LUA/SRP or AppLocker Failed ??

Yep, I recall some discussion whether Owner/Creator of some registry hives would be vulnarable to such changes also (example: registry hive created as admin Kees1958, afterwards Kees1958 is LUA but is still marked as owner/creator as Kees1958, according to some policies you are still allowed to create and modify subkeys). I can't remember whether the guy stating this weakness also had a PoC to proof this though.

 

i believe that malware was not executed. There is only one way to be sure. Launch a VM Set up or even use your real system covered by eaz-fix, comodo time machine or shadow defender. Take out malware from quarantine of norton. Add a HIPS and reproduce all scenario. HIPS Wil tel you if any thing was executed.

 

Hi Agile,

Aslaam Walikum Bhai.....

I will definitely going to test this...I really want to understand what happened on that day. Hope i will get some results....

 

Oh so nice of you for the familiar greeting. Allah bless you.
Let us know the results. Take care

 

I am Indian...And have lot of Muslim friends and wish them by saying this "Holy Greeting"....I will definitely let you know brother. And May God Bless You Too...

 

Yep, guessed so from your nick. All the best

 

Oh wonders of the world,

Individuals have no problems with each other (does not matter whether you are from Pakistan or India), it are always the governments with group think and group interest which clash.

Completely Off Topic, but I am enjoying it, call me an idealist, but I still have trust in human kind as a species, especially the weird sub culture involved security geeks/enthousisasts.

 

I am sure ordinary people have no real idea of the truth about other cultures/ people/ countries and beliefs just like ordinary users have no idea about computer security and products. People are driven in masses by the media. Media( and whoever is owning the media) is the power of today.

 

Hi Kees,

Could you please explain all the above quoted words in plain language. You know my English is not very good. I request you not to take this in wrong manner.

Anyways i have not able to track down the virus as i guess it was deleted by NIS