Jump to content

steady

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, MBAM 1.50.1.1100 with database 6360 detects an infected registry key HKEY_CLASSES_ROOT\d (Trojan.Agent) Detection takes place once that a spanish goverment related site is used, the site is http://notificaciones.060.es (servicio de notificaciones electronicas), this is supposed to be a secure site used by the spanish goverment and administration to deliver electronic notifications _with_legal_value_ It seems that the site (or any MITM) installs some softare (activeX) on the computer using the site. Given that the installed software is not digitally signed there is no real certainity relative to the origin of the software and its actual intentions. The software is installed in "C:\Archivos de programa\APE-SNE\APE-SNE ActiveX" where APE-SNE is supposed to represent "Apartado Postal Electronico - Servicio de Notificaciones Electronicas" which theoretically is a service provided by the official spanish mail company correos.es There are four files in mentioned folder (APESNEActivex.dll APESNEActivex.InstallState APESNEActivex.tlb Interop.SHDocVw.DLL) and all four pass clean at virustotal.com I'm attaching MBAM's log and some registry keys that seem related with APE-SNE ActiveX. Is this a FP or some kind of malware? Thanks APE_SNE_mbam_log.zip APE_SNE_Reg_keys.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.