Recently I ran into another spyware infection that was install through a security hole. It seems to be a variant of an infection that I documented about a month ago. What's new about this one is that it installs a device driver on the system, as you can see at the bottom of the FreeFixer log.
FreeFixer v0.21 log http://www.freefixer.com/ Operating system: Windows NT 5.1 Log dated 2007-06-19 15:48 System policies HKCU\..\policies\system, DisableTaskMgr = 1 (Remove) Registry Startups HKLM\..\Run, avp = C:\WINDOWS\avp.exe (Remove) HKLM\..\Run, System = C:\WINDOWS\System32\kernelwind32.exe (Remove) HKLM\..\Run, smgr = mgrs.exe (Remove) HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background HKCU\..\Run, Windows update loader = C:\Windows\xpupdate.exe (Remove) Processes (12 whitelisted) C:\Program\Messenger\msmsgs.exe C:\Program\FreeFixer\freefixer.exe C:\WINDOWS\ftu8afna.exe (Remove) C:\WINDOWS\avp.exe (Remove) C:\WINDOWS\mgrs.exe (Remove) C:\DOCUME~1\Roger\LOKALA~1\Temp\32agent.exe (Remove) C:\DOCUME~1\Roger\LOKALA~1\Temp\power16.exe (Remove) C:\DOCUME~1\Roger\LOKALA~1\Temp\powerserver.exe (Remove) C:\Program\ucleaner_setup.exe (Remove) Drivers (26 whitelisted) Driver, , c:\windows\system32\kernelw.sys (Remove)
No comments posted yet.