a variant of Win32/Agent.SSF(exe) terminate process egui.exe, ekrn.exe -ESS 5!

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by ESS3, Jun 9, 2011.

Thread Status:
Not open for further replies.
  1. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    a variant of Win32/Agent.SSF MD5 : fa15baac2480b4c32d15161c2954fdfe
    Zapchast

    exe
    MD5 : ce4bd5f98c725cee24fce0ce7b0f79e4
    MD5 : 42c1feb293ff515f6e631faa0182de82

    dll
    MD5 : 08a2eebf8cde97869b816fef71d3487e
    MD5 : d3a208c280d26b48c3919f44ee5fe40d

    http://www.imageup.ru/img32/0906-111111677637.png
    http://www.imageup.ru/img32/09062222222677638.png

    Virus signature database: 6194 (20110609)
    Update module: 1035B (20110330)
    Antivirus and antispyware scanner module: 1302B (20110530)
    Advanced heuristics module: 1118 (20110419)
    Archive support module: 1128 (20110315)
    Cleaner module: 1051 (20110420)
    Anti-Stealth support module: 1025 (20110413)
    Personal firewall module: 1064 (20110215)
    Antispam module: 1016 (20101208 )
    SysInspector module: 1219B (20110331)
    Self-defense support module: 1018 (20100812)
    Real-time file system protection module: 1005B (20110311)
    Translation support module: 1010B (20110404)
    HIPS support module: 1017 (20110419)
    Internet protection module: 1016 (20110426)
    Web content filter module: 1004 (20110419)
    Advanced antispam module: 1006 (20110317)
    Database module: 1011 (20110512)

    Windows 7 SP1 64 bit. ESS 5.0.65.0
    :)
     
    Last edited: Jun 9, 2011
  2. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Hello my friend You have the self-defense module yet, which in v5 is included in the HIPS module
    please perform a clean install, then reboot your system for the HIPS module be loaded
     
  3. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    Then you must watch this toxinon12345
     

    Attached Files:

  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No kind of self-defense is 100% effective against every single malware no matter what security product you use. However, I assume that using HIPS in interactive mode and responding to the corresponding action prompt correctly you would not be able to run that malware at all.
     
  5. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    Automatic mode

    Edit rule -> target registry -> Operations all

    Over these registry:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\*\
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\*\


    Action-> Ask/Block

    Trojan restarts the PC. Antivirus works. Trojan does not work. :)
     
  6. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    a variant of Win32/Sapik trojan MD5 : 4339dfc5071257bf5545fd2e5cd8ddbb
    Kaspersky Trojan-PSW.Win32.VKont.bie
    Microsoft Backdoor:Win32/Delf.KV
    Very common in Russia

    Trojan restarts the PC -safe mode, removes ESET Smart Security 5.0.65.0!
    off UAC

    the system has no anti-virus downloads trojan detected. a variant of Win32/TrojanDownloader.Delf.QCY trojan +
    Simulates ESET Smart Security, and update.

    Log SysInspector - seen antivirus removed, active trojans.
    http://forum.esetnod32.ru/bitrix/co...erface/show_file.php?fid=4259&action=download
    :)

    Windows 7 64 bit SP1
     

    Attached Files:

    Last edited: Jun 12, 2011
  7. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    Automatic mode

    Edit rule -> target registry -> Operations use for all

    Over these registry:
    HKEY_LOCAL_MACHINE\BCD00000000\*\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\*\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\*\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\*\
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\*\
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\*\
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\egui

    Action-> Ask/Block

    :)
     
    Last edited: Jun 12, 2011
  8. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    Code:
    12.06.2011 20:09:11 C:\Windows\System32\svchost.exe open process C:\Program Files\ESET\ESET Smart Security\egui.exe blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795} blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:09:02 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:09:01 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:09:01 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:09:01 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:09:01 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795} blocked 
    12.06.2011 20:09:01 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:08:57 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:08:57 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:08:57 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:08:57 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:08:57 C:\Users\vitalik\Desktop\Flash-Player.exe open process C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe blocked 
    12.06.2011 20:08:57 C:\Users\vitalik\Desktop\Flash-Player.exe open process C:\Windows\System32\lsass.exe blocked 
    12.06.2011 20:08:57 C:\Users\vitalik\Desktop\Flash-Player.exe open process C:\Windows\System32\csrss.exe blocked 
    12.06.2011 20:08:57 C:\Users\vitalik\Desktop\Flash-Player.exe open process C:\Windows\System32\csrss.exe blocked 
    12.06.2011 20:08:57 C:\Users\vitalik\Desktop\Flash-Player.exe open process C:\Windows\System32\smss.exe blocked 
    12.06.2011 20:08:57 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:08:57 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:08:57 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:08:56 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:08:56 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:08:56 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:08:56 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:08:56 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:07:35 C:\Windows\System32\winlogon.exe open process C:\Windows\System32\csrss.exe blocked 
    12.06.2011 20:07:35 C:\Windows\System32\winlogon.exe open process C:\Windows\System32\csrss.exe blocked 
    12.06.2011 20:05:37 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:37 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795} blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795} blocked 
    12.06.2011 20:05:36 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:32 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:32 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:32 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:05:32 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:32 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795} blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795} blocked 
    12.06.2011 20:05:31 C:\Users\vitalik\AppData\Local\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:31 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:05:31 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:05:31 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:05:31 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:05:31 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:05:31 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:05:31 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:05:31 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:05:31 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:05:31 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:05:31 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:31 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:31 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:05:31 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:31 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:05:31 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:31 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:31 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795} blocked 
    12.06.2011 20:05:30 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:30 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:30 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:30 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3228ef15-2b94-11e0-b010-d6a6fb222995} blocked 
    12.06.2011 20:05:30 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:30 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects blocked 
    12.06.2011 20:05:29 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795} blocked 
    12.06.2011 20:05:29 C:\Windows\Temp\bcdedit32.exe set key security HKEY_LOCAL_MACHINE\BCD00000000 blocked 
    12.06.2011 20:05:29 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:05:29 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:05:29 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:05:29 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:05:29 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:05:29 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:05:29 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:05:28 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:05:28 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Network\wxpdrivers blocked 
    12.06.2011 20:05:28 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:05:28 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:05:28 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:05:28 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Network\wxpdrivers blocked 
    [B]12.06.2011 20:05:27 C:\Users\vitalik\Desktop\Flash-Player.exe open process C:\Program Files\ESET\ESET Smart Security\egui.exe blocked 
    12.06.2011 20:05:27 C:\Users\vitalik\Desktop\Flash-Player.exe open process C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe blocked 
    12.06.2011 20:05:27 C:\Users\vitalik\Desktop\Flash-Player.exe open process C:\Windows\System32\lsass.exe blocked 
    12.06.2011 20:05:26 C:\Users\vitalik\Desktop\Flash-Player.exe open process C:\Windows\System32\csrss.exe blocked [/B]
    12.06.2011 20:05:25 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\Minimal\wxpdrivers blocked 
    12.06.2011 20:05:25 C:\Windows\SysWOW64\reg.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:05:24 C:\Users\vitalik\Desktop\Flash-Player.exe set value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa­feBoot\AlternateShell blocked 
    12.06.2011 20:05:20 C:\Users\vitalik\Desktop\Flash-Player.exe open process C:\Program Files\ESET\ESET Smart Security\egui.exe blocked 
     
Thread Status:
Not open for further replies.