PC Anti-Virus Protection 2012
13 POPULAR ANTI-VIRUS PROGRAMS COMPARED FOR EFFECTIVENESS
Dennis Technology Labs, 26/07/2011
www.DennisTechnologyLabs.com
This test aims to compare the effectiveness of the most recent releases of popular anti-virus software1. The products
include those from Kaspersky, McAfee, Microsoft, Symantec (Norton) and Trend Micro, as well as free versions
from Avast, AVG and Avira. Other products include those from BitDefender, ESET, G Data, K7 and PC Tools.
The tests were conducted between 14/07/2011 and 26/07/2011 using the most up to date versions of the software
available.
A total of 13 products were exposed to genuine internet threats that real customers could have encountered during
the test period. Crucially, this exposure was carried out in a realistic way, reflecting a customer’s experience as closely
as possible. For example, each test system visited real, infected websites that significant numbers of internet users
were encountering at the time of the test. These results reflect what would have happened if those users were using
one of the products tested.
EXECUTIVE SUMMARY
Products that block attacks early tended to protect the system more fully
The nature of web-based attacks means that the longer malware has access to a system, the more chances it has of
downloading and installing further threats. Products that blocked the malicious and infected websites from the start
reduced the risk of compromise by secondary and further downloads.
100 per cent protection is rare
This test recorded an average protection score of 87.5 per cent. New threats appear online frequently and it is
inevitable that there will be times when specific security products are unable to protect against some of these threats.
The products rarely prevented the installation of legitimate applications
With the exception of K7 TotalSecurity 11, most products were fairly accurate when it came to classifying legitimate
applications. That said, only three of the products were 100 per cent accurate in this part of the test.
Simon Edwards, Dennis Technology Labs
1
The latest available products were used in the test:
Avast! Free AntiVirus 6
AVG Anti-Virus Free Edition 2011
Avira Antivir Personal Free Antivirus
BitDefender Internet Security 2011
ESET Smart Security 4
G Data InternetSecurity 2012
K7 Total Security 11
PC Anti-Virus Protection 2012
Kaspersky Internet Security 2012
McAfee Internet Security 2011
Microsoft Security Essentials 2.1
Norton Internet Security 2012
PC Tools Internet Security 8
Trend Micro Titanium Internet Security 2011
Page 1 of 106
CONTENTS
Executive summary ..................................................................................................................................................................... 1
Contents ........................................................................................................................................................................................ 2
1. Total Accuracy Ratings........................................................................................................................................................... 3
2. Protection Ratings ................................................................................................................................................................... 5
3. Protection Scores..................................................................................................................................................................... 7
4. Protection Details .................................................................................................................................................................... 9
5. False Positives ........................................................................................................................................................................ 11
6. The Tests ................................................................................................................................................................................ 16
7. Test Details ............................................................................................................................................................................. 18
8. Conclusions ............................................................................................................................................................................ 22
Appendix A: Terms ................................................................................................................................................................... 23
Appendix B: Legitimate Samples ............................................................................................................................................ 24
Appendix C: Threat Report ..................................................................................................................................................... 29
Appendix D: Tools .................................................................................................................................................................. 105
Appendix E: Terms of the Test ............................................................................................................................................ 106
PC Anti-Virus Protection 2012
Page 2 of 106
1. TOTAL ACCURACY RATINGS
The security products on test are expected to prevent threats from attacking the target systems successfully. They
should also allow users to install legitimate software unhampered. The scoring system used in this test penalises
products when they fail to achieve these goals and rewards those that excel.
Products gain points for stopping threats successfully and lose points for failing to stop them. They also lose points
for handling legitimate files incorrectly, while gaining points for allowing users to install them. Each product then
receives a final rating based on its performance in each of the ‘threat’ and ‘legitimate software’ tests.
The following results show a combined accuracy rating, taking into account each product’s performance with both
threats and non-malicious software. There is a maximum possible score of 150 and a minimum of -350.
See 5. False Positives for detailed results and an explanation on how the false positive ratings are calculated.
Total Accuracy
79.25
80
114.9
103
84.75
70
104
90
132
136.5
145
137.75
122
110
145.5
130
146
150
50
30
Total
10
-10
There is only a fractional difference between the top three products. Norton Internet Security 2012, G Data
Internet Security 2012 and ESET Smart Security 4 are all within one point of each other.
