PC Anti-Virus Protection 2012 - DennisTechnologyLabs · 2011-08-30 · Avast Free Antivirus 6.0 47 94% PC Tools Internet Security 8 45 90% Micros oft Security Essentials 2.1 44 88%

PC Anti-Virus Protection 2012 Page 1 of 106

PC Anti-Virus Protection 2012

13 POPULAR ANTI-VIRUS PROGRAMS COMPARED FOR EFFECTIVENESS

Dennis Technology Labs, 26/07/2011

www.DennisTechnologyLabs.com

This test aims to compare the effectiveness of the most recent releases of popular anti-virus software1. The products

include those from Kaspersky, McAfee, Microsoft, Symantec (Norton) and Trend Micro, as well as free versions

from Avast, AVG and Avira. Other products include those from BitDefender, ESET, G Data, K7 and PC Tools.

The tests were conducted between 14/07/2011 and 26/07/2011 using the most up to date versions of the software

available.

A total of 13 products were exposed to genuine internet threats that real customers could have encountered during

the test period. Crucially, this exposure was carried out in a realistic way, reflecting a customer’s experience as closely

as possible. For example, each test system visited real, infected websites that significant numbers of internet users

were encountering at the time of the test. These results reflect what would have happened if those users were using

one of the products tested.

EXECUTIVE SUMMARY

� Products that block attacks early tended to protect the system more fully

The nature of web-based attacks means that the longer malware has access to a system, the more chances it has of

downloading and installing further threats. Products that blocked the malicious and infected websites from the start

reduced the risk of compromise by secondary and further downloads.

� 100 per cent protection is rare

This test recorded an average protection score of 87.5 per cent. New threats appear online frequently and it is

inevitable that there will be times when specific security products are unable to protect against some of these threats.

� The products rarely prevented the installation of legitimate applications

With the exception of K7 TotalSecurity 11, most products were fairly accurate when it came to classifying legitimate

applications. That said, only three of the products were 100 per cent accurate in this part of the test.

Simon Edwards, Dennis Technology Labs

1 The latest available products were used in the test:

Avast! Free AntiVirus 6 Kaspersky Internet Security 2012

AVG Anti-Virus Free Edition 2011 McAfee Internet Security 2011

Avira Antivir Personal Free Antivirus Microsoft Security Essentials 2.1

BitDefender Internet Security 2011 Norton Internet Security 2012

ESET Smart Security 4 PC Tools Internet Security 8

G Data InternetSecurity 2012 Trend Micro Titanium Internet Security 2011

K7 Total Security 11


CONTENTS

Executive summary ..................................................................................................................................................................... 1

Contents ........................................................................................................................................................................................ 2

1. Total Accuracy Ratings ........................................................................................................................................................... 3

2. Protection Ratings ................................................................................................................................................................... 5

3. Protection Scores ..................................................................................................................................................................... 7

4. Protection Details .................................................................................................................................................................... 9

5. False Positives ........................................................................................................................................................................ 11

6. The Tests ................................................................................................................................................................................ 16

7. Test Details ............................................................................................................................................................................. 18

8. Conclusions ............................................................................................................................................................................ 22

Appendix A: Terms ................................................................................................................................................................... 23

Appendix B: Legitimate Samples ............................................................................................................................................ 24

Appendix C: Threat Report ..................................................................................................................................................... 29

Appendix D: Tools .................................................................................................................................................................. 105

Appendix E: Terms of the Test ............................................................................................................................................ 106


1. TOTAL ACCURACY RATINGS

The security products on test are expected to prevent threats from attacking the target systems successfully. They

should also allow users to install legitimate software unhampered. The scoring system used in this test penalises

products when they fail to achieve these goals and rewards those that excel.

Products gain points for stopping threats successfully and lose points for failing to stop them. They also lose points

for handling legitimate files incorrectly, while gaining points for allowing users to install them. Each product then

receives a final rating based on its performance in each of the ‘threat’ and ‘legitimate software’ tests.

The following results show a combined accuracy rating, taking into account each product’s performance with both

threats and non-malicious software. There is a maximum possible score of 150 and a minimum of -350.

See 5. False Positives for detailed results and an explanation on how the false positive ratings are calculated.

There is only a fractional difference between the top three products. Norton Internet Security 2012, G Data

Internet Security 2012 and ESET Smart Security 4 are all within one point of each other.

14

6

14

5.5

14

5

13

7.7

5

13

6.5

13

2

12

2

11

4.9

10

4

10

3

84

.75

80

79

.25

-10

10

30

50

70

90

110

130

150

Total Accuracy

Total


TOTAL ACCURACY

ProductProductProductProduct Accuracy ScoreAccuracy ScoreAccuracy ScoreAccuracy Score

Symantec Norton Internet Security 2012 146

G Data InternetSecurity 2012 145.5

ESET Smart Security 4 145

Kaspersky Internet Security 2012 137.75

Trend Micro Titanium Internet Security 2011 136.5

Avast Free Antivirus 6.0 132

Microsoft Security Essentials 2.1 122

PC Tools Internet Security 8 114.9

Avira Antivir Personal Free Antivirus 104

BitDefender Internet Security 2011 103

K7 TotalSecurity 11 84.75

AVG Anti-Virus Free Edition 2011 80

McAfee Internet Security 2011 79.25


2. PROTECTION RATINGS

The following results show how each product has been scored for its accuracy in detecting and handling malware

only. They do not take into account false positives.

We awarded two points for defending against a threat, one for neutralizing it and deducted two points every time a

product allowed the system to be compromised. The best possible score is 100 and the worst is -100.

The reason behind this score weighting is to give credit to products that deny malware an opportunity to tamper

with the system and to penalize those that allow malware to damage it. It is quite possible that a compromised

system will be made unstable, or even unusable without expert knowledge. Even if active malware was removed, we

considered such damaged systems to count as being compromised.

The Norton product defended against 49 out of the 50 threats, so it scores 96. It gains double points for each

defense (2x 49), totaling 98. It then loses two points because it was compromised once, ending up with 96 points. G

Data’s product was the only one to avoid all compromises. It scored the same number of points as the Norton

product, however, because it defended against 46 threats but neutralized four of them. Its score is calculated like

this: (2x46) + (4x1) = 96.

Symantec’s Norton product ties with G Data’s software, even though G Data InternetSecurity 2012 was the

only one to protect against all the internet threats used (see 3. Protection Scores).

96

96

95

93

88

85

73

72

55

55

48

33

30

0

10

20

30

40

50

60

70

80

90

100

Protection Ratings


PROTECTION RATINGS

ProductProductProductProduct TargetTargetTargetTarget DefendedDefendedDefendedDefended

TargetTargetTargetTarget NeutralizedNeutralizedNeutralizedNeutralized

TargetTargetTargetTarget CompromisedCompromisedCompromisedCompromised

Protection Protection Protection Protection RatingRatingRatingRating

G Data InternetSecurity 2012 46 4 0 96

Symantec Norton Internet Security 2012 49 0 1 96

ESET Smart Security 4 48 1 1 95

Kaspersky Internet Security 2012 46 3 1 93

Trend Micro Titanium Internet Security 2011 47 0 3 88

Avast Free Antivirus 6.0 44 3 3 85

PC Tools Internet Security 8 38 7 5 73

Microsoft Security Essentials 2.1 40 4 6 72

Avira Antivir Personal Free Antivirus 35 5 10 55

BitDefender Internet Security 2011 35 5 10 55

K7 TotalSecurity 11 28 12 10 48

AVG Anti-Virus Free Edition 2011 28 7 15 33

McAfee Internet Security 2011 28 6 16 30


3. PROTECTION SCORES

The following illustrates the general level of protection provided by each of the security products, combining the

defended and neutralized incidents into an overall figure. This figure is not weighted with an arbitrary scoring system

as it was in 1. Total Accuracy Ratings and 2. Protection Ratings.

The average protection levels afforded by the tested products, when exposed to the threats used in this test, was

87.5 per cent. Above average products included Microsoft Security Essentials and all those products to its left on the

graph below. In this test two of the above-average products are free for non-commercial use.

Two out of the three free products performed above the average when protecting against threats.

0

10

20

30

40

50

Protection Scores


PROTECTION SCORES

ProductProductProductProduct Protected IncidentsProtected IncidentsProtected IncidentsProtected Incidents Percentage of Percentage of Percentage of Percentage of IIIIncidentsncidentsncidentsncidents

G Data InternetSecurity 2012 50 100%

Kaspersky Internet Security 2012 49 98%

Symantec Norton Internet Security 2012 49 98%

ESET Smart Security 4 49 98%

Trend Micro Titanium Internet Security 2011

47 94%

Avast Free Antivirus 6.0 47 94%

PC Tools Internet Security 8 45 90%

Microsoft Security Essentials 2.1 44 88%

Avira Antivir Personal Free Antivirus 40 80%

BitDefender Internet Security 2011 40 80%

K7 TotalSecurity 11 40 80%

AVG Anti-Virus Free Edition 2011 35 70%

McAfee Internet Security 2011 34 68%

(Average: 87.5 per cent)


4. PROTECTION DETAILS

The security products provided different levels of protection. When a product defended against a threat, it

prevented the malware from gaining a foothold on the target system. A threat might have been able to infect the

system and, in some cases, the product neutralized it later. When it couldn’t, the system was compromised.

The graph below shows that the most successful products tended to defend, rather than neutralize, the threats.

Between them the top five products only neutralized eight threats, while they defended a total of 236. They were

compromised just six times. The five least effective products, on the other hand, neutralized 35 threats and

defended just 154. They were compromised a total of 61 times.

The most successful products tended to defend rather than neutralize, blocking the threats early in the

attack.

0

5

10

15

20

25

30

35

40

45

50

Protection Details

Target Compromised Target Neutralized Target Defended


PROTECTION DETAILS

ProductProductProductProduct Target DefendedTarget DefendedTarget DefendedTarget Defended Target NeutralizedTarget NeutralizedTarget NeutralizedTarget Neutralized Target CompromisedTarget CompromisedTarget CompromisedTarget Compromised

G Data InternetSecurity 2012 46 4 0

Symantec Norton Internet Security 2012

49 0 1

ESET Smart Security 4 48 1 1

Kaspersky Internet Security 2012

46 3 1


47 0 3

Avast Free Antivirus 6.0 44 3 3

PC Tools Internet Security 8 38 7 5

Microsoft Security Essentials 2.1

40 4 6

Avira Antivir Personal Free Antivirus

35 5 10

BitDefender Internet Security 2011

35 5 10

K7 TotalSecurity 11 28 12 10

AVG Anti-Virus Free Edition 2011

28 7 15

McAfee Internet Security 2011

28 6 16


5. FALSE POSITIVES

5.1 False positive scores

A security product needs to be able to protect the system from threats, while allowing legitimate software to work

properly. When legitimate software is misclassified a false positive is generated. We split the results into two main

groups because the products all took one of two approaches when attempting to protect the system from the

legitimate programs. They either warned that the software was suspicious or took the more decisive step of blocking

it.

Blocking a legitimate application is more serious than issuing a warning because it directly hampers the user. In this

test the number of warnings (22) was very close to the number of times a product blocked an application (21).

The graph below includes the number and type of false positive that each product generated.

When generating a false positive the products were as likely to block as they were to warn against

legitimate applications. However, overall there were relatively few false positives in this test.

0

1

2

3

4

5

6

7

8

9

Ava

st F

ree

An

tivir

us

6.0

AV

G A

nti

-Vir

us

Fre

e E

dit

ion

20

11

Avir

a A

nti

vir

Pe

rso

na

l F

ree

An

tivir

us

Bit

De

fen

de

r In

tern

et

Se

curi

ty 2

01

1

ES

ET

Sm

art

Se

curi

ty 4

G D

ata

In

tern

etS

ecu

rity

20

12

K7

To

talS

ecu

rity

11

Ka

spe

rsk

y I

nte

rne

t S

ecu

rity

20

12

McA

fee

In

tern

et

Se

curi

ty 2

01

1

Mic

roso

ft S

ecu

rity

Ess

en

tia

ls 2

.1

PC

To

ols

In

tern

et

Se

curi

ty 8

Sy

ma

nte

c N

ort

on

In

tern

et

Se

curi

ty 2

01

2

Tre

nd

Mic

ro T

ita

niu

m I

nte

rne

t S

ecu

rity

20

11

Ava

st F

ree

An

tivir

us

6.0

AV

G A

nti

-Vir

us

Fre

e E

dit

ion

20

11

Avir

a A

nti

vir

Pe

rso

na

l F

ree

An

tivir

us

Bit

De

fen

de

r In

tern

et

Se

curi

ty 2

01

1

ES

ET

Sm

art

Se

curi

ty 4

G D

ata

In

tern

etS

ecu

rity

20

12

K7

To

talS

ecu

rity

11

Ka

spe

rsk

y I

nte

rne

t S

ecu

rity

20

12

McA

fee

In

tern

et

Se

curi

ty 2

01

1

Mic

roso

ft S

ecu

rity

Ess

en

tia

ls 2

.1

PC

To

ols

In

tern

et

Se

curi

ty 8

Sy

ma

nte

c N

ort

on

In

tern

et

Se

curi

ty 2

01

2

Tre

nd

Mic

ro T

ita

niu

m I

nte

rne

t S

ecu

rity

20

11

Warnings Blockings

False Positive Scores

Total


FALSE POSITIVE SCORES

False Positive TypeFalse Positive TypeFalse Positive TypeFalse Positive Type ProductProductProductProduct TotalTotalTotalTotal

WarningsWarningsWarningsWarnings Avira Antivir Personal Free Antivirus 0



G Data InternetSecurity 2012 0


PC Tools Internet Security 8 0



0


McAfee Internet Security 2011 2


Kaspersky Internet Security 2012 6

K7 TotalSecurity 11 8

BlockingsBlockingsBlockingsBlockings ESET Smart Security 4 0

Kaspersky Internet Security 2012 0

McAfee Internet Security 2011 0




G Data InternetSecurity 2012 1



2



K7 TotalSecurity 11 4

PC Tools Internet Security 8 5


5.2 Taking file prevalence into account

The prevalence of each file is significant. If a product misclassified a common file then the situation would be more

serious than if it failed to detect a less common one. That said, it is usually expected that anti-malware programs

should not misclassify any legitimate software.

The files selected for the false positive testing were organized into five groups: Very High Impact, High Impact,

Medium Impact, Low Impact and Very Low Impact. These categories were based on download numbers as

reported by sites including Download.com at the time of testing. The ranges for these categories are recorded in the

table below:

FALSE POSITIVE PREVALENCE CATEGORIES

Impact categoryImpact categoryImpact categoryImpact category PrevalencePrevalencePrevalencePrevalence (downloads in the previous week)(downloads in the previous week)(downloads in the previous week)(downloads in the previous week)

Very High Impact >20,000

High Impact 1,000 – 20,000

Medium Impact 100 – 999

Low Impact 25 – 99

Very Low Impact < 25

5.3 Modifying scores

The following set of score modifiers were used to create an impact-weighted accuracy score. Each time a product

allowed a new legitimate program to install and run it was awarded one point. It lost points (or fractions of a point)

if and when it generated a false positive. We used the following score modifiers:

FALSE POSITIVE PREVALENCE SCORE MODIFIERS

False positive actionFalse positive actionFalse positive actionFalse positive action Impact categoryImpact categoryImpact categoryImpact category Score modifierScore modifierScore modifierScore modifier

Blocked Very High Impact -5

High Impact -2

Medium Impact -1

Low Impact -0.5

Very Low Impact -0.1

Warning Very High Impact -2.5

High Impact -1

Medium Impact -0.5

Low Impact -0.25

Very Low Impact -0.05


5.4 Distribution of impact categories

Products that scored highest were the most accurate when handling the legitimate applications used in the test. The

best score possible is 50, while the worst would be -250 (assuming that all applications were classified as Very High

Impact and were blocked). In fact the distribution of applications in the impact categories was not restricted only to

Very High Impact. The table below shows the true distribution:

FALSE POSITIVE CATEGORY FREQUENCY

Impact categoryImpact categoryImpact categoryImpact category Number of instancesNumber of instancesNumber of instancesNumber of instances

Very High Impact 7

High Impact 9

Medium Impact 16

Low Impact 8

Very Low Impact 10


5.5 False positive ratings

Combining the impact categories with weighted scores produces the following false positive accuracy ratings.

