Feedback
Skip to content
Which type of operating system are you running?



24 September 2007

Spyware installing drivers

by Roger Karlsson

Recently I ran into another spyware infection that was install through a security hole. It seems to be a variant of an infection that I documented about a month ago. What's new about this one is that it installs a device driver on the system, as you can see at the bottom of the FreeFixer log. 

FreeFixer v0.21 log
http://www.freefixer.com/
Operating system: Windows NT 5.1
Log dated 2007-06-19 15:48

System policies
HKCU\..\policies\system, DisableTaskMgr = 1 (Remove)

Registry Startups
HKLM\..\Run, avp = C:\WINDOWS\avp.exe (Remove)
HKLM\..\Run, System = C:\WINDOWS\System32\kernelwind32.exe  (Remove)
HKLM\..\Run, smgr = mgrs.exe  (Remove)
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background
HKCU\..\Run, Windows update loader = C:\Windows\xpupdate.exe  (Remove)

Processes (12 whitelisted)
C:\Program\Messenger\msmsgs.exe
C:\Program\FreeFixer\freefixer.exe
C:\WINDOWS\ftu8afna.exe (Remove)
C:\WINDOWS\avp.exe (Remove)
C:\WINDOWS\mgrs.exe (Remove)
C:\DOCUME~1\Roger\LOKALA~1\Temp\32agent.exe (Remove)
C:\DOCUME~1\Roger\LOKALA~1\Temp\power16.exe (Remove)
C:\DOCUME~1\Roger\LOKALA~1\Temp\powerserver.exe (Remove)
C:\Program\ucleaner_setup.exe (Remove)

Drivers (26 whitelisted)
Driver, , c:\windows\system32\kernelw.sys (Remove)

Comments

No comments posted yet.

Leave a reply