PC Anti-Virus Protection 2012
Page 3 of 106
TOTAL ACCURACY
Product
Accuracy Score
Symantec Norton Internet Security 2012
146
G Data InternetSecurity 2012
145.5
ESET Smart Security 4
145
Kaspersky Internet Security 2012
137.75
Trend Micro Titanium Internet Security 2011
136.5
Avast Free Antivirus 6.0
132
Microsoft Security Essentials 2.1
122
PC Tools Internet Security 8
114.9
Avira Antivir Personal Free Antivirus
104
BitDefender Internet Security 2011
103
K7 TotalSecurity 11
84.75
AVG Anti-Virus Free Edition 2011
80
McAfee Internet Security 2011
79.25
PC Anti-Virus Protection 2012
Page 4 of 106
2. PROTECTION RATINGS
The following results show how each product has been scored for its accuracy in detecting and handling malware
only. They do not take into account false positives.
We awarded two points for defending against a threat, one for neutralizing it and deducted two points every time a
product allowed the system to be compromised. The best possible score is 100 and the worst is -100.
The reason behind this score weighting is to give credit to products that deny malware an opportunity to tamper
with the system and to penalize those that allow malware to damage it. It is quite possible that a compromised
system will be made unstable, or even unusable without expert knowledge. Even if active malware was removed, we
considered such damaged systems to count as being compromised.
The Norton product defended against 49 out of the 50 threats, so it scores 96. It gains double points for each
defense (2x 49), totaling 98. It then loses two points because it was compromised once, ending up with 96 points. G
Data’s product was the only one to avoid all compromises. It scored the same number of points as the Norton
product, however, because it defended against 46 threats but neutralized four of them. Its score is calculated like
this: (2x46) + (4x1) = 96.
30
33
48
55
55
72
73
85
88
93
95
96
100
90
80
70
60
50
40
30
20
10
0
96
Protection Ratings
Symantec’s Norton product ties with G Data’s software, even though G Data InternetSecurity 2012 was the
only one to protect against all the internet threats used (see 3. Protection Scores).
PC Anti-Virus Protection 2012
Page 5 of 106
PROTECTION RATINGS
G Data InternetSecurity 2012
Target
Defended
46
Target
Neutralized
4
Target
Compromised
0
Protection
Rating
96
Symantec Norton Internet Security 2012
49
0
1
96
ESET Smart Security 4
48
1
1
95
Kaspersky Internet Security 2012
46
3
1
93
Trend Micro Titanium Internet Security 2011
47
0
3
88
Avast Free Antivirus 6.0
44
3
3
85
PC Tools Internet Security 8
38
7
5
73
Microsoft Security Essentials 2.1
40
4
6
72
Avira Antivir Personal Free Antivirus
35
5
10
55
BitDefender Internet Security 2011
35
5
10
55
K7 TotalSecurity 11
28
12
10
48
AVG Anti-Virus Free Edition 2011
28
7
15
33
McAfee Internet Security 2011
28
6
16
30
Product
PC Anti-Virus Protection 2012
Page 6 of 106
3. PROTECTION SCORES
The following illustrates the general level of protection provided by each of the security products, combining the
defended and neutralized incidents into an overall figure. This figure is not weighted with an arbitrary scoring system
as it was in 1. Total Accuracy Ratings and 2. Protection Ratings.
The average protection levels afforded by the tested products, when exposed to the threats used in this test, was
87.5 per cent. Above average products included Microsoft Security Essentials and all those products to its left on the
graph below. In this test two of the above-average products are free for non-commercial use.
Protection Scores
50
40
30
20
10
0
Two out of the three free products performed above the average when protecting against threats.
PC Anti-Virus Protection 2012
Page 7 of 106
PROTECTION SCORES
Product
Protected Incidents
Percentage of Incidents
G Data InternetSecurity 2012
50
100%
Kaspersky Internet Security 2012
49
98%
Symantec Norton Internet Security 2012
49
98%
ESET Smart Security 4
49
98%
Trend Micro Titanium Internet Security
2011
Avast Free Antivirus 6.0
47
94%
47
94%
PC Tools Internet Security 8
45
90%
Microsoft Security Essentials 2.1
44
88%
Avira Antivir Personal Free Antivirus
40
80%
BitDefender Internet Security 2011
40
80%
K7 TotalSecurity 11
40
80%
AVG Anti-Virus Free Edition 2011
35
70%
McAfee Internet Security 2011
34
68%
(Average: 87.5 per cent)
PC Anti-Virus Protection 2012
Page 8 of 106
4. PROTECTION DETAILS
The security products provided different levels of protection. When a product defended against a threat, it
prevented the malware from gaining a foothold on the target system. A threat might have been able to infect the
system and, in some cases, the product neutralized it later. When it couldn’t, the system was compromised.