When a product misclassified a popular program it faced a stronger penalty than if the file was more obscure.

FALSE POSITIVE RATINGS

ProductProductProductProduct Accuracy scoreAccuracy scoreAccuracy scoreAccuracy score




G Data InternetSecurity 2012 49.5

McAfee Internet Security 2011 49.25


Trend Micro Titanium Internet Security 2011 48.5




Kaspersky Internet Security 2012 44.75

PC Tools Internet Security 8 41.9

0

5

10

15

20

25

30

35

40

45

50

False Positive Ratings

Total


6. THE TESTS

6.1 The threats

Providing a realistic user experience was important in order to illustrate what really happens when a user encounters

a threat on the internet. For example, in these tests web-based malware was accessed by visiting an original, infected

website using a web browser, and not downloaded from a CD or internal test website.

All target systems were fully exposed to the threats. This means that any exploit code was allowed to run, as were

other malicious files, They were run and permitted to perform exactly as they were designed to, subject to checks

made by the installed security software. A minimum time period of five minutes was provided to allow the malware

an opportunity to act.

6.2 Test rounds

Tests were conducted in rounds. Each round recorded the exposure of every product to a specific threat. For

example, in ‘round one’ each of the products were exposed to the same malicious website.

At the end of each round the test systems were completely reset to remove any possible trace of malware before the

next test began.

Each ‘round’ exposed every product to one specific threat. The partial set of records for round five (highlighted above) shows a range of responses to a particular threat. In this example products from Avira, BitDefender, ESS and Kaspersky allowed the threat to compromise the systems, while the Microsoft product neutralized the threat. The remaining products blocked the threat early, defending against it.

6.3 Monitoring

Close logging of the target systems was necessary to gauge the relative successes of the malware and the anti-

malware software. This included recording activity such as network traffic, the creation of files and processes and

changes made to important files.

6.4 Levels of protection

The products displayed different levels of protection. Sometimes a product would prevent a threat from executing,

or at least making any significant changes to the target system. In other cases a threat might be able to perform some

tasks on the target, after which the security product would intervene and remove some or all of the malware. Finally,

a threat may be able to bypass the security product and carry out its malicious tasks unhindered. It may even be able

to disable the security software. Occasionally Windows' own protection system might handle a threat while the anti-

virus program ignored it. Another outcome is that the malware may crash for various reasons. The different levels

of protection provided by each product were recorded following analysis of the log files.

If malware failed to perform properly in a given incident, perhaps because of the very presence of the security

product, rather than any specific defending action that the product took, the product was given the benefit of the

doubt and a Defended result was recorded. If the test system was damaged, becoming hard to use following an


attempted attack, this was counted as a compromise even if the active parts of the malware had eventually been

removed by the product.

6.5 Types of protection

All of the products tested provided two main types of protection: real-time and on-demand. Real-time protection

monitors the system constantly in an attempt to prevent a threat from gaining access. On-demand protection is

essentially a ‘virus scan’ that is run by the user at an arbitrary time.

The test results note each product’s behavior when a threat is introduced and afterwards. The real-time protection

mechanism was monitored throughout the test, while an on-demand scan was run towards the end of each test to

measure how safe the product determined the system to be. Manual scans were run only when a tester determined

that malware had made an interaction with the target system. In other words, if the security product claimed to

block the attack at the initial stage, and the monitoring logs supported this claim, the case was considered closed and

a Defended result was recorded.


7. TEST DETAILS

7.1 The targets

To create a fair testing environment, each product was installed on a clean Windows XP Professional target system.

The operating system was updated with Windows XP Service Pack 3 (SP3), although no later patches or updates

were applied.

We test with Windows XP SP3 and Internet Explorer 7 due to the high prevalence of internet threats that rely on

this combination. The prevalence of these threats suggests that there are many systems with this level of patching

currently connected to the internet.

A selection of legitimate but old software was pre-installed on the target systems. These posed security risks, as they

contained known vulnerabilities. They included out of date versions of Adobe Flash Player and Adobe Reader.

A different security product was then installed on each system. Each product’s update mechanism was used to

download the latest version with the most recent definitions and other elements. Due to the dynamic nature of the

tests, which were carried out in real-time with live malicious websites, the products' update systems were allowed to

run automatically and were also run manually before each test round was carried out. The products were also

allowed to 'call home' should they be programmed to query databases in real-time. Some products might

automatically upgrade themselves during the test. At any given time of testing, the very latest version of each

program was used.

Each target system contained identical hardware, including an Intel Core 2 Duo processor, 1GB RAM, a 160GB

hard disk and a DVD-ROM drive. Each was connected to the internet via its own virtual network (VLAN) to avoid

malware cross-infecting other targets.

7.2 Threat selection

The malicious web links (URLs) used in the tests were picked from lists generated by Dennis Technology Labs’ own

malicious site detection system, which uses popular search engine keywords submitted to Google. It analyses sites

that are returned in the search results from a number of search engines and adds them to a database of malicious

websites. In all cases, a control system (Verification Target System - VTS) was used to confirm that the URLs linked

to actively malicious sites.

Malicious URLs and files are not shared with any vendors during the testing process.

7.3 Test stages

There were three main stages in each individual test:

1. Introduction

2. Observation

3. Remediation

During the Introduction stage, the target system was exposed to a threat. Before the threat was introduced, a snapshot

was taken of the system. This created a list of Registry entries and files on the hard disk. We used Regshot (see

Appendix D: Tools) to take and compare system snapshots. The threat was then introduced.

Immediately after the system’s exposure to the threat, the Observation stage is reached. During this time, which

typically lasted at least 10 minutes, the tester monitored the system both visually and using a range of third-party

tools. The tester reacted to pop-ups and other prompts according to the directives described below (see 7.6

Observation and intervention).

In the event that hostile activity to other internet users was observed, such as when spam was being sent by the

target, this stage was cut short. The Observation stage concluded with another system snapshot. This ‘exposed’

snapshot was compared to the original ‘clean’ snapshot and a report generated. The system was then rebooted.


The Remediation stage is designed to test the products’ ability to clean an infected system. If it defended against the

threat in the Observation stage then we skipped this stage. An on-demand scan was run on the target, after which a

‘scanned’ snapshot was taken. This was compared to the original ‘clean’ snapshot and a report was generated. All log

files, including the snapshot reports and the product’s own log files, were recovered from the target. In some cases

the target became so damaged that log recovery was considered impractical. The target was then reset to a clean

state, ready for the next test.

7.4 Threat introduction

Malicious websites were visited in real-time using Internet Explorer. This risky behavior was conducted using live

internet connections. URLs were typed manually into Internet Explorer’s address bar.

Web-hosted malware often changes over time. Visiting the same site over a short period of time can expose systems

to what appear to be a range of threats (although it may be the same threat, slightly altered to avoid detection). Also,

many infected sites will only attack a particular IP address once, which makes it hard to test more than one product

against the same threat.

In order to improve the chances that each target system received the same experience from a malicious web server,

we used a web replay system. When the verification target systems visited a malicious site, the page’s content,

including malicious code, was downloaded, stored and loaded into the replay system. When each target system

subsequently visited the site, it received exactly the same content.

The network configurations were set to allow all products unfettered access to the internet throughout the test,

regardless of the web replay systems.

7.5 Secondary downloads

Established malware may attempt to download further files (secondary downloads), which are stored in a cache by a

proxy on the network and re-served to other targets in some circumstances. These circumstances include cases

where:

1. The download request is made using HTTP (e.g. http://badsite.example.com/...) and

2. The same filename is requested each time (e.g. badfile1.exe)

There are scenarios in which target systems receive different secondary downloads. These include cases where:

1. The download request is made using HTTPS or a non-web protocol such as FTP or

2. A different filename is requested each time (e.g. badfile2.exe; random357.exe)


7.6 Observation and intervention

Throughout each test, the target system was observed both manually and in real-time. This enabled the tester to take

comprehensive notes about the system’s perceived behavior, as well as to compare visual alerts with the products’

log entries. At certain stages the tester was required to act as a regular user. To achieve consistency, the tester

followed a policy for handling certain situations, including dealing with pop-ups displayed by products or the

operating system, system crashes, invitations by malware to perform tasks and so on.

This user behavior policy included the following directives:

1. Act naively. Allow the threat a good chance to introduce itself to the target by clicking OK to malicious

prompts, for example.

2. Don’t be too stubborn in retrying blocked downloads. If a product warns against visiting a site, don’t take

further measures to visit that site.

3. Where malware is downloaded as a Zip file, or similar, extract it to the Desktop then attempt to run it. If

the archive is protected by a password, and that password is known to you (e.g. it was included in the body

of the original malicious email), use it.

4. Always click the default option. This applies to security product pop-ups, operating system prompts

(including Windows firewall) and malware invitations to act.

5. If there is no default option, wait. Give the prompt 20 seconds to choose a course of action automatically.

6. If no action is taken automatically, choose the first option. Where options are listed vertically, choose the

top one. Where options are listed horizontally, choose the left-hand one.

7.7 Remediation

When a target is exposed to malware, the threat may have a number of opportunities to infect the system. The

security product also has a number of chances to protect the target. The snapshots explained in 7.3 Test stages

provided information that was used to analyze a system’s final state at the end of a test.

Before, during and after each test, a ‘snapshot’ of the target system was taken to provide information about what

had changed during the exposure to malware. For example, comparing a snapshot taken before a malicious website

was visited to one taken after might highlight new entries in the Registry and new files on the hard disk. Snapshots

were also used to determine how effective a product was at removing a threat that had managed to establish itself on

the target system. This analysis gives an indication as to the levels of protection that a product has provided.

These levels of protection have been recorded using three main terms: defended, neutralized, and compromised. A

threat that was unable to gain a foothold on the target was defended against; one that was prevented from continuing

its activities was neutralized; while a successful threat was considered to have compromised the target.

A defended incident occurs where no malicious activity is observed with the naked eye or third-party monitoring

tools following the initial threat introduction. The snapshot report files are used to verify this happy state.

If a threat is observed to run actively on the system, but not beyond the point where an on-demand scan is run, it is

considered to have been neutralized. Comparing the snapshot reports should show that malicious files were created

and Registry entries were made after the introduction. However, as long as the ‘scanned’ snapshot report shows that

either the files have been removed or the Registry entries have been deleted, the threat has been neutralized.

The target is compromised if malware is observed to run after the on-demand scan. In some cases a product might

request a further scan to complete the removal. We considered secondary scans to be acceptable, but further scan

requests would be ignored. Even if no malware was observed, a compromise result was recorded if snapshot reports

showed the existence of new, presumably malicious files on the hard disk, in conjunction with Registry entries

designed to run at least one of these files when the system booted. An edited ‘hosts’ file or altered system file also

counted as a compromise.

7.8 Automatic monitoring

Logs were generated using third-party applications, as well as by the security products themselves. Manual

observation of the target system throughout its exposure to malware (and legitimate applications) provided more


information about the security products’ behavior. Monitoring was performed directly on the target system and on

the network.

Client-side logging

A combination of Process Explorer, Process Monitor, TcpView and Wireshark were used to monitor the target

systems. Regshot was used between each testing stage to record a system snapshot. A number of Dennis

Technology Labs-created scripts were also used to provide additional system information. Each product was able to

generate some level of logging itself.

Process Explorer and TcpView were run throughout the tests, providing a visual cue to the tester about possible

malicious activity on the system. In addition, Wireshark’s real-time output, and the display from the web proxy (see

Network logging, below), indicated specific network activity such as secondary downloads.

Process Monitor also provided valuable information to help reconstruct malicious incidents. Both Process Monitor

and Wireshark were configured to save their logs automatically to a file. This reduced data loss when malware

caused a target to crash or reboot.

In-built Windows commands such as 'systeminfo' and 'sc query' were used in custom scripts to provide additional

snapshots of the running system's state.

Network logging

All target systems were connected to a live internet connection, which incorporated a transparent web proxy and a

network monitoring system. All traffic to and from the internet had to pass through this system. Further to that, all

web traffic had to pass through the proxy as well. This allowed the testers to capture files containing the complete

network traffic. It also provided a quick and easy view of web-based traffic, which was displayed to the testers in

real-time.

The network monitor was a dual-homed Linux system running as a transparent router, passing all web traffic

through a Squid proxy.

An HTTP replay system ensured that all target systems received the same malware as each other. It was configured

to allow access to the internet so that products could download updates and communicate with any available ‘in the

cloud’ servers.


8. CONCLUSIONS

Where are the threats?

The threats used in this test were genuine, real-life threats that were infecting victims globally at the same time as we

tested the products. In almost every case the threat was launched from a legitimate website that had been

compromised by an attacker. The types of infected or malicious sites were varied, which demonstrates that effective

anti-virus software is essential for those who want to use the web using a Windows PC, whether they are looking for

pornography, music or a local taco restaurant.

The vast majority of the threats installed automatically when a user visited the infected webpage. This infection was

usually invisible to a casual observer and rarely did the malware make itself known, unless it was installing a fake

anti-virus program. These rogue applications pretend to detect viruses on the system and harass the user into paying

for a full license, which the program claims will allow it to remove the ‘infections’. In reality the only infection is the

fake anti-virus program itself.

Where does protection start?

The best-performing products were Symantec’s Norton Internet Security 2012, G Data InternetSecurity 2012,

ESET Smart Security 4, Kaspersky Internet Security 2012 and Trend Micro Titanium Internet Security 2011. These

five had one notable similarity: they all blocked threats early in the attack process, which meant that there was less

opportunity for the malware to infect the systems. The three least effective products, those from McAfee, AVG and

K7 often tackled the threat only once the malware had started to infect the system.

Sorting the wheat from the chaff

The false positive results were quite low, which shows that most of the products are not tuned too aggressively to

detect and block malware at the expense of regular programs. Notably, Norton Internet Security, Microsoft Security

Essentials and ESET Smart Security produced no false positive results at all.

Anti-virus is important (but not a panacea)

This test shows that there is a significant difference in performance between popular anti-virus programs. Most

importantly it illustrates this difference using real threats that were attacking real computers at the time of testing.

The average protection level of the tested products is 87.5 per cent (see 3. Protection Scores), which is significant.

The presence of anti-virus software can be seen to decrease the chances of a malware infection even when the only

sites being visited are proven to be actively malicious. It's worth noting, however, that a 100 per cent success rate is

rare. Even those products that performed the best in this test are unlikely to be completely bullet-proof in every

given situation.


APPENDIX A: TERMS

Compromised Malware continues to run on an infected system, even after an on-demand scan.

Defended Malware was prevented from running on, or making changes to, the target.

False Positive A legitimate application was incorrectly classified as being malicious.

Introduction Test stage where a target system is exposed to a threat.

Neutralized Malware was able to run on the target, but was then removed by the security product.

Observation Test stage during which malware may affect the target.

On-demand (protection) Manual ‘virus’ scan, run by the user at an arbitrary time.

Prompt

Questions asked by software, including malware, security products and the operating system. With security products, prompts usually appear in the form of pop-up windows. Some prompts don’t ask questions but provide alerts. When these appear and disappear without a user’s interaction, they are called ‘toasters’.

Real-time (protection) The ‘always-on’ protection offered by many security products.

Remediation Test stage that measures a product’s abilities to remove any installed threat.

Round Test series of multiple products, exposing each target to the same threat.

Snapshot Record of a target’s file system and Registry contents.

Target Test system exposed to threats in order to monitor the behavior of security products.

Threat A program or other measure designed to subvert a system.

Update Code provided by a vendor to keep its software up to date. This includes virus definitions, engine updates and operating system patches.


APPENDIX B: LEGITIMATE SAMPLES IN

CID

EN

TIN

CID

EN

TIN

CID

EN

TIN

CID

EN

T

PRODUCTPRODUCTPRODUCTPRODUCT DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION OBTAINED VIAOBTAINED VIAOBTAINED VIAOBTAINED VIA PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATSSTATSSTATSSTATS (LAST WEEK)(LAST WEEK)(LAST WEEK)(LAST WEEK)

PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS STATS STATS STATS SOURCESOURCESOURCESOURCE

PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS DATESTATS DATESTATS DATESTATS DATE

PREVALENCE PREVALENCE PREVALENCE PREVALENCE RATINGRATINGRATINGRATING

1 SlimCleaner 1.6

SlimCleaner is a cloud-enhanced Windows cleaner that uses crowd-sourcing to optimize PC performance.

