running
[EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [5964]
[EXECUTION] Commandline - [ c:\asdf.exe ]

(I wig out and open a command line, and deny asdf.exe)

Mon 22 - 20:40:22 [EXECUTION] "c:\windows\system32\cmd.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1932]
[EXECUTION] Commandline - [ "c:\windows\system32\cmd.exe" ]

(firefox crashes again because I denied asdf or because of theonion.com or both)

Mon 22 - 20:41:18 [EXECUTION] "c:\windows\system32\dwwin.exe" was blocked from running
[EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [5964]
[EXECUTION] Commandline - [ c:\windows\system32\dwwin.exe -x -s 536 ]
Mon 22 - 20:41:21 [EXECUTION] "c:\windows\system32\drwtsn32.exe" was blocked from running
[EXECUTION] Started by "c:\program files\mozilla firefox\firefox.exe" [5964]
[EXECUTION] Commandline - [ drwtsn32 -p 5964 -e 668 -g ]

(i re-open firefox to post here, and ping theonion.com to get an IP address)

Mon 22 - 20:41:25 [EXECUTION] "c:\program files\mozilla firefox\firefox.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1932]
[EXECUTION] Commandline - [ "c:\program files\mozilla firefox\firefox.exe" ]
Mon 22 - 20:52:29 [EXECUTION] "c:\windows\system32\cmd.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\cmd.exe" [4712]
[EXECUTION] Commandline - [ c:\windows\system32\cmd.exe /s /d /c" dir " ]
Mon 22 - 20:53:35 [EXECUTION] "c:\windows\system32\ping.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\cmd.exe" [4712]
[EXECUTION] Commandline - [ ping theonion.com ]
to forum · permalink · · 2005-08-22 21:14:54 · Reply to this
Forums » Up and Running » Security » SecurityHJT Log - only boots w/o networking »
« [Help] Norton Antivirus 2003 auto-disables itself  

Saturday, 28-Nov 19:59:51 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [66] Weekend Open Thread
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [Newsgroups] Newzleech down? [Filesharing Software]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· Gizmo5 has added a Google Voice section in its members area. [VOIP Tech Chat]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· how to use the 2nd line with phone hooked to the 1st line? [VOIP Tech Chat]
· Why would I want an e reader? [General Questions]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· sysguard2010.com [Security]