spy1
April 29th, 2005, 09:55 AM
Time Module Object Name Virus Action User Information
4/29/2005 1:19:19 AM IMON file [url]hxxp://asicznyk.info/Counter.class Java/Femad.A trojan Connection terminated NONE-8EE7DS6F1Q\Family
4/29/2005 1:19:16 AM IMON file [url]hxxp://asicznyk.info/GetAccess.class Java/Exploit.Bytverify.F trojan Connection terminated NONE-8EE7DS6F1Q\Family
4/29/2005 1:19:07 AM IMON archive [url]hxxp://asicznyk.info/classload.jar multiple infiltrations Connection terminated NONE-8EE7DS6F1Q\Family
4/29/2005 1:19:03 AM IMON archive [url]hxxp://asicznyk.info/Counters.jar multiple infiltrations Connection terminated NONE-8EE7DS6F1Q\Family
4/29/2005 1:18:59 AM IMON archive [url]hxxp://asicznyk.info/menu.jr Win32/TrojanProxy.Mitglieder.M trojan Connection terminated NONE-8EE7DS6F1Q\Family
4/29/2005 1:18:53 AM IMON file [url]hxxp://asicznyk.info/index1.htm Win32/Exploit.IE.Dword trojan Connection terminated NONE-8EE7DS6F1Q\Family
_________________________________________________________________
But this is from the "Event Log" (in its' entirety) - and I'm not seeing where any of this info above got sent? Was it supposed to have been? Or was that something I only could have sent manually? Did it even need to be sent, since it was all recognized and blocked (connection terminated) anyway?
Time Module Event User
4/29/2005 9:18:54 AM Kernel Statistical information has been sent to Eset.
4/29/2005 9:08:14 AM Kernel Statistical information has been sent to Eset.
4/28/2005 19:54:46 PM Kernel The virus signature database has been successfully updated to version 1.1083 (20050429).
4/28/2005 15:11:21 PM Kernel Statistical information has been sent to Eset.
4/28/2005 12:54:02 PM Kernel The virus signature database has been successfully updated to version 1.1082 (20050428).
4/28/2005 12:23:55 PM Kernel Statistical information has been sent to Eset.
4/28/2005 9:16:50 AM Kernel Statistical information has been sent to Eset.
4/28/2005 8:51:47 AM Kernel Statistical information has been sent to Eset.
4/28/2005 8:34:49 AM Kernel Statistical information has been sent to Eset.
4/28/2005 4:50:21 AM Kernel The virus signature database has been successfully updated to version 1.1081 (20050428).
4/27/2005 18:50:18 PM Kernel The virus signature database has been successfully updated to version 1.1080 (20050428).
4/27/2005 15:27:55 PM Kernel Statistical information has been sent to Eset.
The computer was in ShadowMode (ShadowUser) while all this was going on, and I caught it when I got the email alert this morning when I got up and checked my email. Came out of SM right then and started checking stuff out, info-wise.
It's good to see that the beta's protection is working, and that the "Alert" email's are functioning correctly. Now, if my son would just get a real girlfriend....
Pete
4/29/2005 1:19:19 AM IMON file [url]hxxp://asicznyk.info/Counter.class Java/Femad.A trojan Connection terminated NONE-8EE7DS6F1Q\Family
4/29/2005 1:19:16 AM IMON file [url]hxxp://asicznyk.info/GetAccess.class Java/Exploit.Bytverify.F trojan Connection terminated NONE-8EE7DS6F1Q\Family
4/29/2005 1:19:07 AM IMON archive [url]hxxp://asicznyk.info/classload.jar multiple infiltrations Connection terminated NONE-8EE7DS6F1Q\Family
4/29/2005 1:19:03 AM IMON archive [url]hxxp://asicznyk.info/Counters.jar multiple infiltrations Connection terminated NONE-8EE7DS6F1Q\Family
4/29/2005 1:18:59 AM IMON archive [url]hxxp://asicznyk.info/menu.jr Win32/TrojanProxy.Mitglieder.M trojan Connection terminated NONE-8EE7DS6F1Q\Family
4/29/2005 1:18:53 AM IMON file [url]hxxp://asicznyk.info/index1.htm Win32/Exploit.IE.Dword trojan Connection terminated NONE-8EE7DS6F1Q\Family
_________________________________________________________________
But this is from the "Event Log" (in its' entirety) - and I'm not seeing where any of this info above got sent? Was it supposed to have been? Or was that something I only could have sent manually? Did it even need to be sent, since it was all recognized and blocked (connection terminated) anyway?
Time Module Event User
4/29/2005 9:18:54 AM Kernel Statistical information has been sent to Eset.
4/29/2005 9:08:14 AM Kernel Statistical information has been sent to Eset.
4/28/2005 19:54:46 PM Kernel The virus signature database has been successfully updated to version 1.1083 (20050429).
4/28/2005 15:11:21 PM Kernel Statistical information has been sent to Eset.
4/28/2005 12:54:02 PM Kernel The virus signature database has been successfully updated to version 1.1082 (20050428).
4/28/2005 12:23:55 PM Kernel Statistical information has been sent to Eset.
4/28/2005 9:16:50 AM Kernel Statistical information has been sent to Eset.
4/28/2005 8:51:47 AM Kernel Statistical information has been sent to Eset.
4/28/2005 8:34:49 AM Kernel Statistical information has been sent to Eset.
4/28/2005 4:50:21 AM Kernel The virus signature database has been successfully updated to version 1.1081 (20050428).
4/27/2005 18:50:18 PM Kernel The virus signature database has been successfully updated to version 1.1080 (20050428).
4/27/2005 15:27:55 PM Kernel Statistical information has been sent to Eset.
The computer was in ShadowMode (ShadowUser) while all this was going on, and I caught it when I got the email alert this morning when I got up and checked my email. Came out of SM right then and started checking stuff out, info-wise.
It's good to see that the beta's protection is working, and that the "Alert" email's are functioning correctly. Now, if my son would just get a real girlfriend....
Pete