Download.com 7,565 Download.com 31/05/2011 High Impact

2 Soluto 1.2 Soluto's 'Anti-Frustration Software' detects PC users' frustrations, reveals their cause, learns which actions really eliminate them and improves user experience.

Download.com 34,407 Download.com 31/05/2011 Very High Impact

3 WinUtils Free Edition

a suite of tools designed to free up disk space and improve system performance.


4 Yoono Desktop

Access multiple social networking accounts all in one place with Yoono.

Download.com 63 Download.com 31/05/2011 Low Impact

5 Skype 5.3 Talk with friends and family for free over the Internet.

Download.com 89669 Download.com 31/05/2011 Medium Impact

6 Skype Translate

Skype Translate is tool that allows you to translate language real time during a text chat on Skype.


7 FaceSmooch Spice up your facebook chat with cool Smileys, Emoticons, Winks, Animations and many more.


8 Archivarius 3000

Archivarius 3000 is a simple program that allows users to search their computers, removable drives, and networks for documents.

Download.com 2 Download.com 31/05/2011 Very Low Impact

9 FontViewOK Portable

FontViewOK Portable creates a quick visual overview of all installed fonts.



INC

IDE

NT

INC

IDE

NT

INC

IDE

NT

INC

IDE

NT





10 URLStringGrabber

URLStringGrabber is a small utility that scans all opened windows of Internet Explorer and grab the URLs stored in them, including clickable links, images, script files, CSS files, RSS feeds, and flash (.swf) files.


11 Smart PDF Creator 6.5

Smart PDF Creator will easily convert files such as DOC, XLS, HTML, RTF ,TXT to PDF format.


12 Free CD Ripper

Extract CD tracks to WAV, MP3, or OGG audio files.


13 GrieeX Movie Archive Program

GrieeX Movie Archive Program is a database that lets people keep track of the movies they own and import a variety of related information from the Internet, too.


14 CNET TechTracker

Detect and download updates for all of your installed software.


15 UMPlayer UMPlayer is an advanced yet simple to use open-source cross-platform multimedia player that aims to fill all your needs…


16 Content-Rewrite

Content-Rewrite can rewrite any text article, and generate hundreds of unique content articles


17 Google Chrome 11

Explore the Web using Google's super-fast browser.

Download.com 88122 Download.com 31/05/2011 Very High Impact

18 Netpas Distance

Netpas Distance offers sea travelers an opportunity to gauge the distance between any ports on Earth.



INC

IDE

NT

INC

IDE

NT

INC

IDE

NT

INC

IDE

NT





19 QIF Viewer A QIF Viewer, it can open up a file you downloaded from your financial institution or exported from Microsoft money or quicken or whatever.


20 Invoicer Creates and prints invoices. Download.com 203 Download.com 03/06/2011 Medium Impact

21 DKOSD - Caps-Lock Status

DKOSD shows an On Screen Display about the status of the Caps Lock on the keyboard.


22 CuteRank Free Edition

Check and track keyword rankings on multiple search engines.


23 TortoiseSVN (32-bit)

TortoiseSVN is a really easy to use Revision control / version control / source control application for Windows.


24 Docx Converter

Convert Microsoft Word DOCX documents to various formats.


25 VRS Recording System

Record up to 64 audio channels simultaneously.


26 PowerISO Create, edit, and encrypt CD/DVD image files.


27 Glary Utilities Utilities to improve your system's performance and protect your privacy


28 OpenVPN (VPNUK)

VPNUK supports connections over OpenVPN.

Download.com 50 n/a 04/07/2011 Low Impact

29 MemTurbo Optimize memory and manage computer's cache.


30 Ghost Installer Free Edition

Create single-file self-extracting setups for your applications


31 PDF Plain Text Extractor

Convert from PDF to text, preserving layout, with support for multiple languages



INC

IDE

NT

INC

IDE

NT

INC

IDE

NT

INC

IDE

NT





32 My Drivers Extract, back up, restore, and update all the device drivers on your PC.


33 WinDriver Ghost

Back up and restore hardware device drivers on your computer.


34 Ping-O-Meter

Try this highly visual version of an ICMP Ping program.


35 Universal Extractor

UniExtract Installer (5.3 MB) - This is the recommended download.


36 jsMSIx.exe A simple GUI program. (Compiled EXE file.) Runs on all Windows versions. No installation necessary. The easiest option. Unpack MSI

Download.com 10 n/a 04/07/2011 Very Low Impact

37 Simple "One-Click" MSI Unpacker

As above, but VBScript Download.com 10 n/a 04/07/2011 Very Low Impact

38 RoboForm Reduce multiple passwords to one single item.

Download.com 41375 Download.com 04/07/2011 Very High Impact

39 SopCast Broadcast and access videos and radio on the Internet.

Download.com 14156 Download.com 04/07/2011 High Impact

40 Easy-Hide-IP Hide your IP address and prevent Internet activity tracking.


41 Free Internet Eraser

Protect your online privacy by cleaning up history and past activities.


42 CyberGhost VPN

Share an IP with a number of other users to ensure you cannot be identified.


43 BearFlix Search and download videos. Download.com 636 Download.com 04/07/2011 Medium Impact

44 Online Armor Free

Monitor data transfer into and from PC and get secure online access for surfing and online transactions.



INC

IDE

NT

INC

IDE

NT

INC

IDE

NT

INC

IDE

NT





45 Badongo Buddy

Upload large media files. Download.com 542 Download.com 04/07/2011 Medium Impact

46 WebFerret Query multiple search engines from your desktop at the same time.


47 ExtractNow Extract multiple archives with the ease of a single button.


48 PCI32 View your system hardware information


49 DU Meter Use your Internet bandwidth more efficiently with this real-time display of internet data transfer


50 Magic Square Generator

Search for all magic squares of an order prescribed by the user (in a clever way).



APPENDIX C: THREAT REPORT

CodeCodeCodeCode ProducProducProducProductttt CodeCodeCodeCode ProductProductProductProduct CodeCodeCodeCode ProductProductProductProduct

AVA Avast! Free AntiVirus 6 GIS G Data InternetSecurity 2012 NIS Symantec Norton Internet Security 2012

AVG AVG Anti-Virus Free Edition 2011 K7 K7 Total Security 11 PCT PC Tools Internet Security 8

AVI Avira Antivir Personal Free Antivirus KIS Kaspersky Internet Security 2012 TIS Trend Micro Titanium Internet Security 2011

BDF BitDefender Internet Security 2011 MIS McAfee Internet Security 2011

ESS ESET Smart Security 4 MSE Microsoft Security Essentials 2.1

NOTE: The following table is a summary. The full report was provided to Symantec as an Excel spreadsheet, which includes any Notes that may be referred to in some Threat

Report entries.

In cases where the malware fails for any reason, the product is given the full benefit of the doubt and is classified as having Defended with full remediation.

Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

1 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site

n/a n/a n/a 1 1

1 AVG none none none Removed and healed: 1

Moved to Virus Vault

Corrupted executable file

1 1

1 AVI none none none A virus or unwanted program was found!

Moved to quarantine

eicar.txt 1 1

1 BDF Toaster Denied Trojan.Downloader.Java.C n/a n/a n/a 1 1 1 ESS Toaster Terminated -

Quarantined TrojanDownloader.Agent.NCJ trojan n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

1 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Downloader.Java.C (Engine A). File: jar_cache58882.tmp. Default option: "Disinfect (if not possible: quarantine)". When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: "Yes".

na na na 1 1

1 K7 none none (see note)

none none none (see note) Scan Completed. No Viruses, spyware or other risks were found.

1

1 KIS toaster (2x)

Denied (2x) Denied: Trojan-Downloader.Java.OpenConnection.dh (2x)

na na na 1 1

1 MIS none none (see note)

none report Quarantined Viruses, Trojans, and Cookies Quarantined: Downloader-BCS

1

1 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader: Java/OpenConnection.MY. Recommended action: Remove.

na na na 1 1

1 NIS none none none n/a n/a n/a 1 1 1 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this

website can transmit malicious software or has been involved in online scams or fraud.

n/a n/a n/a 1 1

1 PCT none none none n/a n/a n/a 1 1 2 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has

blocked a harmful site. n/a n/a n/a 1 1

2 AVG Pop up Quarantine (Action was unsuccessful)

Threat Detected! (Default: Move to Vault) Removed and healed: 1



1 1

2 AVI none none none n/a n/a n/a 1 1 2 BDF Toaster Denied BitDefender has blocked a virus! Virus Name:

Gen.Trojan.Heur.PT.rOqpbioDPhmG n/a n/a n/a 1 1

2 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 2 GDA none none (see

note) none na na na 1 1

2 K7 toaster Access denied

High Security Risk Found! Trojan Downloader (0028b20a1)

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

2 KIS (1) browser; (2) toaster; (3) toaster

(1) Access denied; (2) Denied; (2) Denied;

(1) Access Denied. The request URL cannot be provided. URL: http:// 69 DOT 64 DOT 49 DOT 35 / videos-pedofilia-1039-oastir-fazendo-sexo-oral-com-adolescent-AVI DOT exe; (2) Denied: http:// 69 DOT 64 DOT 49 DOT 35 / videos-pedofilia-1039-oastir-fazendo-sexo-oral-com-adolescent-AVI DOT exe (analysis using the database of suspicious URLs). (3) Denied: http:// 69 DOT 64 DOT 49 DOT 35 / favicon DOT ico (analysis using the database of suspicious URLs).

na na na 1 1

2 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic Trojan.x!fzr (Trojan)

na na na 1 1

2 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader: Win32/Banload. Recommended action: Remove.

na na na 1 1

2 NIS Toaster Removed AVI[1].exe is not safe and has been removed. n/a n/a n/a 1 1 2 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

2 PCT 1)Toaster 2) Toaster

1) Block 2) Quarantined

Medium Risk Level Threat Blocked, Internet Security has blocked the medium risk threat Trojan-PWS.Bancos!rem.

n/a n/a n/a 1 1

3 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site.

n/a n/a n/a 1 1


Threat Detected! (Default: Move to Vault) Trojan horse Agent_r.AKC

n/a n/a n/a 1 1

3 AVI none none none n/a n/a n/a 1 1 3 BDF Toaster Denied BitDefender has blocked multiple viruses! The infected

objects have been treated. Your PC is protected! Virus Name: Trojan.Generic.KD.2861… (File access was blocked) and Gen:Variant.Kazy.30647 (File access was blocked)

n/a n/a n/a 1 1

3 ESS 1)Toaster, 2)Warning on the browser

1)Denied, 2)Blocked

1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

3 GDA pop-up (2x)

Disinfected (2x)

(1) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30647 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Win32:Cycbot-HC [Trj] (Engine B). File: wireshark.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Riskware (0015e4f01) na na na 1 1

3 KIS (1) browser; (2) toaster

(1) Access Denied; (2) Denied

(1) Access Denied. The request URL cannot be provided. URL: http:// gandon DOT cx DOT cc / d DOT php?f=72&e=0; (2) Denied: Backdoor.Win32.Gbot.mej

na na na 1 1

3 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: W32/Waledda.dam (Trojan)

na na na 1 1

3 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Backdoor:Win32/Cybot.B. Recommended action: Remove.

na na na 1 1

3 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website

n/a n/a n/a 1 1

3 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.

n/a n/a n/a 1 1



Medium Risk Level Threat Blocked, Internet Security has blocked the medium risk threat Backdoor.Trojan

n/a n/a n/a 1 1


n/a n/a n/a 1 1

4 AVG none none none Removed and healed: 1



1

4 AVI Toaster Removed Guard: Malware found. A virus or unwanted program was found. Access to this file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

4 BDF Toaster Denied BitDefender has blocked a virus! Virus Name: Trojan.Generic.62258666 Access to this file has been denied.

n/a n/a n/a 1 1

4 ESS Toaster Terminated - Quarantined

Threat: BAT/Qhost.NMO trojan. Connection terminated - quarantined

n/a n/a n/a 1 1

4 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.6258666 (Engine A). File: comprovante[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Riskware (3949ecb40) na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// 208 DOT 115 DOT 203 DOT 77 / Comprovante DOT php; (2) Denied: http:// 208 DOT 115 DOT 203 DOT 77 / Comprovante DOT php (analysis using the database of phishing URLs)

na na na 1 1

4 MIS (1) pop-up; (2) dialogue box

Removed (see note)

(1) Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Tool-Wget. Default option: Remove. (2) McAfee was unable to remove this program. Please try removing it using Add or Remove Programs in Windows.

na na na 1 1

4 MSE pop-up Removed (after required reboot)

Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Trojan:Win32/Comame. Recommended action: Remove.

na na na 1 1

4 NIS Toaster Removed Comprovante[1].exe is not safe and has been removed. n/a n/a n/a 1 1 4 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1



High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat Trojan.Gen

n/a n/a n/a 1 1

5 AVA Toaster Blocked Malware blocked. Avast! File System Shield has blocked a threat. No further action is required. Infection: Win32:Malware-gen. The threat was detected and blocked when the file was created or modified.

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

5 AVG Pop up Removed Threat detected. Threat name: Generic PUP.x / Category: PUA - Potentially Unwanted Application. (default: Move to Vault)

n/a n/a n/a 1 1


Moved to quarantine

eicar.txt 1

5 BDF none none none Solved issues: 2 Deleted MPR[1].exe and Cookie.DoubleClick

1

5 ESS none none none Number of threats found: 0

n/a n/a 1

5 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Application.Generic.37931 (Engine A). File: MPR[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

5 K7 toaster Removed High Security Risk Found! Hacktool (000615521) na na na 1 1 5 KIS pop-up Allowed

access to password storage.

Application Control. MPR[1].EXE from "Low Restricted" group is trying to get access to protected passwords storage. Default option: Make trusted. Move appliction to the "Trusted" group.

none none (see note) none 1

5 MIS pop-up Removed (see note)

Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Generic PUP.x. Default option: Remove.

na na na 1 1

5 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Ldpinch.gen. Recommended action: Remove.

na na na 1 1

5 NIS Pop up Detected Threat Detected, This threat has been detected. We recommend that you remove this threat. MPR[1].exe

n/a n/a n/a 1 1


n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


1) Block 2) Removed

High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat SecurityRisk.MultipassRecover.

n/a n/a n/a 1 1


n/a n/a n/a 1

6 AVG Pop up Quarantined Threat detected. Threat name: Suspicious.DLoader / Category: Unknown. (default: Move to Vault)

n/a n/a n/a 1


Move to quarantine Detection: TR/Dropper.Gen

1

6 BDF Toaster Denied BitDefender has blocked a virus! Virus Name: Gen.Trojan.Heur.DP.jKO@aW1sl3gO Access to this file has been denied.

n/a n/a n/a 1 1

6 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 6 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected

file. Virus: Gen:Trojan.Heur.DP.jK0@aW1sJ3gO (Engine A). File: download13072011[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

6 K7 (1-4) pop-up; (5) toaster

Removed (1) Application is accessing the Internet. The program download13072011[1].exe is connection to a network. Developer Name: Winrar. Default option: Allow; (2) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always; (3) Application is accessing the Internet. The program iexplore.exe is connection to a network. Developer Name: Not Available. Default option: Allow; (4) New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always; (5) High Security Alert. Riskware (37db41910)

none none (see note) Scan Completed. No Viruses, spyware or other risks were found.

1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// pulicidade DOT land DOT ru / download13072011.exe; (2) Detected: HEUR:Trojan-Downloader.Win32.Generic

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt

1

6 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Trojan:Win32/Comisproc. Recommended action: Remove.

na na na 1 1

6 NIS Toaster Removed download1307201[1].exe is not safe and has been removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

6 PCT Toaster Blocked High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat HeurEngine.ZeroDayThreat.

n/a n/a n/a 1 1

7 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal

n/a n/a n/a 1 1

7 AVG Pop up Quarantined Threat detected. Threat name: Win32/TrojanDownloader.VB.PHC. Category: Trojan. Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)

Removed and healed: 1



1

7 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Spy.38912.77' was found in file DSC25293.jpg[1].exe. Access to this file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

7 BDF Toaster Denied BitDefender has blocked a virus! Virus Name: Gen.Trojan.Heur.cq0@bTbnbLki Access to this file has been denied.

n/a n/a n/a 1 1


file. Virus: Gen.Trojan.Heur.cq0@bTbnbLki (Engine A). File: DSC25293.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


High Security Risk Found! Trojan (0028f1c91) na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// azdl DOT org / libraries /simplepie DOT Idn /DSC25293 DOT jpg DOT exe; (2) Denied: Trojan.Win32.VBKrypt.eghz

na na na 1 1

7 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.evx!q (Trojan)

na na na 1 1

7 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Trojan:Win32/Sisproc. Recommended action: Remove.

na na na 1 1

7 NIS Toaster Removed DSC25293.jpg[1].exe is not safe and has been removed. n/a n/a n/a 1 1 7 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1


Blocked High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat Trojan.Gen

n/a n/a n/a 1 1

8 AVA Toaster Blocked Trojan Horse Blocked. Avast! File System Shield has blocked a threat. No further action is required. Infection: VBS:Agent-DZ

Scan complete, THREAT DETECTED!

