Jump to content

what do all these mean??


airtas

Recommended Posts

please bear with me as I am trying to gain malware knowledge recently I ran malware and received this as a result

Memory Processes Infected:

C:\Documents and Settings\John Tasinas\Local Settings\Temp\Ydq.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\msa.exe (Trojan.Agent) -> Failed to unload process.

so is msa the trojan file that was created or is it a windows file that was infected? what does failed to unload process mean? is that good or bad? what is ydg.exe is that the same as msa.exe?

I ran malware on reboot and got these results

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmimzmhmfm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

once again what are these .job files? and how serious were these threats?

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.