The graph below shows that the most successful products tended to defend, rather than neutralize, the threats.
Between them the top five products only neutralized eight threats, while they defended a total of 236. They were
compromised just six times. The five least effective products, on the other hand, neutralized 35 threats and
defended just 154. They were compromised a total of 61 times.
Protection Details
50
45
40
35
30
25
20
15
10
5
0
Target Compromised
Target Neutralized
Target Defended
The most successful products tended to defend rather than neutralize, blocking the threats early in the
attack.
PC Anti-Virus Protection 2012
Page 9 of 106
PROTECTION DETAILS
Product
Target Defended
Target Neutralized
Target Compromised
G Data InternetSecurity 2012
46
4
0
Symantec Norton Internet
Security 2012
ESET Smart Security 4
49
0
1
48
1
1
Kaspersky Internet Security
2012
Trend Micro Titanium
Internet Security 2011
Avast Free Antivirus 6.0
46
3
1
47
0
3
44
3
3
PC Tools Internet Security 8
38
7
5
Microsoft Security Essentials
2.1
Avira Antivir Personal Free
Antivirus
BitDefender Internet Security
2011
K7 TotalSecurity 11
40
4
6
35
5
10
35
5
10
28
12
10
AVG Anti-Virus Free Edition
2011
McAfee Internet Security
2011
28
7
15
28
6
16
PC Anti-Virus Protection 2012
Page 10 of 106
5. FALSE POSITIVES
5.1 False positive scores
A security product needs to be able to protect the system from threats, while allowing legitimate software to work
properly. When legitimate software is misclassified a false positive is generated. We split the results into two main
groups because the products all took one of two approaches when attempting to protect the system from the
legitimate programs. They either warned that the software was suspicious or took the more decisive step of blocking
it.
Blocking a legitimate application is more serious than issuing a warning because it directly hampers the user. In this
test the number of warnings (22) was very close to the number of times a product blocked an application (21).
The graph below includes the number and type of false positive that each product generated.
False Positive Scores
9
8
7
6
5
4
3
2
1
Avast Free Antivirus 6.0
AVG Anti-Virus Free Edition 2011
Avira Antivir Personal Free Antivirus
BitDefender Internet Security 2011
ESET Smart Security 4
G Data InternetSecurity 2012
K7 TotalSecurity 11
Kaspersky Internet Security 2012
McAfee Internet Security 2011
Microsoft Security Essentials 2.1
PC Tools Internet Security 8
Symantec Norton Internet Security 2012
Trend Micro Titanium Internet Security 2011
Avast Free Antivirus 6.0
AVG Anti-Virus Free Edition 2011
Avira Antivir Personal Free Antivirus
BitDefender Internet Security 2011
ESET Smart Security 4
G Data InternetSecurity 2012
K7 TotalSecurity 11
Kaspersky Internet Security 2012
McAfee Internet Security 2011
Microsoft Security Essentials 2.1
PC Tools Internet Security 8
Symantec Norton Internet Security 2012
Trend Micro Titanium Internet Security 2011
0
Warnings
Total
Blockings
When generating a false positive the products were as likely to block as they were to warn against
legitimate applications. However, overall there were relatively few false positives in this test.