Move to chest VBS:Agent-DZ [Trj] 1 1

8 AVG 1)Warning on the browser, 2)Pop up

Blocked 1)Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection. 2)Threat was blocked! Threat name: Exploit JavaScript Obfuscation (type 1627)

n/a n/a n/a 1 1

8 AVI none none none n/a n/a n/a 1 1 8 BDF 1)Toaster,

2)Toaster, 3)Toaster

Blocked 1)BitDefender has blocked a virus! Virus Name: Trojan.Downloader.INUE Access to this file has been denied. 2)BitDefender has blocked multiple viruses! Virus name: Trojan.Downloader.VBS File access was blocked. Virus name: Trojan.Downloader.INUE File access was blocked. The infected objects have been treated. Your PC is protected! 3)BitDefender has blocked a virus! Virus name: Trojan.Downloader.VBS.DZ Access to this file has been denied.

n/a n/a n/a 1 1


Threat: Java/TrojanDownloader.Agent.NBB trojan. Connection terminated - quarantined

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

8 GDA pop-up (3x)

(1) Disinfected; (2) Blocked; (3) default option not chosen to be able to obtain Wireshark logs

Virus alert. An attempt was made to access an infected file. Virus: Trojan.Downloader.JNUE (Engine A). File: subway[1].htm. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Trojan.Java.Downloader.G (Engine A). File: jar_cache45566.tmp. Default option: Block file access; (3) Virus alert. An attempt was made to access an infected file. Virus: VBS:Agent-DZ [Trj] (Engine B}. File: net.cap. Default option: Disinfect (if not possible: quarantine).

na na na 1 1

8 K7 toaster (3x)

(1) Removed; (2) Access denied; (3) Removed

(1) High Security Risk Found! Exploit (6802f3540); (2) High Security Risk Found! Trojan (781652440); High Security Risk Removed! Exploit (6802f3540)

na na na 1 1

8 KIS toaster (2x)

Denied (2x) Denied: Trojan-Downloader.Java.Agent.jv (2x) na na na 1 1



1

8 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Java/Agent.E. Recommended action: Remove.

na na na 1 1

8 NIS Toaster Removed SONAR has removed security risk update… Your computer is secure.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

8 PCT Toaster Blocked High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat Trojan.Gen

n/a n/a n/a 1 1


n/a n/a n/a 1 1


Threat detected! Threat name: Trojan horse Generic23.WSS Detected on open (default: Move to Vault)

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

9 AVI Toaster Removed Guard: Malware found - A virus or unwanted program 'TR/Crypt.XPACK.Gen' was found in file contacts[1].exe Access to this file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

9 BDF Toaster Denied BitDefender has blocked a virus! Virus Name: Gen.Variant.Kazy.21497 Access to this file has been denied.

n/a n/a n/a 1 1


Threat: a variant of Win32/Kryptik.MUW trojan. Connection terminated - quarantined

n/a n/a n/a 1 1

9 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.21497 (Engine A). File: contacts[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Trojan (68334a840) na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// 109 DOT 230 DOT 246 DOT 198 / d DOT php?e=7&f=32; (2) Denied: Trojan-Downloader.Win32.Tiny.crb

na na na 1 1

9 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!0247309E6298 (Trojan)

na na na 1 1

9 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Drstwax.A. Recommended action: Remove.

na na na 1 1

9 NIS 1)Toaster 2) Toaster

Blocked 1) Norton blocked an attack by: Web Attack: Seosploit Request. 2) Norton blocked an attack by: Web Attack: Blackhole Toolkit Activity 3.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

9 PCT Toaster Yes Contact[1].exe is trying to access the Internet. Option clicked Yes.

none none none 1


n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


Blocked 1)Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection. 2)Threat was blocked! Threat name: Exploit Blackhole Exploit Kit (type 2029)

n/a n/a n/a 1 1

10 AVI 1)Toaster, 2)Toaster, 3)Toaster

Detected 1)Guard: Malware found. A virus or unwanted program 'EXP/Pidief.hem' was found in file 5a065[1].pdf. Access to this file was denied. Please select a further action: (default: Remove), 2)Guard: Malware found. AntiVir Guard detected 3 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove), 3)Guard: Malware found. A virus or unwanted program 'TR/Crypt.XPACK.Gen' was found in file jar_cache16022.tmp. Access to this file was denied. Please select further action: (default: Remove)

A virus or unwanted program was found!

Move to quarantine HTML/rug.A.3 1

10 BDF 1)Toaster, 2)Toaster

1)Blocked, 2)Terminated

1)BitDefender has blocked multiple viruses! The infected objects have been treated. Your PC is protected! Virus Name: Trojan.Generic.KD.2891… (File access was blocked) and Trojan.Generic.KD.2891... (File access was blocked), 2)An .exe program was terminated because it was deemed to be harmful.

Solved issues: 2 Deleted Trojan.Generic.KD.289143 (in jar_cache39951.tmp) and Cookie.DoubleClick

1

10 ESS 1)Warning on the browser, 2)Toaster

Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

10 GDA pop-up (4x)

(1) Blocked; (2-4) Disinfected

(1) Virus alert. An attempt was made to access an infected file. Virus: Java:AGent-OC [Expl] (Engine B). File: jar_cache28166.tmp. Default option: Block file access.; (2) Virus alert. An attempt was made to access an infected file. Virus: JS:Pdfka-gen [Expl] (Engine B). File: a8f15[1].pdf. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (3) Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.289143 (Engine A). File: contacts[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (4) Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.289143 (Engine A). File: contacts[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

10 K7 pop-up Allowed access to the Internet (see note)

Application is accessing the Internet. The program 0.747759393045344.exe is preparing to act as server on the network. Developer name: iF System. Default option: Allow


1



(1) Access Denied. The request URL cannot be provided. URL: http:// jerlitincho DOT no-ip DOT biz / forum DOT php?tp=b2dd1dcd5d; (2) Denied: http: jerlitincho DOT no-ip DOT biz / forum DOT php?tp=b2dd1dcd5d and http:// jerlitincho DOT no-ip DOT biz / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1



1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

10 MSE pop-up (2x)

(1) Removed; (2) Removed (after required reboot)

(1) Security Essentials detected 3 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Exploit:JS/Blacole.A, TrojanDownloader:Win32/Ufraie.A; Exploit:Win32/Pdfjsc.US. Recommended action: Remove.; (2) Security Essentials detected 2 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Ufraie.A; Exploit:Win32/Pdfjsc.US. Recommended action: Remove.

na na na 1 1


n/a n/a n/a 1 1


n/a n/a n/a 1 1

10 PCT 1)Pop up 2) Pop Up

1) Yes 2) Quarantine

1) Gandhi Hodgkin is trying to modify or control another application. Do you Trust this Application? 2) Suspicious Activity Detected. A program is deleting itself. Gandhi Hodgkin.

n/a n/a n/a 1 1

11 AVA Toaster Blocked Malware blocked. Avast! File System Shield has blocked a threat. No further action is required.

n/a n/a n/a 1 1

11 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse Downloader.Agent2.AQJU Detected on open (default: Move to Vault)




1

11 AVI none none none n/a n/a n/a 1 1 11 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name:

Trojan.Generic.6294802 Access to this file has been denied.

n/a n/a n/a 1 1


Threat: a variant of Win32/Giku.I trojan. Connection terminated - quarantined

n/a n/a n/a 1 1

11 GDA (1) pop-up; (2) toaster

Disinfected (after required reboot)

(1) Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.6294802 (Engine A). File: comprov_13072011[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes. (2) Unable to place file in quarantine because access is blocked. The file will be deleted next time the system restarts.

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


High Security Risk Found! Trojan-Downloader (00290e341)

na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// 83 DOT 92 DOT 252 DOT 198 / images / comprov_13072011 DOT exe; (2) Denied: Trojan-Downloader.Win32.Agent.ssfd

na na na 1 1

11 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.bfr!ch (Trojan)

na na na 1 1

11 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Trojan:Win32/Giku.A. Recommended action: Remove.

na na na 1 1

11 NIS Toaster Removed Comprovante[1].exe is not safe and has been removed. n/a n/a n/a 1 1 11 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1


1) Yes 2) Quarantine

1)comprovante[1].exe is trying to access the internet. 2) Suspicious Activity Detected. A program is deleting itself. Comprovante[1].exe

n/a n/a n/a 1 1


n/a n/a n/a 1 1


Threat detected! Threat name: Trojan horse PSW.Generic8.CORW Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1

12 AVI Toaster Removed Guard: Malware found - A virus or unwanted program 'TR/Crypt.CFI.Gen' was found in file readme[1].exe Access to this file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

12 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Gen:Variant.Kazy.26500 Access to this file has been denied.

n/a n/a n/a 1 1



n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

12 GDA pop-up (2x)

Disinfected (1) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.26500 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Win32:Zbot-NEH (Engine B)A). File: net.cap. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

12 K7 pop-up (7x)

Blocked (7x) (see note)

(1) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always; (2) System monitor alert! Iexplorer Zone Settings have been modified. The following entries have changed: Unknown(1609). Default option: Block; (3) System monitor alert! Iexplorer Zone Settings have been modified. The following entries have changed: Access data sources across domains(1406), Unknown(1609). Default option: Block (5x)


1



(1) Access Denied. The request URL cannot be provided. URL: http:// americanmobile DOT ca / k DOT php?f=20&amp;amp;amp;amp;e; (2) Denied: http:http:// americanmobile DOT ca / k DOT php?f=20&amp;amp;amp;amp;e; and http:// americanmobile DOT ca / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1

12 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected:PWS.Zbot.gen.qi (Trojan)

na na na 1 1

12 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Zbot.gen!AF. Recommended action: Remove.

na na na 1 1

12 NIS Toaster Removed readme[1].exe is not safe and has been removed. n/a n/a n/a 1 1 12 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

12 PCT 1)Pop up 2) Dialogue box on the icon tray 3) Toaster

1)Block 2) Write Delayed 3) Removed

1)High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat RogueAntiSpyware.UltraDegragFraud!gen1. 2) Windows Delayed Write Failed. Windows was not able to save all data for the file C:\Documents and Settings ….\Temporary Internet Files\Content.IE5\readme[1].exe. The data has been lost. This may be caused by a failure of your computer hardware. 3) IntelliGuard Detections Cleaned. 1 detected infections were successfully removed

n/a n/a n/a 1 1


n/a n/a n/a 1 1


Threat detected! Trojan horse PSW.Generic8.COHU Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1


Variant.Kazy.30791 Access to this file has been denied. n/a n/a n/a 1 1



n/a n/a n/a 1 1

13 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30791 (Engine A). File: about[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1





(1) Access Denied. The request URL cannot be provided. URL: http:// hhjkfgjhdfgdg DOT cx DOT cc / d DOT php?f=36&e=2; (2) Denied: Trojan-Spy.Win32.Zbot.bwym

na na na 1 1

13 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.PWS.bfr!c (Trojan)

na na na 1 1

13 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Zbot.gen!AF. Recommended action: Remove.

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

13 NIS Toaster Removed about[1].exe is not safe and has been removed. n/a n/a n/a 1 1 13 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

13 PCT 1)Pop up 2) Dialogue box on the icon tray 3) Toaster

1)Block 2) Write Delayed 3) Removed

1)High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat. 2) Windows Delayed Write Failed. Windows was not able to save all data for the file C:\Documents and Settings ….\Temporary Internet Files\Content.IE5\about[1].exe. The data has been lost. This may be caused by a failure of your computer hardware. 3) IntelliGuard Detections Cleaned. 1 detected infections were successfully removed

n/a n/a n/a 1 1


n/a n/a n/a 1 1

14 AVG Pop up Removed Threat detected. Threat name: Win32/Injector.HTF Category: Trojan. Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)




1

14 AVI Toaster Removed Guard: Malware found - A virus or unwanted program 'TR/VBKrypt.egbh' was found in file about[1].exe Access to this file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

14 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Trojan.Generic.KD.288527 Access to this file has been denied.

n/a n/a n/a 1 1



n/a n/a n/a 1 1

14 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.288527 (Engine A). File: about[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Trojan (00290e331) na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed



(1) Access Denied. The request URL cannot be provided. URL: http:// vawboman71 DOT co DOT be / k DOT php?f=61&amp;amp;e=4; (2) Denied: http:// vawboman71 DOT co DOT be / k DOT php?f=61&amp;amp;e=4 and http:// vawboman71 DOT co DOT be / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1

14 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.dx!zzd (Trojan)

na na na 1 1

14 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Dofoil.D. Recommended action: Remove.

na na na 1 1

14 NIS Toaster Removed about[1].exe is not safe and has been removed. n/a n/a n/a 1 1 14 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

14 PCT Toaster Quarantine Download Guard detected a threat in ABOOUT[1].EXE. This file has been automatically quarantined for your protection.

n/a n/a n/a 1 1

15 AVA Toaster Blocked Dropper blocked. Avast! File System Shield has blocked a threat. No further action is required.

n/a n/a n/a 1 1

15 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse PSW.Generic8.CMWC Detected on open. (default: Move to Vault)




1


Variant.Kazy.30045 Access to this file has been denied. Solved issues: 2 Moved to

quarantine Gen:Variant.Kazy.30045 (moved to quarantine) and Cookie.DoubleClick (deleted)

1


1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

15 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30045 (Engine A). File: Patch_Aplet_flash_2.55[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

15 K7 pop-up (2x)

(1) Allowed access to the Internet; (2) Blocked (see note)

(1) Application is accessing the Internet. The program mservice32_t.exe is preparing to act as server on the network. Developer name: Not Available. Default option: Allow; (2) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always;


1



(1) Access Denied. The request URL cannot be provided. URL: http:// sciagaj DOT to / pobierz /1017; (2) Denied: Trojan-PSW.Win32.Delf.qpj

na na na 1 1

15 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.qrp!q (Trojan)

na na na 1 1

15 MSE none none (see note)

none none none (see note) Scan completed on 160503 items. No threats were detected on your computer during this scan.

1

15 NIS Toaster Removed Patch_Aplet_flash2.55[1].exe is not safe and has been removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

15 PCT 1)Pop up 2) Pop Up 3) Pop up

1)Allow 2)Allow 3) Quarantine

1)PATCH_APLET_FLASH_2 is trying to modify or control another application. 2) SERVER_ET is trying to modify or control another application. 3) Suspicious Activity Detected. Behaviour Guard detected suspicious activity in MSERVICE32_T.EXE. This program is attempting to register itself in your Windows startup.

n/a n/a n/a 1 1

16 AVA Pop up Open in sandbox

You are opening an application that may be potentially unsafe. We strongly recommend opening this application in the virtual environment of the avast! Sandbox to avoid any risk to your computer.

