Foro de Spyware - Ver Mensaje Individual - Nuevo Ad-Aware 2008 Beta!

Tema: Nuevo Ad-Aware 2008 Beta!

Ver Mensaje Individual

post #4 (permalink)

15/04/08, 23:25:16

axl456

Warrior

Registrado: mar 2007

Ubicación: South Park

Mensajes: 6.172

Re: Nuevo Ad-Aware 2008 Beta!

lo probe y su deteccion fue aceptable

Probado en un equipo con las siguiente caracteristicas:
Windows XP SP2
256MB de RAM
procesador de 1.8GHz
2GB de disco

el analisis duro aproximadamente 18 minutos, en un equipo infectado con LOP y Navipromo (mediante la instalacion de 2 programas que generan la infeccion) y el reporte fue el siguiente:

Código:

Ad-Aware Build 
Log File Created on: 2008-04-15 22:33:34
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\core.aawdef
Computer name: AXL456-1DA85718
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type:               Intel(R) Pentium(R) 4 CPU 1.80GHz
Memory Available: 35%
Total Physical Memory: 267894784 Bytes
Available Physical Memory: 92913664 Bytes
Total Page File Size: 648134656 Bytes
Available On Page File: 370049024 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1872498688 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600) 

Ad-Aware Settings
===========================
Skipping files larger than 1048576 kB 
Ignoring infections with lower TAI than: 3


Extended Ad-Aware Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Scanning registry for all users
Using permanent archive caching
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Logging Ad-Aware events
Blocking Pop-Ups aggressively
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Including Ad-Aware command line parameters in log file
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Include reference summary in log file
Creating log file for removal operations
Including module info in log file
Include Alternate Data Stream details in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 70
Build Number: 0
Build Date and Time: 2008/04/14 07:31:35

Scan Statistics
===========================
Method: Full
	 Scan tracking cookies.............................: On 
	 Scan ADS filestreams..............................: Off 

Item Scanned: 93418
Infections Detected: 57
Infections Ignored: 0

Scan detailed statistics
===========================
Type                  Critical    Total
Process Scan....:        0        0
Registry Scan...:        0        0
Registry PE Scan:        4        4
Hosts File Scan.:        0        0
File Scan.......:        0        0
Folder Scan.....:        0        0
LSP Scan........:        0        0
ADS Scan........:        0        0
Cookie Scan.....:       38       38
File Hash Scan..:       14       14

Infections Found
===========================
Family Id: 1926  Name: ExtendedEngine  Category: Malware  TAI:10
  Item Id: 1  Value: C:\DOCUME~1\axl456\APPLIC~1\rdrhole\amoktool.exe¤Trojan/Dldr.Swizzor.Gen¤trojan¤Is the Trojan horse Trojan/Dldr.Swizzor.Gen
  Item Id: 1  Value: Root: HKU Path: S-1-5-21-2025429265-2139871995-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run Value: Mess base
  Item Id: 1  Value: C:\WINDOWS\System32\winrmr32.exe¤Packer/Telock¤packer¤File has been compressed with an unusual runtime compression tool (Packer/Telock). Please verify the origin of the file
  Item Id: 1  Value: Root: HKLM Path: Software\Microsoft\Windows\CurrentVersion\Run Value: winrmr32
  Item Id: 1  Value: C:\Documents and Settings\axl456\Application Data\rdrhole\amoktool.exe¤Trojan/Dldr.Swizzor.Gen¤trojan¤Is the Trojan horse Trojan/Dldr.Swizzor.Gen
  Item Id: 1  Value: C:\Documents and Settings\axl456\Desktop\Navilog1.exe¤Dropper/Tool.Reboot.F.79¤dropper¤Contains detection pattern of the dropper Dropper/Tool.Reboot.F.79
  Item Id: 1  Value: C:\Documents and Settings\axl456\Local Settings\Application Data\Mozilla\Firefox\Profiles\u8ow8z25.default\Cache\33C09400d01¤Dropper/FraudTool.SpywareSecure.A¤dropper¤Contains detection pattern of the dropper Dropper/FraudTool.SpywareSecure.A
  Item Id: 1  Value: C:\Documents and Settings\axl456\Local Settings\Application Data\Mozilla\Firefox\Profiles\u8ow8z25.default\Cache\55B4B867d01¤Dropper/Tool.Reboot.F.79¤dropper¤Contains detection pattern of the dropper Dropper/Tool.Reboot.F.79
  Item Id: 1  Value: C:\Documents and Settings\axl456\Local Settings\Temp\bis25.exe¤Trojan/Dldr.Swizzor.Gen¤trojan¤Is the Trojan horse Trojan/Dldr.Swizzor.Gen
  Item Id: 1  Value: C:\Documents and Settings\axl456\Local Settings\Temp\mdmwis.exe¤Trojan/Crypt.NSPI.Gen¤trojan¤Is the Trojan horse Trojan/Crypt.NSPI.Gen
  Item Id: 1  Value: C:\Program Files\Circle Developement\Uninstall.exe¤Trojan/Dldr.Swizzor.Gen¤trojan¤Is the Trojan horse Trojan/Dldr.Swizzor.Gen
  Item Id: 1  Value: C:\Program Files\SudoPlanet\SudoPlanet.dll¤Application/SudoPlanet¤program¤Contains detection pattern of the application Application/SudoPlanet
  Item Id: 1  Value: C:\RECYCLER\S-1-5-21-2025429265-2139871995-1177238915-1003\Dc15.exe¤Dropper/FraudTool.SpywareSecure.A¤dropper¤Contains detection pattern of the dropper Dropper/FraudTool.SpywareSecure.A
  Item Id: 1  Value: C:\System Volume Information\_restore{BE0D7532-9B41-4DE1-A12F-8CEF09F56EAD}\RP6\A0001199.dll¤Application/SudoPlanet¤program¤Contains detection pattern of the application Application/SudoPlanet
  Item Id: 1  Value: C:\System Volume Information\_restore{BE0D7532-9B41-4DE1-A12F-8CEF09F56EAD}\RP8\A0001379.dll¤W95/Blumblebee.1738¤virus¤Contains detection pattern of the Windows virus W95/Blumblebee.1738
  Item Id: 1  Value: C:\System Volume Information\_restore{BE0D7532-9B41-4DE1-A12F-8CEF09F56EAD}\RP8\A0001407.exe¤SecurityPrivacyRisk/Tool.Reboot.C¤riskware¤Contains detection pattern of the SecurityPrivacyRisk/Tool.Reboot.C program
  Item Id: 1  Value: C:\WINDOWS\system32\mdm.exe¤Trojan/Crypt.NSPI.Gen¤trojan¤Is the Trojan horse Trojan/Crypt.NSPI.Gen
  Item Id: 1  Value: C:\WINDOWS\system32\rmrgvg.exe¤Packer/Telock¤packer¤File has been compressed with an unusual runtime compression tool (Packer/Telock). Please verify the origin of the file

Como pueden ver coloque en rojo el ejecutable de instalacion del navilog1 lo cual es un falso positivo lo cual es comun en los antispyware..

voy a revisar el equipo a ver si la desinfeccion fue completa o quedan trazas

PD: no he probado aun la efectividad del modulo resiente AdWatch el cual mantuve desactivado durante la infeccion del equipo, solo se realizo el analisis para verificar la deteccion del programa..

Linux User Registered #453948
Ubuntu User #20783

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

Última edición por axl456 fecha: 16/04/08 a las 00:34:58.