PC Anti-Virus Protection 2012
Page 11 of 106
FALSE POSITIVE SCORES
False Positive Type
Warnings
Blockings
PC Anti-Virus Protection 2012
Product
Total
Avira Antivir Personal Free Antivirus
0
BitDefender Internet Security 2011
0
ESET Smart Security 4
0
G Data InternetSecurity 2012
0
Microsoft Security Essentials 2.1
0
PC Tools Internet Security 8
0
Symantec Norton Internet Security 2012
0
Trend Micro Titanium Internet Security
2011
AVG Anti-Virus Free Edition 2011
0
McAfee Internet Security 2011
2
Avast Free Antivirus 6.0
4
Kaspersky Internet Security 2012
6
K7 TotalSecurity 11
8
ESET Smart Security 4
0
Kaspersky Internet Security 2012
0
McAfee Internet Security 2011
0
Microsoft Security Essentials 2.1
0
Symantec Norton Internet Security 2012
0
Avira Antivir Personal Free Antivirus
1
G Data InternetSecurity 2012
1
AVG Anti-Virus Free Edition 2011
2
Trend Micro Titanium Internet Security
2011
Avast Free Antivirus 6.0
2
BitDefender Internet Security 2011
3
K7 TotalSecurity 11
4
PC Tools Internet Security 8
5
2
3
Page 12 of 106
5.2 Taking file prevalence into account
The prevalence of each file is significant. If a product misclassified a common file then the situation would be more
serious than if it failed to detect a less common one. That said, it is usually expected that anti-malware programs
should not misclassify any legitimate software.
The files selected for the false positive testing were organized into five groups: Very High Impact, High Impact,
Medium Impact, Low Impact and Very Low Impact. These categories were based on download numbers as
reported by sites including Download.com at the time of testing. The ranges for these categories are recorded in the
table below:
FALSE POSITIVE PREVALENCE CATEGORIES
Impact category
Prevalence (downloads in the previous week)
Very High Impact
>20,000
High Impact
1,000 – 20,000
Medium Impact
100 – 999
Low Impact
25 – 99
Very Low Impact
< 25
5.3 Modifying scores
The following set of score modifiers were used to create an impact-weighted accuracy score. Each time a product
allowed a new legitimate program to install and run it was awarded one point. It lost points (or fractions of a point)
if and when it generated a false positive. We used the following score modifiers:
FALSE POSITIVE PREVALENCE SCORE MODIFIERS
False positive action
Impact category
Score modifier
Blocked
Very High Impact
-5
High Impact
-2
Medium Impact
-1
Low Impact
-0.5
Very Low Impact
-0.1
Very High Impact
-2.5
High Impact
-1
Medium Impact
-0.5
Low Impact
-0.25
Very Low Impact
-0.05
Warning
PC Anti-Virus Protection 2012
Page 13 of 106
5.4 Distribution of impact categories
Products that scored highest were the most accurate when handling the legitimate applications used in the test. The
best score possible is 50, while the worst would be -250 (assuming that all applications were classified as Very High
Impact and were blocked). In fact the distribution of applications in the impact categories was not restricted only to
Very High Impact. The table below shows the true distribution:
FALSE POSITIVE CATEGORY FREQUENCY
Impact category
Number of instances
Very High Impact
7
High Impact
9
Medium Impact
16
Low Impact
8
Very Low Impact
10
PC Anti-Virus Protection 2012
Page 14 of 106
5.5 False positive ratings
Combining the impact categories with weighted scores produces the following false positive accuracy ratings.
False Positive Ratings
50
45
40
35
30
25
20
15
10
5
0
Total
When a product misclassified a popular program it faced a stronger penalty than if the file was more obscure.
FALSE POSITIVE RATINGS
Product
Accuracy score
ESET Smart Security 4
50
Symantec Norton Internet Security 2012
50
Microsoft Security Essentials 2.1
50
G Data InternetSecurity 2012
49.5
McAfee Internet Security 2011
49.25
Avira Antivir Personal Free Antivirus
49
Trend Micro Titanium Internet Security 2011
48.5
BitDefender Internet Security 2011
48
Avast Free Antivirus 6.0
47
AVG Anti-Virus Free Edition 2011
47
Kaspersky Internet Security 2012
44.75
PC Tools Internet Security 8
41.9
PC Anti-Virus Protection 2012
Page 15 of 106
6. THE TESTS
6.1 The threats
Providing a realistic user experience was important in order to illustrate what really happens when a user encounters
a threat on the internet. For example, in these tests web-based malware was accessed by visiting an original, infected
website using a web browser, and not downloaded from a CD or internal test website.
All target systems were fully exposed to the threats. This means that any exploit code was allowed to run, as were
other malicious files, They were run and permitted to perform exactly as they were designed to, subject to checks
made by the installed security software. A minimum time period of five minutes was provided to allow the malware
an opportunity to act.