No threat found n/a n/a 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

16 AVG Pop up Quarantine Threat detected. Category: Trojan. Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)

n/a n/a n/a 1 1

16 AVI Pop up Removed Guard: Malware found - A virus or unwanted program 'TR/Crypt.CFI.Gen' was found in file Planilha_visualizar_Documento-DOC[1].scr Access to this file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

16 BDF Toaster Blocked BitDefender has blocked multiple viruses! The infected objects have been treated. Your PC is protected! Virus Name: Gen.Trojan.Downloader.j… (File access was blocked) and Gen:Trojan.Heur.amW@... (File access was blocked)

n/a n/a n/a 1 1



n/a n/a n/a 1 1

16 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Trojan.Heur.anW@rjqAGOoGf (Engine A). File: Planilha_visualiza_Documento-DOC[1].scr. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

16 K7 toaster Quarantined Suspicious program (ID30003) found. Need to restart computer.

na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// www DOT ergotables DOT com / , / new / , / pnc03944 / Planilha_visualizar_Documento-DOC DOT scr; (2) Denied: HEUR:Trojan-Downlaoder.Win32.Generic

na na na 1 1



1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

16 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Banload.XH. Recommended action: Remove.

na na na 1 1

16 NIS Toaster Removed Planilha_visualizar_Documento_DOC[1].scr is not safe and has been removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

16 PCT Toaster Detected and Stopped

Behaviour Guard. Threat Name: Heur Engine.MaliciousPacker.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

17 AVG 1)Pop up, 2)Pop up

1)Detected, 2)Detected and Healed

1)Threat detected, 2)Multiple threat detection: Trojan horse Generic23.BOPB (Result: Infected), Virus found JS/Generic (Result: Infected)

Infection: 1, removed and healed; Warning: 1, removed and healed


Virus found JS/Generic and Corrupted executable file [the latter is not relevant]

1


Removed 1)Guard: Malware found - A virus or unwanted program 'TR/Crypt.XPACK.Gen5' was found. Access to this file was denied. Please select a further action: (default: Remove), 2)Guard: Malware found - AntiVir Guard detected 2 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove), 3)Guard: Malware found - A virus or unwanted program 'TR/Crypt.XPACK.Gen5' was found in file jar_cache15217.tmp. Access to this file was denied. Please select a further action: (default: Remove)


Move to quarantine HTML/rug.A.3, Eicar-Test-Signature, JAVA/Exdoer.ED

1

17 BDF Toaster Blocked BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Kazy.31040 (File access was blocked), Virus Name: Gen:Varian.Kazy.31040 (File access was blocked). The infected objects have been treated. Your PC is protected!

Solved issues: 2 Deleted Gen:Variant.Kazy.31040 and Cookie.DoubleClick

1



n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

17 GDA pop-up (3x)

Disinfected (3x)

(1) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: 0.22766812357144284.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: calc[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes; (3) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: exe.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes

na na na 1 1

17 K7 toaster (4x)

Removed (4x) High Security Risk Found! Riskware (0015e4f01) (4x) na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// sdi2u3i2h DOT com / index DOT php?tp=001e4bb7b4d7333d; (2) Denied: http:// sdi2u3i2h DOT com / index DOT php?tp=001e4bb7b4d7333d and http:// sdi2u3i2h DOT com / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1



1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

17 MSE pop-up (2x)

(1) Removed; (2) Removed (after required reboot)

(1) Security Essentials detected 3 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Exploit:JS/Blacole.A, TrojanDownloader:HTML/Adodb.gen!A; PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.; (2) Security Essentials detected 2 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.

na na na 1 1


n/a n/a n/a 1 1


n/a n/a n/a 1 1

17 PCT Pop up Allow Services and Controller app was temporarily allowed since it locked the screen and messages could not be displayed. Do you trust this application?

none none none 1


n/a n/a n/a 1 1


1)Detected, 2)Detected and Healed

1)Trojan horse detected, 2)Multiple threat detection: Trojan horse Generic23.BOPB (Result: Infected), Virus found JS/Generic (Result: Infected) [default: Remove all unhealed]




1

18 AVI 1)Toaster, 2)Toaster

Removed 1)Guard: Malware found - A virus or unwanted program 'TR/Crypt.XPACK.Gen5' was found. Access to this file was denied. Please select a further action: (default: Remove), 2)Guard: Malware found - AntiVir Guard detected 5 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove)


Move to quarantine (moved 3 out of 7 detections)

Moved to quarantine: HTML/rug.A.3, Eicar-Test-Signature, JAVA/Exdoer.ED, Detected: JAVA/Exdoer.EC, JAVA/Exdoer.EB, EXP/2010-0840.I, JAVA/Exdoer.ckl

1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

18 BDF Warning on the browser

Blocked BitDefender 2011. This web page has been blocked by BitDefender Antivirus Real-time Protection! The web page blocked by BitDefender included objects that were wither infected or likely to be infected with a virus. Your system has NOT been infected.

n/a n/a n/a 1 1

18 ESS 1)Toaster, 2)Toaster

1)Terminated - quarantined, 2)Deleted

1)Threat: JS/Exploit.Pdfka.PAE.Gen trojan Connection terminated - quarantined 2)Threat: A variant of Win32/Kryptik.QKM trojan Cleaned by deleting

Number of infected objects: 0

n/a n/a 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

18 GDA pop-up (6x)

Disinfected (6x)

(1) Virus alert. An attempt was made to access an infected file. Virus:JS:Pdfka-BAH [Expl] (Engine B). File:10bb9[1].pdf. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: 0.3066005932720315.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes. (3) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes. (4) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: iexplore.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (5) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: exe.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (6) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: file.dll. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

(1) pop-up; (2) report

(1) Disinfected; (2) Disinfected (see note)

(1) Virus alert. An attempt was made to access an infected file. Virus: JS:ScriptDC-inf[Trj] (EngineB). File: index.dat. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) File/object: ProcessMonitorLog.PML (JS:ScripDC-inf [Trj] (Engine B)); index.dat (JS:ScriptDC-inf [Trj] (Engine B)); jar_cache50224.tmp (Gen:Variant.Kazy.31040 (Engine A))

1 1

18 K7 toaster (5x)

Removed (3x); Access Denied (2x)

High Security Risk Found! Riskware (0015e4f01) (5x) none none (see note) Scan Completed. No Viruses, spyware or other risks were found.

1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed



(1) Access Denied. The request URL cannot be provided. URL: http:// hdjwuy2gvn DOT com / index DOT php?tp=001e4bb7b4d7333d; (2) Denied: HEUR:Trojan.Script.Generic

na na na 1 1



1

18 MSE pop-up Removed Security Essentials detected 4 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Exploit:JS/Blacole.A, TrojanDownloader:HTML/Adodb.gen!A; PWS:Win32/Sinowal.gen!Y; Exploit:Win32/Pdfjsc.RF. Recommended action: Remove.

na na na 1 1


n/a n/a n/a 1 1


n/a n/a n/a 1 1


Pop up Removed There are 1 threat and 3 infections in your computer. HeurEngine.Suspicious.High

1


n/a n/a n/a 1 1

19 AVG Pop up Quarantine Threat detected! Threat name: Virus found JS/Generic Detected on open. (default: Move to Vault)




1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


Removed 1)Guard: Malware found - AntiVir Guard detected 2 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove), 2)AntiVir Guard detected 2 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove)




1


1)Blocked, 2)Deleted

1)BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Kazy.31040 (File access was blocked), Virus Name: Gen:Varian.Kazy.31040 (File access was blocked). The infected objects have been treated. Your PC is protected!, 2)BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Kazy.31040 (File access was blocked), Virus Name: Gen:Varian.Kazy.31040 (File access was deleted). To remove this file and complete the cleaning process, you must reboot your system. The infected objects have been treated. Your PC is protected!

No threats were found. No further action is necessary.

n/a n/a 1

19 ESS 1)Warning on the browser, 2)Toaster, 3)Toaster

Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked. 3)Address has been blocked.

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

19 GDA pop-up (4x)

Disinfected (4x)

(1-2) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: readme.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.(2x); (3) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: file.dll. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes; (4) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: exe.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes

none none (see note) none 1 1



1



(1) Access Denied. The request URL cannot be provided. URL: http:// 4uiokwnbe DOT com / index DOT php?tp=001e4bb7b4d7333d; (2) Denied: http:// 4uiokwnbe DOT com / index DOT php?tp=001e4bb7b4d7333d and http:// 4uiokwnbe DOT com / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1



1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

19 MSE pop-up Removed Security Essentials detected 2 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:HTML/Adodb.gen!A; PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.

na na na 1 1


n/a n/a n/a 1 1


n/a n/a n/a 1 1


none none none 1


n/a n/a n/a 1 1





1


Removed 1)Guard: Malware found - AntiVir Guard detected 2 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove), 2)AntiVir Guard detected 2 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove)




1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

20 BDF 1)Toaster, 2)Toaster, 3)Toaster

Blocked 1)BitDefender has blocked multiple viruses! 2)BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Kazy.31040 (File access was blocked), Virus Name: Gen:Varian.Kazy.31040 (File access was blocked). The infected objects have been treated. Your PC is protected!, 3)BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Kazy.31040 (File access was blocked), Virus Name: Gen:Varian.Kazy.31040 (File access was deleted). To remove this file and complete the cleaning process, you must reboot your system. The infected objects have been treated. Your PC is protected!

No threats were found. No further action is necessary.

n/a n/a 1



n/a n/a n/a 1 1

20 GDA pop-up (4x)

Disinfected (4x)

(1) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: info[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.(2x); (2) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes; (3) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: file.dll. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes; (4) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: exe.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes

none none (see note) none 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed



1



(1) Access Denied. The request URL cannot be provided. URL: http://kdjeluhebn DOT com / index DOT php?tp=001e4bb7b4d7333d; (2) Denied: http://kdjeluhebn DOT com / index DOT php?tp=001e4bb7b4d7333d and http://kdjeluhebn DOT com / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1



1

20 MSE pop-up (2x)

Removed (2x) (1) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:HTML/Adodb.gen!A. Recommended action: Remove.; (2) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.

report Removed Exploit: Java/CVE-2010-0840.EW

1


n/a n/a n/a 1 1


n/a n/a n/a 1 1


none none none 1

21 AVA Toaster Blocked Malware blocked. Avast! File System Shield has blocked a threat.

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


Quarantine 1)Threat detected! Threat name: Win32:Malware-gen, Category: Malware, Description: This is a known piece of Malware (malicious software). It is recommended that you quarantine this threat. 2)Threat detected! Trojan horse Generic23.BJGC Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1

21 AVI none none none n/a n/a n/a 1 1 21 BDF Toaster Blocked BitDefender has blocked a virus! Virus name:

Gen:Trojan.Crypt.Delf.F.GGW@a4NSXwkG Location: Cobranca_boleto[1].exe Access to this file has been denied.

Solved issues: 1 Deleted Cookie.DoubleClick

1


file. Virus: Gen:Trojan.Crypt.Delf.F.GGW@a4NSXwkG (Engine A). File: Cobranca_boleto[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

21 K7 pop-up (2x)

(1) Allowed access to the Internet; (2) Blocked (see note)

(1) Application is accessing the Internet. The program Cobranca_boleto[1].exe is connection to a network. Developer name: Not Available. Default option: Allow; (2) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always.


1

21 KIS toaster (3x)

Deleted (1) Detected: Trojan.Win32.Scar.ehai; (2) Backed up: Trojan.Win32.Scar.eha ; (3) Will be deleted on reboot: Trojan.Win32.Scar.ehai

na na na 1 1

21 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic BackDoor!djb (Trojan)

na na na 1 1

21 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Backdoor:Win32/Sodager.B. Recommended action: Remove.

na na na 1 1

21 NIS Toaster Removed cobranca_boleto[1].exe is not safe and has been removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


1) Yes 2) Blocked

1) Cobranca_boleto[1] is trying to access the internet. Do you trust this application. 2) Internet Security has blocked access to the bad website.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

22 AVG Pop up Quarantine Threat detected. Threat name: RAR.Qhost.c Category: Trojan. Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)

Warning: 1, Removed and healed



1


Trojan.Qhost.LYG Location: postal_amor.avi[1].exe Access to this file has been denied.

n/a n/a n/a 1 1


Threat: Win32/Qhost trojan Connection terminated - quarantined

n/a n/a n/a 1 1

22 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Qhost.LYG (Engine A). File: postal_amor.avi[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Trojan (00020d971) na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// 64 DOT 95 DOT 243 DOT 111 / descarga DOT php; (2) Denied: http:// 64 DOT 95 DOT 243 DOT 111 / descarga DOT php and http:// 64 DOT 95 DOT 243 DOT 111 / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1



1



1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

22 NIS Toaster Safe postal_amor.avi[1].exe is safe none none none 1 22 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

22 PCT Pop up Quarantine Behaviour Guard. Threat Name: POSTAL_AMOR.AVI[1].exe

n/a n/a n/a 1 1

23 AVA none none none No threat found n/a n/a 1 23 AVG none none none Warning: 1,

Removed and healed



1

23 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Spy.Gen4' was found in file VLCSetup[1].exe Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

23 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Gen:Variant.Adware.Hotbar1 Location: VLCSetup[1].exe Access to this file has been denied.

n/a n/a n/a 1 1


file. Virus: Gen:Variant.Adware.Hotbar.1 (Engine A). File: VLCSetup[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Adware (00234eb41) na na na 1 1

23 KIS none none (see note)

none none none none 1

23 MIS toaster Removed Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Adware-HotBar.d. Default option: Remove.

na na na 1 1


Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Adware:Win32/Hotbar. Alert level: Medium. Default option: Remove

na na na 1 1

23 NIS Toaster Removed vlcsetup[1].exe is not safe and has been removed. n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


n/a n/a n/a 1 1

23 PCT none none none Pop up Removed There are 1 threat and 3 infections in your computer.VLCSetup[1].exe

1


n/a n/a n/a 1 1

24 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse Generic23.BKUI Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1

24 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Kazy.30791.2' was found in file readme[1].exe Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

24 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Gen:Variant.Kazy.30791 Location: readme[1].exe Access to this file has been denied.

n/a n/a n/a 1 1



n/a n/a n/a 1 1

24 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:VariantKazy.30791 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Spyware (00290e351) na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// kdbhhhgsdjsb DOT cx DOT cc / k DOT php?f=116%26e=1; (2) Denied: http:// kdbhhhgsdjsb DOT cx DOT cc / k DOT php?f=116%26e=1 and http:// kdbhhhgsdjsb DOT cx DOT cc / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1

24 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!42B87CD69202 (Trojan)

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

24 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32.Zbot.gen!AF. Recommended action: Remove.

na na na 1 1



n/a n/a n/a 1 1

24 PCT 1)Pop up 2) Toaster

1)Block 2)Removed

1)Internet Security has blocked the high risk threat Trojan.Gen 2)IntelliGuard was enabled and 1 detected infections were successfully removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

25 AVG Pop up Removed Threat detected. Threat name: TR/Crypt.XPACK.Gen3 Category: Unknown. Description: This is a potentially unwanted application. These are programs that computer users wish to be made aware of. These programs include applications that have an impact on security, privacy, resource consumption, or are associated with other security risks. These programs can show a pattern of installation without user permission or notice on a system or be deemed to be separate and different from the application installed. (default: Move to Vault)

n/a n/a n/a 1


Trojan.Generic.KD.294205 Location: info[1].exe Access to this file has been denied.

n/a n/a n/a 1 1



n/a n/a n/a 1 1

25 GDA (1) pop-up; (2) dialogue box

Disinfected (after required reboot)

(1) Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.294205 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes. (2) Unable to place file in quarantine because access is blocked. The file will be deleted next time the system restarts!

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


High Security Risk Found! Trojan (0001140e1) na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// check DOT couponandfreebiemom DOT com / d DOT php?f=21&e=5; (2) Denied: http:// check DOT couponandfreebiemom DOT com / d DOT php?f=21&e=5 and http:// check DOT couponandfreebiemom DOT com / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1

25 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!F305D1C09F08 (Trojan)

na na na 1 1

25 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Rogue:Win32/FakeRean. Recommended action: Remove.

na na na 1 1


n/a n/a n/a 1 1


n/a n/a n/a 1 1

25 PCT Toaster Quarantine Behaviour Guard detected suspicious activity in INFO[1].exe

n/a n/a n/a 1 1


n/a n/a n/a 1 1

26 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse Generic4_c.QSF Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1


Gen:Variant.Adware.Torpump.1 Location: keygen_official[1].exe Access to this file has been denied.

