Discussione: Prevenire è meglio che curare :) Software HIPS
View Single Post
Old 21-06-2010, 13:31   #2485
nV 25
Bannato
 
L'Avatar di nV 25
 
Iscritto dal: Jan 2003
Città: Lucca
Messaggi: 9119
Personalmente mi accontento di un misero 330/340 registrabile su account amministratore senza dover rispondere ad un singolo pop up...



E se mi affidassi a qualcos'altro, come era stato peraltro per il periodo in cui ho utilizzato MD, mi affiderei *solo* ad una software house capace di garantirmi un supporto realmente di qualità anche se il prezzo da pagare per questo valore aggiunto fosse per l'appunto un esborso monetario...


---------------------------------
Per chi fosse interessato, riporto sotto gli elementi salienti del log "catturati" da dw durante l'esecuzione di CLT.exe stesso:
Codice:
DefenseWall log file

06.21.2010  13:51:33, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to set value Userinit within the key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ (Registry)

06.21.2010  13:51:33, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to set value servicedll within the key HKLM\SYSTEM\ControlSet001\services\SENS\Parameters\ (Registry)

06.21.2010  13:51:33, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to set value StartupPrograms within the key HKLM\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd\ (Registry)

06.21.2010  13:51:33, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to set value AppInit_DLLs within the key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ (Registry)

06.21.2010  13:51:33, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to send message 52C into the window of the process C:\Windows\explorer.exe. (Shatter)

06.21.2010  13:51:33, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to post message 52C into the window of the process C:\Windows\explorer.exe. (Shatter)

........

06.21.2010  13:51:34, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to overwrite file (overwrite_if) C:\Users\n V 2 5\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg (File )

06.21.2010  13:51:34, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to send message 52C into the window of the process C:\Windows\explorer.exe. (Shatter)

06.21.2010  13:51:34, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to post message 52C into the window of the process C:\Windows\explorer.exe. (Shatter)

............

06.21.2010  13:51:34, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to overwrite file (overwrite_if) C:\Users\n V 2 5\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg (File )

06.21.2010  13:51:34, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to post message 3E8 into the window of the process C:\Program Files\Mozilla Firefox\firefox.exe. (Shatter)

06.21.2010  13:51:33, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to use BITS service for data manipulation (Process)

06.21.2010  13:51:29, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to use BITS service for data manipulation (Process)

06.21.2010  13:51:29, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to post message 3E6 into the window of the process C:\Program Files\Internet Explorer\iexplore.exe. (Shatter)

06.21.2010  13:51:13, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to set value ProxyEnable within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ (Registry)

06.21.2010  13:51:13, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Internet connections are blocked (Network)

06.21.2010  13:51:13, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to open protected file C:\Users\n V 2 5\AppData\Roaming\Microsoft\Windows\Cookies\ (Resource isolation)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to call system debug control with the 10 code (System debugger)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to set windows event hook with module C:\Users\n V 2 5\Desktop\CLT\plugins\SetWinEventHook.dl (Hook)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, 1:Attempt to create global windows hook with module C:\Users\n V 2 5\Desktop\CLT\plugins\SetWindowsHook.dll (Hook)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to open thread in process C:\Windows\explorer.exe (Process)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to create new key HKLM\SYSTEM\ControlSet001\services\new_service\ (Registry)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to open process C:\Windows\System32\svchost.exe (Process)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to manipulate KnownDlls section \KnownDlls\advapi32.dll (File )

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to create KnownDlls section \knowndlls\advapi32.dll (File )

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to open process C:\Windows\System32\svchost.exe (Process)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to open thread in process C:\Windows\System32\svchost.exe (Process)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to open process C:\Windows\explorer.exe (Process)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\services\dwall\ (Resource isolation)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to create new file C:\Users\n V 2 5\AppData\Local\Temp\esihdrv.sys (File )

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to create new file C:\Users\n V 2 5\AppData\Local\Temp\esihdrv.sys (File )

....

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to load and execute module C:\Users\n V 2 5\Desktop\CLT\driver.sys (Process)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to create new file C:\Windows\System32\drivers\beep.sys_old (File )

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to create new file C:\Windows\System32\drivers\beep.sys_old (File )

....

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to overwrite file (overwrite_if) C:\Windows\System32\drivers\beep.sys (File )

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to overwrite file (overwrite_if) C:\Windows\System32\drivers\beep.sys (File )

....

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, 4:Attempt to change service (Service)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, 4:Attempt to change service (Service)

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to rename file C:\Program Files\Mozilla Firefox\firefox.exe (File )

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to read directly from the disk \Device\Harddisk0\DR0 (File )

06.21.2010  13:50:53, module C:\Users\n V 2 5\Desktop\CLT\clt.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\services\dwall\ (Resource isolation)
Ultima modifica di nV 25 : 21-06-2010 alle 13:45.
nV 25 è offline   Rispondi citando il messaggio o parte di esso