bartblaze

data.sec - related rogueware/fake AV file

Feb 6th, 2014
582
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Content of data.sec - related rogueware/fake AV file
  2. AftonBladet - Swedish website compromised
  3. Blogpost reference: http://bartblaze.blogspot.com/2014/02/swedish-newssite-compromised.html
  4.  
  5.  
  6.  
  7. Name,Alert level,Action,Status,,,
  8. Email-Worm,High,Fix,Infected,,C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe,
  9. Email-Worm,High,Fix,Infected,,C:\Windows\System32\en-US\csrss.exe.mui,
  10. MultiPacked,High,Fix,Infected,,C:\Windows\System32\ntprint.exe,
  11. Trojan-FakeAV,Critical,Remove,Not cleaned,,C:\Windows\System32\sv-SE\Winrs.exe.mui,
  12. Dialer,Critical,Remove,Not cleaned,,C:\Windows\SysWOW64\en-US\powercfg.exe.mui,
  13. Trojan-Ransom,High,Fix,Infected,,C:\Windows\SysWOW64\sv-SE\comp.exe.mui,
  14. Trojan.Win32.Agent,Medium,Remove,Not cleaned,,C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7600.16805_none_ce903ec0d5015077\fsquirt.exe,
  15. Worm,Critical,Remove,Not cleaned,,C:\Windows\winsxs\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_6.1.7601.22004_en-us_259ed68f8760ad46\WUDFHost.exe.mui,
  16. Trojan-FakeAV,Critical,Remove,Not cleaned,,C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16526_none_0d599df380650659\iexplore.exe,
  17. Downloader,Low,Fix,Infected,,C:\Windows\winsxs\amd64_microsoft-windows-m..plication.resources_31bf3856ad364e35_6.1.7600.16385_en-us_915aa9599296fb2b\PostMig.exe.mui,
  18. Dialer,Critical,Remove,Not cleaned,,C:\Windows\winsxs\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_cd4d054cbff19883\pathping.exe.mui,
  19. Client-P2P,Medium,Remove,Not cleaned,,C:\Windows\winsxs\amd64_microsoft-windows-sctasks_31bf3856ad364e35_6.1.7601.17514_none_e8657d02cbf5e4c1\schtasks.exe,
  20. Trojan-Ransom,High,Fix,Infected,,C:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_7.2.7601.16415_none_65a2b1ba61681ebe\mstsc.exe,
  21. Trojan-IM,Medium,Remove,Not cleaned,,C:\Windows\winsxs\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_8fbf4b0735f59a32\ilasm.exe,
  22. Trojan.MSIL.Agent,High,Fix,Infected,,C:\Windows\winsxs\Backup\x86_microsoft-windows-i..r_service.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_97a7da87553dfcf3_iscsicli.exe.mui_64c0a23c,
  23. Net-Worm,Medium,Remove,Not cleaned,,C:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_c569db6aae975591\cmmon32.exe,
  24. Server-Telnet,High,Fix,Infected,,C:\Windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.1.7600.16385_none_b55b5e1094b0283d\certutil.exe,
  25. Trojan-PSW,Low,Fix,Infected,,C:\Windows\winsxs\x86_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7600.16385_none_44263d819f0aa19e\odbcad32.exe,
  26. Trojan-ArcBomb,Medium,Remove,Not cleaned,,C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_4e8bf414cd3a3d6f\et-EE_BitLockerToGo.exe.mui,
  27. Backdoor.Win32.Rbot,High,Fix,Infected,,C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_44b0c76c35d4b76d\wabmig.exe,
RAW Paste Data