Solved issues: 1 Deleted Cookie.DoubleClick

1



n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

26 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Adware.Torpump.1 (Engine A). File: hotel_imperium_keygen_official[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1





(1) Access Denied. The request URL cannot be provided. URL: http:// 100gigabitdownload DOT com / getwinpump<...>; (2) Denied: http:// 100gigabitdownload DOT com / getwinpump?q=hotel%20imperium%20keygen%20official and http:// 100gigabitdownload DOT com / favicon DOT ico (analysis using the database of phishing URLs)

na na na 1 1

26 MIS pop-up Allowed access to the Internet (see note)

Program Wants Internet Access. McAfee detected a program on your PC that is trying to accept incoming connections from the Internet. Protect your PC by only allowing Internet access for programs you trus. Program: pumpa.exe. Default option: Allow always.

none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt

1



1


n/a n/a n/a 1 1


n/a n/a n/a 1 1


Yes 1)Hotel_imperium_keygen_official is trying to access the internet. 2) WinPump is trying to access the internet.

none none none 1


n/a n/a n/a 1 1

27 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse SHeur3.CIUF Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1

27 AVI none none none n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

27 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Trojan.Generic.6276009 Location: javatmp11055.com Access to this file has been denied.

n/a n/a n/a 1 1


Threat: Java/TrojanDownloader.Agent.NBN trojan Connection terminated -quarantined

n/a n/a n/a 1 1

27 GDA pop-up Blocked Virus alert. An attempt was made to access an infected file. Virus: Java.Trojan.Downloader.OpenConnection.C (Engine A). File: jar_cache56703.tmp. Default option: Block file access

na na na 1 1



1

27 KIS toaster (2x)

Denied (2x) Denied: Trojan-Downloader.Java.Agent.au (2x) na na na 1 1

27 MIS toaster (more than 10x)

Removed (more than 10x) see note

Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!FE89D25ABBBA (Trojan) (more than 10x)

report Quarantined Viruses, Trojans, and Cookies Quarantined: Artemis!FE89D25ABBBA; Downloader-BCS

1 1

27 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Java/OpenConnection.AO. Recommended action: Remove.

na na na 1 1



n/a n/a n/a 1 1

27 PCT Pop up Blocked Internet Security has blocked the high risk threat Trojan.ADH.

n/a n/a n/a 1 1

28 AVA none none none No threat found n/a n/a 1 28 AVG none none none Warning: 1,

Removed and healed



1

28 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Spy.Gen4' was found in file VLCSetup[1].exe Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

28 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Gen:Variant.Adware.Hotbar1 Location: VLCSetup[1].exe Access to this file has been denied.

n/a n/a n/a 1 1


file. Virus:Gen:Varaint.Adware.Hotbar.1 (Engine A). File: VLCSetup[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Adware (00234eb41) na na na 1 1


none none none none 1

28 MIS toaster Removed Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Adware-HotBar.d. Default option: Remove.

na na na 1 1



1

28 NIS Toaster Removed VLCSectup[1].exe is not safe and has been removed. n/a n/a n/a 1 1 28 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

28 PCT none none none Pop up Removed There are 1 threat and 3 infections in your computer.VLCSetup[1].exe

1


n/a n/a n/a 1 1

29 AVG none none none Warning: 1, Removed and healed



1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


Removed 1)Guard: Malware found. A virus or unwanted program 'WORM/Rebhip.A.3410' was found in file JavaLoad[1].exe Access to file was denied. Please select a further action: (default: Remove), 2)Guard: Malware found. A virus or unwanted program 'WORM/Rebhip.A.3410' was found in file jar_cache2670.tmp Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

29 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Trojan.DownLoader.Java.C Location: jar_cache37809.tmp Access to this file has been denied.

n/a n/a n/a 1 1


Threat: Java/TrojanDownloader.Agent.NCJ trojan Connection terminated -quarantined

n/a n/a n/a 1 1

29 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Downloader.Java.C (Engine A). File: jar_cache64469.tmp. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

29 K7 toaster (2x)

Removed (2x) High Security Risk Found! Trojan (00029332e1) (2x) na na na 1 1

29 KIS toaster (2x)

Denied (2x) Denied: Trojan-Downloader.Java.Agent.dh (2x) na na na 1 1



1

29 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Java/OpenConnection.MY. Recommended action: Remove.

na na na 1 1

29 NIS Toaster Removed JavaLoad[1].exe is not safe and has been removed. n/a n/a n/a 1 1 29 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

29 PCT none none none none none none 1 30 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has

blocked a harmful site. Infection: URL:Mal n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

30 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse Downloader.VB.OSV Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1

30 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Dldr.Zbot.G' was found in file contacts[1].exe Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

30 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Trojan.Generic.KD.292675 Location: contacts[1].exe Access to this file has been denied.

n/a n/a n/a 1 1



n/a n/a n/a 1 1

30 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.292675 (Engine A). File: contact[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1





(1) Access Denied. The request URL cannot be provided. URL: http:// securepaid DOT biz / verified / d DOT php?f=21&e=3; (2) Denied: Trojan-Dropper.Win32.Dapato.frn

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

30 MIS toaster (6x)

(1-2) Removed; (3) Buffer Overflow Prevented; (4-6) Removed

(1) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FakeAlert.XPSpy (Trojan); (2) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!3B80803DBAE4 (Trojan); (3) Buffer Overflow Prevented. McAfee prevented a program from causing a buffer overflow on your PC (svchost.exe). Hackers can use buffer overflows to secretly run malicious programs, steal personal information, or hijack your PC. (4) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!3B80803DBAE4 (Trojan); (5) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!968246F56184 (Trojan); (6) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!8C42CF4C13F0 (Trojan)

(1) report; (2) toaster; (3) pop-up

(1) none (see note); (2) Buffer Overflow Prevented; (3) Removed (after required reboot)

(1) McAfee did not detect any issues on your PC. No further action is required.; (2) Buffer Overflow Prevented. McAfee prevented a program from causing a buffer overflow on your PC (svchost.exe). Hackers can use buffer overflows to secretly run malicious programs, steal personal information, or hijack your PC. (3) Trojan Detected. McAfee detected an infected file on your PC. Restart yoru PC so we can fix it. Detected: FakeAlert-FAB!3b80803DBAE4 (Trojan).

1

30 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Zbot.G. Recommended action: Remove.

na na na 1 1


n/a n/a n/a 1 1


n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


Yes 1)Wahlen Werther is trying to access the internet. Do you trust this application? 2) IntelliGuard was enabled and 1 detected infections were successfully removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1


Blocked 1)Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection. 2)Threat was blocked! File name: 7.htm Threat name: Exploit Exploitive IFrame Collection (type 1506)

n/a n/a n/a 1 1


Gen:Variant.Kazy.22992 Location: p[1].exe Access to this file has been denied.

n/a n/a n/a 1 1


file. Virus: JS:CVE-2010-0806-AP [Expl] (Engine B). File: ieee[1].jpg. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

31 K7 toaster (3x)

(1) Access denied; (2-3) Removed (2x)

(1) High Security Risk Found! Exploit (4fef863b0); (2) High Security Risk Found! Trojan (8b0117490); (3) High Security Risk Found! Exploit (4fef863b0)

na na na 1 1

31 KIS toaster (3x)

Denied (3x) Denied: HEUR:Exploit.Script.Generic (3x) na na na 1 1

31 MIS (1) toaster; (2) toaster; (3) pop-up

Removed (3x) (see note)

(1) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!ACB5F39F2C4E (Trojan); (2) Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Generic PUP.x. Default option: Remove.; (3) Trojan Detected. McAfee detected an infected file on your PC. Restart your PC so we can fix it. Detected: AdClicker-BJ (Trojan)

na na (see note) na 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

31 MSE pop-up Removed (see note)

Security Essentials detected 2 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Exploit:JS/Mult.DE and TrojanDownloader:Win32/Small.gen!AO. Recommended action: Remove.

na na na 1 1



n/a n/a n/a 1 1


Quarantine 1)Behaviour Guard detected suspicious activity in P.exe, 2) Internet Security has blocked an application iexplorer.exe attempting to close a file.

n/a n/a n/a 1 1


No threat found n/a n/a 1

32 AVG Pop up Quarantine Threat detected. Threat name: OneStepSearcher.AG Category: Adware Description: This is a potentially unwanted application. These are programs that computer users wish to be made aware of. (default: Move to Vault)




1

32 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Boigy.AD.2' was found in file resulturl.dll Access to file was denied. Please select a further action: (default: Remove)


Move to quarantine Moved to quarantine: Eicar-Test-Signature

1

32 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Trojan.Generic.6334305 Location: resulturl[1].exe Access to this file has been denied.

Your attention is required to clean 1 threat(s) affecting 1 object(s).

Ignore Trojan.Generic.6334305

1

32 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 32 GDA pop-up Blocked Virus alert. An attempt was made to access an infected

file. Virus:Trojan.Generic.6334305 (Engine A). File: resulturl-setup[1].exe. Default option: Block file access

na na na 1 1

32 K7 pop-up (2x)

(1) Allowed access to the Internet; (2) Unable to delete

(1) Application is accessing the Internet. The program resulturl178.exe is preparing to act as server on the network. Developer name: Not Available. Default option: Allow; (2) High Security Risk Found. Adware (0006f6b21)


1

32 KIS toaster Denied (see note)

Denied: not-a-virus:Adware.Win32.Zwangi.heur none none (see note) none 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed



1



1

32 NIS Toaster Removed resulturl-setup[1].exe is not safe and has been removed. n/a n/a n/a 1 1 32 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

32 PCT 1)Pop Up 2) Pop Up

1)yes 2)Block 1)RESULTURL_SETUP[1].exe is trying to modify or control another application. 2) Internet Security has blocked access to the bad website: upgrade.resultbrowse.com

Pop up Removed There are 1 threat and 3 infections in your computer.resulturl_setup.exe

1

33 AVA none none none No threat found n/a n/a 1 33 AVG Pop up Quarantine Threat detected. Threat name: Unknown. Description:

Not available. (default: Move to Vault) Warning: 1, Removed and healed



1


Trojan.Generic.KD.295620 Location: album[1].cmd Access to this file has been denied.

n/a n/a n/a 1 1


Threat: probably a variant of Win32/TrojanDownloader.VB.PHI trojan Connection terminated - quarantined

n/a n/a n/a 1 1

33 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.295620 (Engine A). File: album[1].cmd. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

33 K7 pop-up (2x)

(1) Allowed access to the Internet; (2) Unable to delete

(1) Application is accessing the Internet. The program album[1].cmd is preparing to act as server on the network. Developer name: Microsoft. Default option: Allow; (1) Application is accessing the Internet. The programwinlive.exe is connection to the network. Developer name: Not Available. Default option: Allow; (3) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always.


1



(1) Access Denied. The request URL cannot be provided. URL: http:// dl DOT dropbox DOT com / u / 35838372 / album DOT cmd? / index DOT html; (2) Denied: HEUR:Trojan-Downlaoder.Win32.Generic

na na na 1 1



1

33 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Banker.G. Recommended action: Remove.

na na na 1 1

33 NIS Toaster Removed album[1].cmd is not safe and has been removed. n/a n/a n/a 1 1 33 TIS none none none none none none 1 33 PCT Pop up Quarantine Behaviour Guard detected suspicious activity in winds,

album[1].cmd n/a n/a n/a 1 1

34 AVA 1)Toaster, 2)Toaster

1)Blocked, 2)Quarantine

1)Malware blocked. Avast! File System Shield has blocked a threat. No further action is required. Infection: HTML:Iframe-inf 2)Malware blocked. Avast! Script Shield has blocked a threat. No further action is required. Infection: HTML:Iframe-inf Action: Moved to chest

n/a n/a n/a 1 1


Blocked 1)Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection. 2)Threat was blocked! File name: index.php Threat name: Exploit Blackhole Exploit Kit (type 2029)

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


Removed 1)Guard: Malware found. A virus or unwanted program 'JS/Blacole.A' was found in file index[1].htm Access to file was denied. Please select a further action: (default: Remove) 2)Guard: Malware found. AntiVir Guard detected 3 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1

34 BDF Toaster Blocked BitDefender has blocked multiple viruses! Virus Name: ExploitJS.Agent.BG (File access was blocked), Virus Name: Gen:Variant.Kazy.31516 (File access was blocked). The infected objects have been treated. Your PC is protected!

n/a n/a n/a 1 1


Threat: HTML/Iframe.B.Gen virus Connection terminated - quarantined

n/a n/a n/a 1 1

34 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus:HTML:Iframe-inf (Engine B). File: ccard[1].htm. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

34 K7 toaster Quarantined (after required reboot)

High Security Risk Found! Suspicious Program (ID30005). Marked for deletion after restart.


1

34 KIS toaster Denied Denied: Trojan-Downloader.JS.Agent.qdq na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


none (1-3) toaster; (4) report

(1) Removed; (2) Blocked; (3) Removed; (4) Removed

(1) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FAkeAlert!qrb (Trojan); (2) Risky Connection Blocked. McAfee has blocked your PC from making a potentially risky connection. IP Address: 95.211.22.217. Program: Generic Host Process for Win32 Services.; (3) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FAkeAlert!qrb (Trojan); (4) Viruses, Trojans, and Cookies Removed: TDSS e!rootkit, Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt

1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


Security Essentials detected 3 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Exploit:JS/Blacole.A, Trojan:Win32/FakeSysdef, Exploit:Win32/PDfjsc.RF. Recommended action: Remove.

na na na 1 1


n/a n/a n/a 1 1


n/a n/a n/a 1 1

34 PCT none none none n/a n/a n/a 1 1 35 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has

blocked a harmful site. Infection: URL:Mal n/a n/a n/a 1 1


Quarantine 1)Threat detected! Threat name: Trojan horse BackDoor.Generic14.HFL Detected on open. (default: Move to Vault) 2)Threat detected. Threat name: "Win32/Kryptic.PTH Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)




1

35 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'BDS/Paprs.cyd' was found in file readme[1].exe Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

35 BDF Toaster Blocked BitDefender has blocked multiple viruses! Virus Name: Trojan.Generic.KD.2847... (File access was blocked), Virus Name: Gen:Variant.Kazy.26919 (File access was blocked). The infected objects have been treated. Your PC is protected!

n/a n/a n/a 1 1



n/a n/a n/a 1 1

35 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.26919 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


High Security Risk Found! Backdoor (0028b0291) na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// isof DOT susubbs DOT com / d DOT php?f=45&amp;amp;amp;amp;e=6; (2) Denied: http:// isof DOT susubbs DOT com / d DOT php?f=45&amp;amp;amp;amp;e=6 and http:// isof DOT susubbs DOT com / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1

35 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected:Generic.dx!zym (Trojan)

na na na 1 1

35 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanSpy:Win32/Ursnif.gen!J. Recommended action: Remove.

na na na 1 1



n/a n/a n/a 1 1

35 PCT 1)Pop up 2) Toaster 3) Toaster

1) Block 2) Quarantined 3) Removed

1)Internet Security has blocked the high risk threatBackdoor.trojan , 2)Download Guard detected a threat in README[1].EXE, this file has been automatically quarantined for your protection. 3)IntelliGuard was enabled and 1 detected infections were successfully removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

36 AVG Toaster Quarantine 1)Threat detected! Threat name: Trojan horse Generic_r.GX Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1

36 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Dropper.Gen' was found in file 216028[1].exe Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

36 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Trojan.Generic.KD.294159 Location: 216028[1].exe Access to this file has been denied.

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed



n/a n/a n/a 1 1

36 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Genric.KD.294159 (Engine A). File: 216028[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

36 K7 toaster Blocked (see note)

System monitor alert. New AppInitDll Entry Found! A new program () has been added as a registry entry to load automatically when you logon. Normally other than userinit.exe no other program should be present here. Advise: Not available. Please proceed with caution! Default option: Block Always.


1



(1) Access Denied. The request URL cannot be provided. URL: http:// dastall DOT dyndns-wiki DOT com / maklr / d4 DOT php; (2) Denied: http:// dastall DOT dyndns-wiki DOT com / maklr / d4 DOT php and http:// dastall DOT dyndns-wiki DOT com / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1

36 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.qrp!k (Trojan)

na na na 1 1


Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . TrojanDownloader:Win32/Vundo.HIY Recommended action: Remove.

report Removed TrojanDownloader:Win32/Vundo.HIY

1

36 NIS Toaster Removed 216028[1].exe is not safe and has been removed. n/a n/a n/a 1 1 36 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

36 PCT none none none none none none 1 37 AVA Toaster Blocked Dropper blocked. The threat was detected when the file

was created or modified. n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


Quarantine 1)Threat detected. Threat name: TR/Dldr.Delphi.Gen Category: Unknown Description: This is a potentially unwanted application. These are programs that computer users wish to be made aware of. (default: Move to Vault) 2)Threat detected! Threat name: Trojan horse Generic4_c.AKEZ Detected on open (default: Move to Vault)




1

37 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Dldr.Delphi.Gen' was found in file imagem[1].com Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

37 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Gen:Trojan.Heur.PT.cGW@bC4ztaoG Location: imagem[1].com Access to this file has been denied.

n/a n/a n/a 1 1


Threat: a variant of Win32/TrojanDownloader.Banload.PKX trojan Connection terminated - quarantined

n/a n/a n/a 1 1

37 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Trojan.Heur.PT.cGW@bC4ztaoG (Engine A). File: imagem[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Trojan-Downloader (85360ede0)

na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// dl DOT dropbox DOT com / u / 35882506 / imagem DOT com?comprovante DOT bap / index DOT html; (2) Denied: HEUR:Trojan-Downlaoder.Win32.Generic

na na na 1 1

37 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: PWS-Banker!qyf (Trojan)

na na na 1 1


Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Trojan:WinNT/Bancos.G. Recommended action: Remove.

none none (see note) Scan completed on 175778 items. No threats were detected on your computer during this scan.

