22 May 2009

System Security Rogue Anti-Spyware Still Going Strong

by Roger Karlsson

Although five months passed since the System Security first appeared, it's still going strong. Yesterday it installed on my malware honeypot by exploiting a security hole:

Here's the FreeFixer log from the infected computer. If your are removing System Security, select the items marked in red:

FreeFixer v0.39 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 1
Log dated 2009-05-18 12:52


Registry Startups
HKLM\..\Run, PromoReg = C:\WINDOWS\Temp\wpv351242765100.exe
HKLM\..\Run, 17826874 = C:\Documents and Settings\All Users\Application Data\17826874\17826874.exe
HKLM\..\Run, 97836866 = C:\Documents and Settings\All Users\Application Data\97836866\97836866.exe
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

Processes (16 whitelisted)
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\Temp\wpv351242765100.exe
C:\Program\FreeFixer\freefixer.exe
C:\Documents and Settings\All Users\Application Data\97836866\97836866.exe

Services (34 whitelisted)
VSSlanmanserver, Volume Shadow Copy VSSlanmanserver, c:\windows\system32\advpackv.exe

Comments

No comments posted yet.

Leave a reply

Your nickname (required):

Just to make sure you are human and not a spam bot, please answer the following question: How many eyes does a cat have? (required):

Your comment: