SECURITY OVERFLOW
Coin Films
Coin Jeux Vidéos
Coin Loisirs Exterieurs
Catégories
Recommander
Samedi 17 décembre 2005
HackerDefender is the rootkit that which is the most used in the wild.
It was included in the threats list of the Microsoft Removal tool this year.
HackerDefender or HxDef is the favourite rootkit of Script-Kiddies for many reasons:
-light (199 ko for the zip, 315 ko for all the package);
-exhaustive package which already integrates a backdoor;
-highly configurable (INI file);
-ready to use with a simple command line,
-does not require advanced skill,
-can be installed remotely.
1. Monitoring Process requests:
148 22:42:48 hxdef100.exe:1196 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Offset: 66560 Length: 4096
149 22:42:48 hxdef100.exe:1152 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS FileNameInformation
150 22:42:48 hxdef100.exe:1152 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS FileNameInformation
151 22:42:48 hxdef100.exe:1152 OPEN C:WINDOWSPrefetchHXDEF100.EXE-141A4299.pf NOT FOUND Options: Open Access: All
152 22:42:48 hxdef100.exe:1152 OPEN C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS Options: Open Directory Access: Traverse
153 22:42:48 hxdef100.exe:1152 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe.Local NOT FOUND Options: Open Access: All
154 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Offset: 58880 Length: 3584
155 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Offset: 62464 Length: 512
156 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Offset: 58368 Length: 512
157 22:42:48 hxdef100.exe:1152 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe BUFFER OVERFLOW FileNameInformation
158 22:42:48 hxdef100.exe:1152 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS FileNameInformation
159 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSOFTWARE.LOG SUCCESS Length: 8192
160 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSOFTWARE.LOG SUCCESS Length: 8192
161 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Offset: 25600 Length: 32768
162 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Offset: 1024 Length: 24576
163 22:42:48 hxdef100.exe:1152 OPEN C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS Options: Open Directory Access: All
164 22:42:48 hxdef100.exe:1152 DIRECTORY C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS FileBothDirectoryInformation: hxdef100.ini
165 22:42:48 hxdef100.exe:1152 CLOSE C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS
166 22:42:48 hxdef100.exe:1152 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Options: Open Access: All
167 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 0 Length: 128
168 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 128 Length: 128
169 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 256 Length: 128
170 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 384 Length: 128
171 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 512 Length: 128
172 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 640 Length: 128
173 22:42:48 hxdef100.exe:1152 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 768 Length: 128
174 22:42:48 hxdef100.exe:1152 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS
175 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 8192
176 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 8192
177 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 16384
178 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 20480
179 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 24576
180 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 28672
181 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 32768
182 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 36864
183 22:42:48 hxdef100.exe:1152 READ C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 512000 Length: 4096
184 22:42:48 hxdef100.exe:1152 READ C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 507904 Length: 4096
185 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 40960
186 22:42:48 hxdef100.exe:1152 READ C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 1462272 Length: 4096
187 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 45056
188 22:42:48 hxdef100.exe:1152 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 49152
189 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 53248
190 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 57344
191 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 61440
192 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 65536
193 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 69632
194 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 73728
195 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 77824
196 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 81920
197 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 86016
198 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 90112
199 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 0 Length: 512
200 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS
201 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
202 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 512 Length: 1024
203 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 1536 Length: 4096
204 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 5632 Length: 8192
205 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 13824 Length: 4096
206 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 17920 Length: 4096
207 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 22016 Length: 4096
208 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 26112 Length: 4096
209 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 30208 Length: 4096
210 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 34304 Length: 4096
211 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 38400 Length: 16384
212 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 54784 Length: 12288
213 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 67072 Length: 4096
214 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 71168 Length: 4096
215 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 75264 Length: 4096
216 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 79360 Length: 8192
217 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS
218 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
219 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 0 Length: 512
220 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS
221 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
222 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM SUCCESS
223 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
224 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 0 Length: 16384
225 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM SUCCESS
226 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
227 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 491520 Length: 16384
228 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 0 Length: 16384
229 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 2473984 Length: 16384
230 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 1081344 Length: 16384
231 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 507904 Length: 16384
232 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 2605056 Length: 16384
233 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 770048 Length: 16384
234 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 2883584 Length: 16384
235 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 1114112 Length: 16384
236 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 2785280 Length: 16384
237 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 1998848 Length: 16384
238 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 2899968 Length: 16384
239 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 786432 Length: 16384
240 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM SUCCESS
241 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
242 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 0 Length: 4096
243 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM SUCCESS
244 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
245 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 1024
246 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 8192
247 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 8192
248 22:42:48 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 16384
249 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 0 Length: 512
250 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS
251 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
252 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 512 Length: 1024
253 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 1536 Length: 4096
254 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 5632 Length: 4096
255 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 9728 Length: 4096
256 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS
257 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
258 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Offset: 0 Length: 512
259 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS
260 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
261 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM SUCCESS
262 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
263 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 0 Length: 16384
264 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM SUCCESS
265 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
266 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 2883584 Length: 16384
267 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 0 Length: 16384
268 22:42:48 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 2899968 Length: 16384
269 22:42:48 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM SUCCESS
270 22:42:48 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
271 22:42:49 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSYSTEM SUCCESS Offset: 0 Length: 4096
272 22:42:49 SERVICES.EXE:564 FLUSH C:WINDOWSSystem32CONFIGSYSTEM SUCCESS
273 22:42:49 SERVICES.EXE:564 WRITE C: SUCCESS Offset: 0 Length: 4096
274 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 1024
275 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 8192
276 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 8192
277 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 16384
278 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 20480
279 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 24576
280 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 28672
281 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 32768
282 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 36864
283 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 40960
284 22:42:49 SERVICES.EXE:564 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 45056
285 22:42:49 SERVICES.EXE:564 OPEN C:Documents NOT FOUND Options: Open Access: All
286 22:42:49 SERVICES.EXE:564 OPEN C:Documents.exe NOT FOUND Options: Open Access: All
287 22:42:49 SERVICES.EXE:564 OPEN C:Documents NOT FOUND Options: Open Access: All
288 22:42:49 SERVICES.EXE:564 OPEN C:Documents and NOT FOUND Options: Open Access: All
289 22:42:49 SERVICES.EXE:564 OPEN C:Documents and.exe NOT FOUND Options: Open Access: All
290 22:42:49 SERVICES.EXE:564 OPEN C:Documents and NOT FOUND Options: Open Access: All
291 22:42:49 SERVICES.EXE:564 OPEN C:Documents and SettingsMICHELMes NOT FOUND Options: Open Access: All
292 22:42:49 SERVICES.EXE:564 OPEN C:Documents and SettingsMICHELMes.exe NOT FOUND Options: Open Access: All
293 22:42:49 SERVICES.EXE:564 OPEN C:Documents and SettingsMICHELMes NOT FOUND Options: Open Access: All
294 22:42:49 SERVICES.EXE:564 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Options: Open Access: All
295 22:42:49 SERVICES.EXE:564 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Attributes: A
296 22:42:49 SERVICES.EXE:564 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS
297 22:42:49 SERVICES.EXE:564 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Options: Open Access: All
298 22:42:49 SERVICES.EXE:564 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Attributes: A
299 22:42:49 SERVICES.EXE:564 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS
300 22:42:49 SERVICES.EXE:564 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Options: Open Access: All
301 22:42:49 SERVICES.EXE:564 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Attributes: A
302 22:42:49 SERVICES.EXE:564 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Length: 70656
303 22:42:49 SERVICES.EXE:564 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS FileNameInformation
304 22:42:49 SERVICES.EXE:564 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Options: Open Access: All
305 22:42:49 SERVICES.EXE:564 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Attributes: A
306 22:42:49 SERVICES.EXE:564 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS
307 22:42:49 SERVICES.EXE:564 OPEN C:Documents and Settings SUCCESS Options: Open Directory Access: All
308 22:42:49 SERVICES.EXE:564 DIRECTORY C:Documents and Settings SUCCESS FileBothDirectoryInformation: MICHEL
309 22:42:49 SERVICES.EXE:564 CLOSE C:Documents and Settings SUCCESS
310 22:42:49 SERVICES.EXE:564 OPEN C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS Options: Open Directory Access: All
311 22:42:49 SERVICES.EXE:564 DIRECTORY C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS FileBothDirectoryInformation: hxdef100.exe
312 22:42:49 SERVICES.EXE:564 CLOSE C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS
313 22:42:49 SERVICES.EXE:564 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Length: 70656
314 22:42:49 SERVICES.EXE:564 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS Length: 70656
315 22:42:49 SERVICES.EXE:564 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe.Manifest NOT FOUND Options: Open Access: All
316 22:42:49 SERVICES.EXE:564 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS
317 22:42:49 hxdef100.exe:764 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS FileNameInformation
318 22:42:49 hxdef100.exe:764 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS FileNameInformation
319 22:42:49 hxdef100.exe:764 OPEN C:WINDOWSPrefetchHXDEF100.EXE-141A4299.pf NOT FOUND Options: Open Access: All
320 22:42:49 hxdef100.exe:764 OPEN C:WINDOWSsystem32 SUCCESS Options: Open Directory Access: Traverse
321 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe.Local NOT FOUND Options: Open Access: All
322 22:42:49 hxdef100.exe:764 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe BUFFER OVERFLOW FileNameInformation
323 22:42:49 hxdef100.exe:764 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.exe SUCCESS FileNameInformation
324 22:42:49 hxdef100.exe:764 OPEN C:WINDOWSsystem32 SUCCESS Options: Open Directory Access: All
325 22:42:49 hxdef100.exe:764 DIRECTORY C:WINDOWSsystem32 NO SUCH FILE FileBothDirectoryInformation: hxdef100.ini
326 22:42:49 hxdef100.exe:764 CLOSE C:WINDOWSsystem32 SUCCESS
327 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS Options: Open Directory Access: All
328 22:42:49 hxdef100.exe:764 DIRECTORY C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS FileBothDirectoryInformation: hxdef100.ini
329 22:42:49 hxdef100.exe:764 CLOSE C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS
330 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Options: Open Access: All
331 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 0 Length: 128
332 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 128 Length: 128
333 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 256 Length: 128
334 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 384 Length: 128
335 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 512 Length: 128
336 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 640 Length: 128
337 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 768 Length: 128
338 22:42:49 hxdef100.exe:764 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS
339 22:42:49 hxdef100.exe:764 OPEN C:WINDOWSPrefetch SUCCESS Options: Open Directory Access: All
340 22:42:49 hxdef100.exe:764 DIRECTORY C:WINDOWSPrefetch SUCCESS FileBothDirectoryInformation: *.pf
341 22:42:49 hxdef100.exe:764 DIRECTORY C:WINDOWSPrefetch SUCCESS FileBothDirectoryInformation
342 22:42:49 hxdef100.exe:764 DIRECTORY C:WINDOWSPrefetch SUCCESS FileBothDirectoryInformation
343 22:42:49 hxdef100.exe:764 DIRECTORY C:WINDOWSPrefetch SUCCESS FileBothDirectoryInformation
344 22:42:49 hxdef100.exe:764 DIRECTORY C:WINDOWSPrefetch SUCCESS FileBothDirectoryInformation
345 22:42:49 hxdef100.exe:764 DIRECTORY C:WINDOWSPrefetch SUCCESS FileBothDirectoryInformation
346 22:42:49 hxdef100.exe:764 DIRECTORY C:WINDOWSPrefetch NO MORE FILES FileBothDirectoryInformation
347 22:42:49 hxdef100.exe:764 CLOSE C:WINDOWSPrefetch SUCCESS
348 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100rws2_32.dll NOT FOUND Options: Open Access: All
349 22:42:49 hxdef100.exe:764 OPEN C:WINDOWSsystem32ws2_32.dll SUCCESS Options: Open Access: All
350 22:42:49 hxdef100.exe:764 QUERY INFORMATION C:WINDOWSsystem32ws2_32.dll SUCCESS Attributes: A