1

37 NIS Toaster Removed imagem[1].com is not safe and has been removed. n/a n/a n/a 1 1 37 TIS Toaster Removed Some security threats have been removed for your

safety. none none none 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

37 PCT 1)Pop up 2) Toaster 3) Toaster

1) Yes 2) Block 3) Removed

1)Imagem[1] is trying to access the internet. 2) Internet Security has blocked the high risk threat HeurEngine.MaliciousPacker. 3) IntelliGuard was enabled and 1 detected infections were successfully removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

38 AVG Pop up Quarantine Threat detected! File name: info[1].exe Threat name: Trojan horse FakeAlert.AFB Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1


Trojan.Generic.KDV.293602 Location: info[1].exe Access to this file has been denied.

Resolved items: 1. No threats require your attention.

Deleted Cookie.DoubleClick

1



n/a n/a n/a 1 1

38 GDA pop-up Disinfected (after required reboot)

Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KDV.293602 (Engine A). File: info[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; Unable to place file in quarantine because access is blocked. The file will be deleted next time the system restarts!

na na na 1 1

38 K7 toaster Quarantined (after required reboot) (see note)



1



(1) Access Denied. The request URL cannot be provided. URL: http:// x400 DOT bz DOT cm / d DOT php?f=19&e=0; (2) Denied: http:// x400 DOT bz DOT cm / d DOT php?f=19&e=0 andhttp:// x400 DOT bz DOT cm / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1

38 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FakeAlert-Rena.p (Trojan)

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

38 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Rogue:Win32/FakeRean. Recommended action: Remove.

na na na 1 1

38 NIS Toaster Removed Info[1].exe is not safe and has been removed. n/a n/a n/a 1 1 38 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

38 PCT Pop up Quarantine Behaviour Guard detected suspicious activity in winds, INFO[1].exe

n/a n/a n/a 1 1

39 AVA Toaster Blocked Trojan horse blocked. HTML:Downloader-AC [Trj] n/a n/a n/a 1 1 39 AVG none none none n/a n/a n/a 1 1 39 AVI none none none n/a n/a n/a 1 1 39 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name:

Trojan.Generic.KD.296178 Location: javafire58115.exe Access to this file has bee denied.

n/a n/a n/a 1 1


Threat: Java/TrojanDownloader.Agent.NCC trojan Connection terminated - quarantined

n/a n/a n/a 1 1

39 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: HTML:Downloader-AC [Trj] (Engine B). File: izle-Teen-Wolf-1-Sezon-6-Bolum[1].htm. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

39 K7 pop-up Allowed access to the Internet (see note)

Application is accessing the Internet. The program javafire25800.exe is connection to a network. Developer name: Microsoft. Default option: Allow.


1


none na na na 1 1

39 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!1B528CF64850 (Trojan)

na na na 1 1

39 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . TrojanDownloader:Java/OpenConnection.C. Recommended action: Remove.

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

39 NIS Toaster Removed javafire37568.exe is not safe and has been removed. n/a n/a n/a 1 1 39 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

39 PCT Pop up Blocked Internet Security has blocked the high risk threat Trojan.ByteVerify

n/a n/a n/a 1 1


n/a n/a n/a 1 1

40 AVG Toaster Blocked Threat detected. File name: WUE.EXE Threat name: "Win32/Kryptic.QPO Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)

n/a n/a n/a 1


Move to quarantine Moved to quarantine: Eicar-Test-Signature

1

40 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Gen:Variant.FakeAlert.88 Location: readme[1].exe Access to this file has been denied.

Resolved items: 1. No threats require your attention.


1



n/a n/a n/a 1 1

40 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus:Gen:Vriant.FakeAlert.88 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; Unable to place file in quarantine because access is blocked. The file will be deleted next time the system restarts!

na na na 1 1

40 K7 toaster Quarantined (after required reboot) (see note)



1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed



(1) Access Denied. The request URL cannot be provided. URL: http:// games DOT localtraficattorneus DOT com / d DOT php?f=19&e=2; (2) Denied: http:// games DOT localtraficattorneus DOT com / d DOT php?f=19&e=2 and http:// games DOT localtraficattorneus DOT com / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1

40 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FakeAlert-Rena.p (Trojan)

na na na 1 1

40 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Rogue:Win32/FakeRean. Recommended action: Remove.

na na na 1 1


n/a n/a n/a 1 1


n/a n/a n/a 1 1

40 PCT Pop up Blocked Behaviour Guard detected suspicious activity in winds,README[1].exe

n/a n/a n/a 1 1

41 AVA Toaster Blocked Trojan horse blocked. Win32:Small-JPG n/a n/a n/a 1 1 41 AVG Pop up Quarantine Threat detected! File name: load[1].exe Threat name:

Trojan horse Flooder.O Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1

41 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'WORM/Rbot.Gen' was found in file load[1].exe Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

41 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Trojan.Generic.5959985 Location: load[1].exe Access to this file has been denied.

n/a n/a n/a 1 1

41 ESS Toaster Blocked Threat: Win32/Agent.NGC trojan Connection terminated - quarantined

n/a n/a n/a 1 1

41 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.5959985 (Engine A). File: load[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


High Security Risk Found! Trojan-Downloader (00014ede1)

na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// ad DOT inewsweek DOT cn / docs / DOT q / load DOT php; (2) Denied: URL: http:// ad DOT inewsweek DOT cn / docs / DOT q / load DOT php (analysis using the base of suspicious URLs)

na na na 1 1

41 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FDoS-BEnergy (Trojan)

na na na 1 1

41 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Backdoor:Win32/Phdet.gen!A. Recommended action: Remove.

na na na 1 1

41 NIS Toaster Removed load[1].exe is not safe and has been removed. n/a n/a n/a 1 1 41 TIS Pop up Restart You must restart the computer to finish removing a

security threat in the file named below. Load[1].exe n/a n/a n/a 1 1

41 PCT 1)Pop up 2)Toaster

Blocked 1)Internet Security has blocked the high risk threat Downloader.Generic. 2) IntelliGuard was enabled and 1 detected infections were successfully removed.

n/a n/a n/a 1 1

42 AVA Toaster Blocked Malware blocked. Avast! File System Shield has blocked a threat. Infection: Win32:Malware-gen

n/a n/a n/a 1 1

42 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse Downloader.Generic11.BIXL Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1

42 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Downloader.Gen' was found in file FlashUpdate[1].exe Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1

42 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Trojan.Generic.6342238 Location: FlashUpdate[1].exe Access to this file has been denied.

n/a n/a n/a 1 1


Threat: Win32/ProxyChanger.T trojan Connection terminated - quarantined

n/a n/a n/a 1 1

42 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.6342238 (Engine A). File: FlashUpdate[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

42 K7 toaster (2x)

(1) Access denied; (2) Removed

(1) High Security Risk Found! Trojan (ce03e6000); (2) High Security Risk Found! Riskware (b7a972fl0)

na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// host11 dot 186-109-81 DOT telecom DOT net DOT ar / PortalZafiro / Lib /FlashUpdate DOT exe; (2) Denied: Trojan-Downloader.Win32.Delf.hfrh

na na na 1 1

42 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!2A0A224BED00 (Trojan)

na na na 1 1

42 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . TrojanSpy:Win32/Bancos.ACM. Recommended action: Remove.

na na na 1 1

42 NIS Toaster Removed FlashUpdate[1].exe is not safe and has been removed. n/a n/a n/a 1 1 42 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

42 PCT 1)Pop up 2)Toaster 3) Toaster

1)yes 2)Quarantine 3)Blocked

1)Flashupdate[1].exe is trying to access the internet. 2)Behaviour Guard detected suspicious activity in Flashupdate[1].exe. 3) Internet security has blocked an application attempting to close a file.

n/a n/a n/a 1 1

43 AVA Toaster Blocked Spyware blocked. Threat detected! Move to Chest Threat: Win32:Spyware-gen[Spy]

1

43 AVG Pop up Quarantine Threat detected. Threat name: "Win32/TrojanDownloader.Banload.QBI Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you […] (default: Move to Vault)




1

43 AVI none none none 4 viruses and/or unwanted programs were found | Detections: 4, Moved: 3

Move to quarantine Moved to quarantine: Eicar-Test-Signature, TR/Spy.Banocs.ZL.28 (in modulo[1].txt), TR/Spy.Bancos.ZL.28 (in iexplorer.txt)

1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

43 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Trojan.Crypt.Delf.AG Location: Adobe-Acrobate01634[1].com Access to this file has been denied.

n/a n/a n/a 1 1


Threat: a variant of Win32/TrojanDownloader.Banload.QBI trojan Connection terminated - quarantined

n/a n/a n/a 1 1

43 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Crypt.Delf.AG (Engine A). File:Adobe-Acrobate01634[1].com. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1

43 K7 (1) pop-up; (2) toaster; (3) pop-up; (4) toaster

(1) Allowed access to the Internet; (2) Removed; (3) Allowed access to the Internet; (4) Removed (see note)

(1) Application is accessing the Internet. The program Adobe-Acrobate01634[1].com is connection to a network. Developer name: Not Available. Default option: Allow; (2) High Security Risk Found! Riskware (0015e4f01); (3) Application is accessing the Internet. The program msmsgs.exe is connection to a network. Developer name: Not Available. Default option: Allow; (4) High Security Risk Found! Riskware (8ea0f2f10)


1



(1) Access Denied. The request URL cannot be provided. URL: http:// dress2impress DOT nl / templates / adobe-acrobat DOT php?open; (2) Denied: HEUR:Troja-Downlaoder.Win32.Generic

na na na 1 1

43 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic Downlaoder.x!fod (Trojan)

na na na 1 1

43 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . TrojanDownloader:Win32/Banload.QI. Recommended action: Remove.

na na na 1 1

43 NIS Toaster Removed adobe-acrobat01634[1].com is not safe and has been removed.

n/a n/a n/a 1 1

43 TIS none none none n/a n/a n/a 1 1 43 PCT Pop up Quarantine Behaviour Guard detected suspicious activity in ADOBE-

ACROBATE01634[1].COM n/a n/a n/a 1 1


n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


Warning: 1, Infections: 1


Virus found JS/Generic

1

44 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'JS/Blacole.A' was found. Access to file was denied. Please select a further action: (default: Remove)

3 viruses and/or unwanted programs were found | Detections: 4, Moved: 3

Move to quarantine HTML/rug.A.3 HTML script virus, EXP/2010-0840.AC exploit, Eicar-Test-Signature

1

44 BDF Toaster Blocked BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Downloader... File access was blocked. Virus Name: Gen:Variant.Downloader... File access was blocked.

Solved issues: 2. No threats require your attention.

Deleted Gen:Variant.Downloader.127 and Cookie.DoubleClick

1



n/a n/a n/a 1 1

44 GDA pop-up (2x)

(1) Blocked; (2) Disinfected

(1) Virus alert. An attempt was made to access an infected file. Virus: Java:Agent-PM [Expl] (Engine B). File: jar_cache6623.tmp. Default option: Block file access; (2) Virus alert. An attempt was made to access an infected file. Virus: VBS:Agent-KP [Trj] (Engine B). File:l.vbs. Default option: Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1



1



(1) Access Denied. The request URL cannot be provided. URL: http:// uhgswbufds DOT com / index DOT php?tp=001e4bb7b4d7333d; (2) Denied: http:// uhgswbufds DOT com / index DOT php?tp=001e4bb7b4d7333d and http:// uhgswbufds DOT com / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed



1

44 MSE pop-up (2x)

Removed (2x) (1) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:HTML/Adodb.gen!A. Recommended action: Remove.; (2) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.; (2) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.

na na na 1 1


n/a n/a n/a 1 1


n/a n/a n/a 1 1

44 PCT Toaster Yes Services and Controller app is trying to gain kernel access. Event type: Registry Set Drivers Image Path. Do you allow this application to perform this operation?

n/a n/a n/a 1 1


n/a n/a n/a 1 1

45 AVG Warning on the browser

Blocked Danger: Search-Shield has detected active threats on this page and has blocked access for your protection.

n/a n/a n/a 1 1


Trojan.Downloader.Istbar.ZG Location: istsvc_updater[1].exe Access to this file has been denied.

n/a n/a n/a 1 1

45 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

45 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Downloader.Istbar.ZG (Engine A). File: istsvc_updater[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Trojan-Downloader (282294dd0)

na na na 1 1



(1) Access Denied. The request URL cannot be provided. URL: http:// cache DOT ysbweb DOT com / ist / softwares / istupdates / istsvc_updater DOT exe; (2) Denied: http:// cache DOT ysbweb DOT com / ist / softwares / istupdates / istsvc_updater DOT exe (analysis using the database of suspicious URLs)

na na na 1 1

45 MIS (1) pop-up; (2) dialogue box

Removed (see note)

(1) Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Artemis!1346575A86C3. Default option: Remove. (2) McAfee was unable to remove this program. Please try removing it using Add or Remove Programs in Windows.

na na na 1 1

45 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . BrowserModifier:Win32/ISTbar.F. Recommended action: Remove.

na na na 1 1

45 NIS Toaster Removed istsvc_updater[1].exe is not safe and has been removed. n/a n/a n/a 1 1 45 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

45 PCT 1)Pop up 2)Toaster 3) Toaster

1)Block 2)Quarantine 3)Removed

1)Internet Security has blocked high risk threat Trojan.ISTbar. 2)Download Guard detected a threat in ISTSC_UPDATER[1].EXE This file has been automatically quarantined for your protection. 3) IntelliGuard was enabled and 1 detected infections were successfully removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

46 AVG Pop up Quarantine Threat detected. Threat name: Trojan.Agent Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat.




1

46 AVI none none none 3 viruses and/or unwanted programs were found

Delete (see notes) BOO/TDss.M in the Master boot sector HD0 (deleted) and BOO/TDss.M in the Boot sector 'C:\', Eicar-Test-Signature

1

46 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Gen:Variant.FaceAlert.47 Location: contacts[1].exe Access to this file has been denied.

n/a n/a n/a 1 1

46 ESS Toaster Blocked Threat: a variant of Win32/Kryptik.QSP trojan. Connection terminated - quarantined

n/a n/a n/a 1 1

46 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Varinat.FakeAlert.47 (Engine A). File: contacts[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

46 K7 pop-up (5x)

(1) Allowed access to the Internet; (2) Blocked; (3) Blocked; (4) Allowed; (5) Allowed (see note)

(1) Application is accessing the Internet. The program 277008f2.exe is connection to a network. Developer name: Not Available. Default option: Allow; (2) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always.; (3) System monitor alert. Host File has been modified. The system Hosts File has been modified. The canges can redirect the websites to any other harmful sites. (4) Application is accessing the Internet. The program dwm.exe is connection to a network. Developer name: Not Available. Default option: Allow; (5) Application is accessing the Internet. The program csrss.exe is connection to a network. Developer name: Not Available. Default option: Allow

(1) pop-up; (2) pop-up; (3) pop-up; (4) toaster

(1) Allowed; (2) Blocked

1) Application is accessing the Internet. The program conhost.exe is connection to a network. Developer name: Not Available. Default option: Allow; (2) System monitor alert. New AutoStart Entry Found! A new program has been added to to load along with the Operating System. Default option: Block Always; (3) System monitor alert. Host File has been modified. The system Hosts File has been modified. The canges can redirect the websites to any other harmful sites. Default option: Block Always; (4) High Security Risk Found! Riskware (eaa3b7fa0)

1



(1) Access Denied. The request URL cannot be provided. URL: http:// fowrsir DOT co DOT tv / k DOT php?f=19&e=4; (2) Denied: HEUR:Trojan.Win32.Generic

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

46 MIS pop-up Removed (see note)

Virus Detected. McAfee detected an infected file on your PC. Restart your PC so we can fix it. Detected: W32/Pinkslipbot.gen.x (Virus)

(1) toaster; (2) toaster; (3) report

(1) Blocked; (2) Blocked; (3)

(1) Risky Connection blocked. McAfee has blocked your PC from making a potentially risky connection. IP Address: 188.229.90.136. Program: SYSTEM. Risky connections leave you susceptible to phishing and malware attacks. You can change your Net Guard setting for this program in the Internet Connections for Programs drawer in Firewall. (2) Risky Connection blocked. McAfee has blocked your PC from making a potentially risky connection. IP Address: 194.11.16.143. Program: Generic Host Process for Win32 Services. Risky connections leave you susceptible to phishing and malware attacks. You can change your Net Guard setting for this program in the Internet Connections for Programs drawer in Firewall. (3) Your computer is at risk. 1 remaining issue.

