;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-04-10 23:46:03 PROTECTIONS: 1 MALWARE: 16 SUSPECTS: 1 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== McAfee VirusScan Yes No ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00132734 adware/24-7-search Adware No 0 Yes No c:\windows\system32\unppc.exe 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3652215513-2727312053-3533399441-1006\Dc27.txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Cookies\kevin mayer@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Local Settings\Temp\Cookies\kevin mayer@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Cookies\kevin mayer@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Local Settings\Temp\Cookies\kevin mayer@atdmt[2].txt 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Kevin Mayer\Desktop\SmitfraudFix\Process.exe 00139535 Application/Processor HackTools No 0 Yes No C:\SmitfraudFix\Process.exe 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Cookies\kevin mayer@tribalfusion[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Cookies\kevin mayer@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3652215513-2727312053-3533399441-1006\Dc13.txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Local Settings\Temp\Cookies\kevin mayer@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Cookies\kevin mayer@ad.yieldmanager[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Cookies\kevin mayer@server.iad.liveperson[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Local Settings\Temp\Cookies\kevin mayer@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Mayer\Cookies\kevin mayer@advertising[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3652215513-2727312053-3533399441-1006\Dc23.txt 00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\ISP50\Bin\RAS.DLL 00502546 Application/MyWay HackTools Yes 0 Yes No C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL 00517584 Application/SuperFast HackTools No 0 Yes No C:\SmitfraudFix\restart.exe 00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Kevin Mayer\Desktop\SmitfraudFix\restart.exe 02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\SmitfraudFix\Reboot.exe 02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Kevin Mayer\Desktop\SmitfraudFix\Reboot.exe 02891261 Trj/Downloader.RDL Virus/Trojan Yes 1 Yes No C:\WINDOWS\SYSTEM32\APPCERT\WNL32.DLL 02906187 Trj/Downloader.RDL Virus/Trojan Yes 1 Yes No C:\WINDOWS\SYSTEM32\APPCERT\WSIL32.DLL ;=================================================================================================================================================================================== SUSPECTS Sent Location Wç ;=================================================================================================================================================================================== No C:\WINDOWS\SYSTEM32\DX8VBE.DLL Wç ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description Wç ;=================================================================================================================================================================================== 184380 MEDIUM MS08-002 Wç 184379 MEDIUM MS08-001 Wç 182048 HIGH MS07-069 Wç 182046 HIGH MS07-067 Wç 182043 HIGH MS07-064 Wç 179553 HIGH MS07-061 Wç 176382 HIGH MS07-057 Wç 176383 HIGH MS07-058 Wç 170911 HIGH MS07-050 Wç 170907 HIGH MS07-046 Wç 170906 HIGH MS07-045 Wç 170904 HIGH MS07-043 Wç 164915 HIGH MS07-035 Wç 164913 HIGH MS07-033 Wç 164911 HIGH MS07-031 Wç 160623 HIGH MS07-027 Wç 157262 HIGH MS07-022 Wç 157261 HIGH MS07-021 Wç 157260 HIGH MS07-020 Wç 157259 HIGH MS07-019 Wç 156477 HIGH MS07-017 Wç 150253 HIGH MS07-016 Wç 150249 HIGH MS07-013 Wç 150248 HIGH MS07-012 Wç 150247 HIGH MS07-011 Wç 150243 HIGH MS07-008 Wç 150242 HIGH MS07-007 Wç 150241 MEDIUM MS07-006 Wç 141034 HIGH MS06-076 Wç 141033 MEDIUM MS06-075 Wç 141030 HIGH MS06-072 Wç 137571 HIGH MS06-070 Wç 137568 HIGH MS06-067 Wç 133387 MEDIUM MS06-065 Wç 133386 MEDIUM MS06-064 Wç 133385 MEDIUM MS06-063 Wç 133379 HIGH MS06-057 Wç 131654 HIGH MS06-055 Wç 129977 MEDIUM MS06-053 Wç 129976 MEDIUM MS06-052 Wç 126093 HIGH MS06-051 Wç 126092 MEDIUM MS06-050 Wç 126087 HIGH MS06-046 Wç 126086 MEDIUM MS06-045 Wç 126083 HIGH MS06-042 Wç 126082 HIGH MS06-041 Wç 126081 HIGH MS06-040 Wç ;===================================================================================================================================================================================