351 22:42:49 hxdef100.exe:764 CLOSE C:WINDOWSsystem32ws2_32.dll SUCCESS
352 22:42:49 hxdef100.exe:764 OPEN C:WINDOWSsystem32ws2_32.dll SUCCESS Options: Open Access: Execute
353 22:42:49 hxdef100.exe:764 CLOSE C:WINDOWSsystem32ws2_32.dll SUCCESS
354 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100rWS2HELP.dll NOT FOUND Options: Open Access: All
355 22:42:49 hxdef100.exe:764 OPEN C:WINDOWSsystem32WS2HELP.dll SUCCESS Options: Open Access: All
356 22:42:49 hxdef100.exe:764 QUERY INFORMATION C:WINDOWSsystem32WS2HELP.dll SUCCESS Attributes: A
357 22:42:49 hxdef100.exe:764 CLOSE C:WINDOWSsystem32WS2HELP.dll SUCCESS
358 22:42:49 hxdef100.exe:764 OPEN C:WINDOWSsystem32WS2HELP.dll SUCCESS Options: Open Access: Execute
359 22:42:49 hxdef100.exe:764 CLOSE C:WINDOWSsystem32WS2HELP.dll SUCCESS
360 22:42:49 hxdef100.exe:1152 CLOSE C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS
361 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys NOT FOUND Options: Open Access: All
362 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys NOT FOUND Options: Open Access: All
363 22:42:49 hxdef100.exe:764 CREATE C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS Options: OverwriteIf Access: All
364 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS Options: Open Directory Access: 00000000
365 22:42:49 hxdef100.exe:764 WRITE C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS Offset: 0 Length: 3342
366 22:42:49 hxdef100.exe:764 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS
367 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS Options: Open Access: All
368 22:42:49 hxdef100.exe:764 SET INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS FileBasicInformation
369 22:42:49 hxdef100.exe:764 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS
370 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS Options: Open Access: All
371 22:42:49 hxdef100.exe:764 QUERY INFORMATION C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys INVALID PARAMETER FileAttributeTagInformation
372 22:42:49 hxdef100.exe:764 DELETE C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS
373 22:42:49 hxdef100.exe:764 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS
374 22:42:49 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSysEvent.Evt SUCCESS Offset: 130400 Length: 220
375 22:42:49 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSysEvent.Evt SUCCESS Offset: 130620 Length: 40
376 22:42:49 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSysEvent.Evt SUCCESS Offset: 130620 Length: 216
377 22:42:49 SERVICES.EXE:564 WRITE C:WINDOWSSystem32CONFIGSysEvent.Evt SUCCESS Offset: 130836 Length: 40
378 22:42:49 hxdef100.exe:764 CREATE C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS Options: OverwriteIf Access: All
379 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS Options: Open Directory Access: 00000000
380 22:42:49 hxdef100.exe:764 WRITE C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS Offset: 0 Length: 3342
381 22:42:49 hxdef100.exe:764 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdefdrv.sys SUCCESS
382 22:42:49 hxdef100.exe:764 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 49152
383 22:42:49 hxdef100.exe:764 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 53248
384 22:42:49 hxdef100.exe:764 SET INFORMATION C:WINDOWSSystem32CONFIGSYSTEM.LOG SUCCESS Length: 57344
385 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS Options: Open Directory Access: All
386 22:42:49 hxdef100.exe:764 DIRECTORY C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS FileBothDirectoryInformation: hxdef100.ini
387 22:42:49 hxdef100.exe:764 CLOSE C:Documents and SettingsMICHELMes documentshxdef100r SUCCESS
388 22:42:49 hxdef100.exe:764 OPEN C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Options: Open Access: All
389 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 0 Length: 128
390 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 128 Length: 128
391 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 256 Length: 128
392 22:42:49 hxdef100.exe:764 READ C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS Offset: 384 Length: 128
393 22:42:49 hxdef100.exe:764 CLOSE C:Documents and SettingsMICHELMes documentshxdef100rhxdef100.ini SUCCESS
The rootkit takes only one second for installing its service and driver.
Once installed, all files concerned by HxDef are hidden from the user and the system.:
In the next screenshot, i've just added 2 .jpg to My Documents file database; and the deleted files detected by FIVE (free integrity checker) are just now hidden.
And even files on external drives (on CDRom for instance) can be hidden:
2.MONITORING REGISTRY:
Par kareldjag
-
Publié dans : LINE DEFENSE
Ecrire un commentaire - Voir les 0 commentaires - Recommander
Ecrire un commentaire - Voir les 0 commentaires - Recommander
Calendrier
| Juillet 2009 | ||||||||||
| L | M | M | J | V | S | D | ||||
| 1 | 2 | 3 | 4 | 5 | ||||||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 | ||||
| 13 | 14 | 15 | 16 | 17 | 18 | 19 | ||||
| 20 | 21 | 22 | 23 | 24 | 25 | 26 | ||||
| 27 | 28 | 29 | 30 | 31 | ||||||
|
||||||||||
Articles récents
- HARDENING WINDOWS HOST Part 4: ACCOUNTS AND RIGHTS MANAGEMENTS
- PERSONAL HIPS: THE TOP LIST
- IDS For HOME USERS
- HIPS tests news
- Volunteers for HIPS tests
- AN OVERVIEW OF PERSONAL DESKTOP/HOST IPS 2
- AN OVERVIEW OF PERSONAL DESKTOP/HOST IPS
- WHY YOU SHOULDN'T RUN ONLY WITH AN ANTIVIRUS + FIREWALL AND WHY A PROACTIVE PROTECTION IS NECESSARY
- ADVANCED INTEGRITY CHECKERS
- ABUSE SHIELD
Archives
- mai 2007 (1)
- août 2006 (1)
- avril 2006 (1)
- mars 2006 (1)
- février 2006 (3)
- janvier 2006 (4)
- décembre 2005 (6)
- novembre 2005 (1)
- octobre 2005 (1)
- septembre 2005 (2)
- août 2005 (2)
- juillet 2005 (7)
- juin 2005 (10)
- mai 2005 (8)