1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

46 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Backdoor:Win32/Cybot.B. Recommended action: Remove.

report Removed Trojan:DOS/Alureon.A. To finish removing malware and other potentially unwanted software, restart the computer.

1


n/a n/a n/a 1 1


n/a n/a n/a 1 1

46 PCT 1)Pop up 2)Toaster 4)Toaster 3) Toaster

1)Yes 2)Quarantine 3)Stopped

1CONTACTS[1].exe is trying to modify or control another application. Do you trust this application? 2)This program is attempting to change your security settings and privacy level by modifying which website are trusted by Internet explorer. Risk : Very High file name : 277008F2.EXE. 3)HEUREENGIN.ZERODAYTHREAT Behaviour Guard has detected and stopped malicious activity from a known threat.4) IntelliGuard was enabled and 1 detected infections were successfully removed.

Pop up Removed There are 4 threats and 15 infections in your computer. All infections successfully removed.

1


n/a n/a n/a 1 1

47 AVG none none none No infection found during this scan.

none none 1

47 AVI none none none n/a n/a n/a 1 1 47 BDF 1)Toaster,

2)Toaster, 3)Toaster

1)Blocked, 2)Terminated, 3)Changes reverted

1)BitDefender has blocked a virus! Virus Name: Trojan.Generic.KD.299758 Location: calc[1].exe Access to this file has been denied. 2)calc[1].exe was terminated because it was deemed harmful. 3)BitDefender has reverted the changes on your PC. A reboot is required to complete the operation.



1



n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

47 GDA (1) pop-up; (2) pop-up; (3) dialogue box

(1) Quarantined; (2) Quarantined; (3) Warning

(1) Behavior monitoring. Unknown threat. Info[1].exe looks like a malicious program. G Data recommends removing the program. Publisher: Unknown publisher. Started by: info[1].exe. Default option: Stop program and move to quarantine. ; (2) Behavior monitoring. Unknown threat. b6232f3a55a.exe looks like a malicious program. G Data recommends removing the program. Publisher: Unknown publisher. Started by: b6232f3a55a.exe. Default option: Stop program and move to quarantine. ; (3) Unknown malware found in your browser (Fingerprint: [155af454]) Malicious routines have been disabled. It is strongly recommended not to enter any passwords in this browser and not to perform any senstive actions such as online banking until the unidentified malware has been completely removed.

(1) pop-up; (2) report

(1) Quarantined; (2) none

(1) Behavior monitoring. Unknown threat. b6232f3a55a.exe looks like a malicious program. G Data recommends removing the program. Publisher: Unknown publisher. Started by: b6232f3a55a.exe. Default option: Stop program and move to quarantine.; (2) none

1 1

47 K7 (1) pop-up; (2) toaster; (3) pop-up; (4) toaster

(1) Allowed access to the Internet; (2) Removed; (3) Allowed access to the Internet; (4) Removed (see note)

(1) Application is accessing the Internet. The program winlogon.exe is connection to a network. Developer name: Not Available. Default option: Allow; (2) System Monitor Aler! Iexplore Zone Settings have been modified. The following entries have changed: Unknown(1609). Default option: Block; (3) System Monitor Aler! Iexplore Zone Settings have been modified. The following entries have changed: Access data sources across domains(1406); Unknown(1609). Default option: Block.#

(1) pop-up (4x); (2) report

(1) Blocked (4x); (2) none (see note)

(1) System Monitor Aler! IExplore Zone Settings have been modified. The following entries have changed: Access data sources across domains(1406); Unknown(1609). Default option: Block. (4x); (2) Scan Completed. No Viruses, spyware or other risks were found.

1



(1) Access Denied. The request URL cannot be provided. URL: http:// joilok DOT in / d DOT php?f=21&; (2) Denied: http:// joilok DOT in / d DOT php?f=21& and http:// joilok DOT in / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


none report none (see note) McAfee did not detect any issues on your PC. No further action is required.

1

47 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . VirTool:Win32/VBInject.gen!GR. Recommended action: Remove.

na na na 1 1

47 NIS Toaster Removed Info[1].exe is not safe and has been removed. n/a n/a n/a 1 1 47 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this


n/a n/a n/a 1 1

47 PCT 1)Pop up 2)Pop up

1) Yes 2)Quarantine

1) Firefox Software Updater is trying to modify or control another application. Do you trust this application? 2) Behaviour Guard detected suspicious activity in Firefox Software Updater. B6232F3A8AA.EXE

n/a n/a n/a 1 1

48 AVA Toaster Blocked Malware blocked. Win32:Malware-gen n/a n/a n/a 1 1 48 AVG none none none n/a n/a n/a 1 1 48 AVI Toaster Removed Guard: Malware found. A virus or unwanted program

'TR/Minggy.2.100' was found in file HackXuVinagame_2011[1].exe. Access to file was denied. Please select a further action: (default: Remove)

n/a n/a n/a 1 1


1)Blocked, 2)Deleted

1)BitDefender has blocked a virus! Virus Name: Gen:Variant.Minggy.2 Location: HackXuVinagame_2011[1].exe Access to this file has been denied. 2)BitDefender has blocked a virus! Virus Name: Gen:Variant.Minggy.2 Location: HackXuVinagame_2011[1].exe BitDefender has deleted the following item because it could not be disinfected.



1

48 ESS Pop up Warning Warning. Potential threat found. Threat: a variant of Win32/Packed.MoleboxVS.A potentially unwanted application Comment: Threat was detected upon access to web by the application: iexplore.exe. Please submit this object to ESET for analysis. (default: Disconnect)

n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

48 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Minggy.2 (Engine A). File: HackXuVinagame_2011[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Trojan (c7cdc4080) na na na 1 1

48 KIS toaster Deleted (after required reboot)

Will be deleted on reboot: Trojan-PSW.Win32.Autoit.m na na na 1 1

48 MIS (1) toaster; (2) dialogue box

Removed (2x) (1) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!ED1E48F2F10E (Trojan); (2) McAfee detected an infected file on your PC. Restart your PC so we can fix it.

na na na 1 1



1

48 NIS Toaster Removed hackxuvinagame_2011[1].exe is not safe and has been removed.

n/a n/a n/a 1 1

48 TIS none none none none none none 1 48 PCT 1) Pop up

2) Toaster 1)Blocked 2)Removed

1)Internet Security has blocked the high risk threat Trojan.Dropper 2) IntelliGuard was enabled and 1 detected infections were successfully removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

49 AVG 1)Toaster, 2)Toaster, 3)Toaster, 4)Toaster, 5)Toaster

1)Quarantine, 2)Remove, 3)Quarantine, 4)Quarantine, 5)Reboot

1)Threat detected. Threat name: Win32.Carberp.ani Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault), 2)Multiple threat detected: Trojan horse PSW.Generic9.AUC (default: Remove all unhealed) [Note: Action was unsuccessful], 3)Threat detected. Threat name: Win32.Carberp.ani Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault), 4)Threat detected. Threat name: Win32.Carberp.ani Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault), 5)Threat removal requires computer restart.

Infections: 1, Warnings: 1


Trojan horse PSW.Generic9.AUC (infection) and Corrupted executable file (warning)

1


Removed 1)Guard: Malware found. A virus or unwanted program 'TR/Crypt.CFI.Gen' was found. Access to file was denied. Please select a further action: (default: Remove), 2)Guard: Malware found. AntiVir Guard detected 3 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove), 3)Guard: Malware found. A virus or unwanted program 'TR/Crypt.CFI.Gen' was found in file jar_cache58446.tmp. Access to file was denied. Please select a further action: (default: Remove)

8 viruses and/or unwanted programs were found

Moved to quarantine

HTML/rugA.3, Eicar-Test-Signature, JAVA/Exdoer.EJ

1

49 BDF Toaster Blocked BitDefender has blocked multiple viruses! Virus name: Gen:Variant.Kazy.30838 (File access was blocked), Virus Name: Gen:Varian.Kazy.30838 (File access was blocked). The infected objects have been treated. Your PC is protected!



1



n/a n/a n/a 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

49 GDA pop-up (4x)

Disinfected (4x)

(1) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30838 (Engine A). File: 0.2389620865515687.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30838 (Engine A). File: about[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (3) Virus alert. An attempt was made to access an infected file. Virus: VBS:Agent-KP [Trj] (Engine B). File: l.vbs. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (4) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30838 (Engine A). File: about[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed


none (1) pop-up; (2) pop-up; (3) report

(1) Blocked; (2) Blocked; (3); none (see note)

(1) System Monitor Aler! IExplore Zone Settings have been modified. The following entries have changed: Unknown(1809). Default option: Block.; (2) System monitor alert. New Program Found in User StartUp Folder! A new program Gtessz has been added to your StartUp folder to run whenever Windows boots up. Advise: Not Available. Please proceed with caution!. Default option: Block Always; (3) Scan Completed. No Viruses, spyware or other risks were found.

1



(1) Access Denied. The request URL cannot be provided. URL: http://de DOT c9 DOT b4 DOT a1 DOT top DOT list DOT ipq DOT co / index DOT php?tp=53fa02ad1bfc685a; (2) Denied: http://de DOT c9 DOT b4 DOT a1 DOT top DOT list DOT ipq DOT co / index DOT php?tp=53fa02ad1bfc685a andhttp://de DOT c9 DOT b4 DOT a1 DOT top DOT list DOT ipq DOT co / favicon DOT ico (analysis using the database of suspicious URLs)

na na na 1 1

49 MIS toaster (3x)

Removed (3x) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!D429D3F95E83 (Trojan) (3x)

na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

49 MSE pop-up (2x)

(1) Removed (after required reboot); (2) Removed

(1) Security Essentials detected 2 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Trojan:Win32/Carberp.gen!A and Exploit:JS/Blacole.A. Recommended action: Remove. To complete clean-up, you need to restart your computer. Do you want to restart now? Default option: Yes.; (2) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Trojan:Win32/Carberp.gen!A. Recommended action: Remove.

na na na 1 1


n/a n/a n/a 1 1

49 TIS none none none n/a n/a n/a 1 1 49 PCT 1) Pop up

2) Toaster 1)Blocked 2)Removed

1)Internet Security has blocked the high risk threat Trojan.Gen 2) IntelliGuard was enabled and 1 detected infections were successfully removed.

n/a n/a n/a 1 1

50 AVA none none none n/a n/a n/a 1 1 50 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse

Generic23.BZMQ Detected on open. (default: Move to Vault)

n/a n/a n/a 1 1


Generic.Banker.Delf.AE29F565 Access to this file has been denied.



1


Threat: Win32/Spy.Banker.WJQ trojan Connection terminated - quarantined

n/a n/a n/a 1 1

50 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Generic.Banker.Delf.AE29F565 (Engine A). File: 10368policia-inglesa-divullga-fotos-do-corpo-da-cantora-amy-winehouse-WVA[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.

na na na 1 1


High Security Risk Found! Trojan (10ea3e230) na na na 1 1


Incid

ent

Incid

ent

Incid

ent

Incid

ent

Pro

duct

Pro

duct

Pro

duct

Pro

duct

Ale

rtA

lert

Ale

rtA

lert

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(intr

o)

(intr

o)

(intr

o)

(intr

o)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(i

ntr

o)

(intr

o)

(intr

o)

(intr

o)

Ale

rtA

lert

Ale

rtA

lert

(m

anual)

(manual)

(manual)

(manual)

Eff

ect

Eff

ect

Eff

ect

Eff

ect

(manual)

(manual)

(manual)

(manual)

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

Thre

at R

eport

(m

anual)

(manual)

(manual)

(manual)

Com

ple

te

Com

ple

te

Com

ple

te

Com

ple

te

Rem

eR

em

eR

em

eR

em

edia

tion

dia

tion

dia

tion

dia

tion

Defe

nded

Defe

nded

Defe

nded

Defe

nded

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Neutr

aliz

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed

Com

pro

mis

ed



(1) Access Denied. The request URL cannot be provided. URL: http:// winehouse DOT dyndns DOT tv / pop-arte / noticia / 2011 / 07 / 103684policia-inglesa-divulga-fotos-do-corpo-da-cantora-amy-winhouse-WVA.exe; (2) Denied: Trojan.Win32.Hosts2.gen

na na na 1 1

50 MIS toaster (2x)

Removed (2x) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.bfr!cj (Trojan) (2x)

na na na 1 1

50 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Trojan:Win32/Comrerop. Recommended action: Remove.

na na na 1 1

50 NIS Toaster Removed 103684policia-inglesea-divulga-fotos-do-corpo-da-contora-amy-winehouse-wva[1].exe is not safe and has been removed.

n/a n/a n/a 1 1


n/a n/a n/a 1 1

50 PCT 1)Pop up 2)Toaster 3)Toaster

1) Block 2) Quarantined 3) Removed

1)Internet Security has blocked the medium risk threat: Trojan-PWS.Bancos!rem. 2) Download Guard detected threat in 103684POLICIA-INGLESA-DIVULGA-FOTOS-DO-CORPO-DA-CONTORA-AMY-WINEHOUSE-WVA[1].exe this file has been automatically quarantined for your protection. 3)IntelliGuard was enabled and 1 detected infections were successfully removed.

n/a n/a n/a 1 1


APPENDIX D: TOOLS

Ebtables

http://ebtables.sourceforge.net

The ebtables program is a filtering tool for a bridging firewall. It can be used to force network traffic transparently

through the Squid proxy.

Fiddler2

www.fiddlertool.com

A web traffic (HTTP/S) debugger used to capture sessions when visiting an infected site using a verification target

system (VTS).

HTTPREPLAY

www.microsoft.com

A SOCKTRC plug-in enabling the analysis and replaying of HTTP traffic.

Process Explorer

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Process Explorer shows information about which handles and DLLs processes have opened or loaded. It also

provides a clear and real-time indication when new processes start and old ones stop.

Process Monitor


Process Monitor is a monitoring tool that shows real-time file system, Registry and process/thread activity.

Regshot

http://sourceforge.net/projects/regshot

Regshot is an open-source Registry comparison utility that takes a snapshot of the Registry and compares it with a

second one.

Squid

www.squid-cache.org

Squid is a caching web proxy that supports HTTP, HTTPS, FTP and other protocols.

Tcpdump

www.tcpdump.org

Tcpdump is a packet capture utility that can create a copy of network traffic, including binaries.

TcpView


TcpView displays network connections to and from the system in real-time.

Windows Command-Line Tools

Those used included 'systeminfo' and 'sc query'. The systeminfo command "enables an administrator to query for

basic system configuration information". The sc command is "used for communicating with the NT Service

Controller and services.

Wireshark

www.wireshark.org

Wireshark is a network protocol analyzer capable of storing network traffic, including binaries, for later analysis.


APPENDIX E: TERMS OF THE TEST

This test was sponsored by Symantec.

The test rounds were conducted between 14/07/2011 and 26/07/2011 using the most up to date versions of the

software available on any given day.

All products were able to communicate with their back-end systems over the internet.

The products selected for this test were chosen by Symantec.

Samples were located and verified by Dennis Technology Labs.

Products were exposed to threats within 24 hours of the same threats being verified. In practice there was only a

delay of up to three to four hours.

Details of the samples, including their URLs and code, were provided to Symantec only after the test was complete.