6.2 Test rounds
Tests were conducted in rounds. Each round recorded the exposure of every product to a specific threat. For
example, in ‘round one’ each of the products were exposed to the same malicious website.
At the end of each round the test systems were completely reset to remove any possible trace of malware before the
next test began.
Each ‘round’ exposed every product to one specific threat. The partial set of records for round five (highlighted above)
shows a range of responses to a particular threat. In this example products from Avira, BitDefender, ESS and
Kaspersky allowed the threat to compromise the systems, while the Microsoft product neutralized the threat. The
remaining products blocked the threat early, defending against it.
6.3 Monitoring
Close logging of the target systems was necessary to gauge the relative successes of the malware and the antimalware software. This included recording activity such as network traffic, the creation of files and processes and
changes made to important files.
6.4 Levels of protection
The products displayed different levels of protection. Sometimes a product would prevent a threat from executing,
or at least making any significant changes to the target system. In other cases a threat might be able to perform some
tasks on the target, after which the security product would intervene and remove some or all of the malware. Finally,
a threat may be able to bypass the security product and carry out its malicious tasks unhindered. It may even be able
to disable the security software. Occasionally Windows' own protection system might handle a threat while the antivirus program ignored it. Another outcome is that the malware may crash for various reasons. The different levels
of protection provided by each product were recorded following analysis of the log files.
If malware failed to perform properly in a given incident, perhaps because of the very presence of the security
product, rather than any specific defending action that the product took, the product was given the benefit of the
doubt and a Defended result was recorded. If the test system was damaged, becoming hard to use following an
PC Anti-Virus Protection 2012
Page 16 of 106
attempted attack, this was counted as a compromise even if the active parts of the malware had eventually been
removed by the product.
6.5 Types of protection
All of the products tested provided two main types of protection: real-time and on-demand. Real-time protection
monitors the system constantly in an attempt to prevent a threat from gaining access. On-demand protection is
essentially a ‘virus scan’ that is run by the user at an arbitrary time.
The test results note each product’s behavior when a threat is introduced and afterwards. The real-time protection
mechanism was monitored throughout the test, while an on-demand scan was run towards the end of each test to
measure how safe the product determined the system to be. Manual scans were run only when a tester determined
that malware had made an interaction with the target system. In other words, if the security product claimed to
block the attack at the initial stage, and the monitoring logs supported this claim, the case was considered closed and
a Defended result was recorded.
PC Anti-Virus Protection 2012
Page 17 of 106
7. TEST DETAILS
7.1 The targets
To create a fair testing environment, each product was installed on a clean Windows XP Professional target system.
The operating system was updated with Windows XP Service Pack 3 (SP3), although no later patches or updates
were applied.
We test with Windows XP SP3 and Internet Explorer 7 due to the high prevalence of internet threats that rely on
this combination. The prevalence of these threats suggests that there are many systems with this level of patching
currently connected to the internet.
A selection of legitimate but old software was pre-installed on the target systems. These posed security risks, as they
contained known vulnerabilities. They included out of date versions of Adobe Flash Player and Adobe Reader.
A different security product was then installed on each system. Each product’s update mechanism was used to
download the latest version with the most recent definitions and other elements. Due to the dynamic nature of the
tests, which were carried out in real-time with live malicious websites, the products' update systems were allowed to
run automatically and were also run manually before each test round was carried out. The products were also
allowed to 'call home' should they be programmed to query databases in real-time. Some products might
automatically upgrade themselves during the test. At any given time of testing, the very latest version of each
program was used.
Each target system contained identical hardware, including an Intel Core 2 Duo processor, 1GB RAM, a 160GB
hard disk and a DVD-ROM drive. Each was connected to the internet via its own virtual network (VLAN) to avoid
malware cross-infecting other targets.
7.2 Threat selection
The malicious web links (URLs) used in the tests were picked from lists generated by Dennis Technology Labs’ own
malicious site detection system, which uses popular search engine keywords submitted to Google. It analyses sites
that are returned in the search results from a number of search engines and adds them to a database of malicious
websites. In all cases, a control system (Verification Target System - VTS) was used to confirm that the URLs linked
to actively malicious sites.
Malicious URLs and files are not shared with any vendors during the testing process.
7.3 Test stages
There were three main stages in each individual test:
1.
2.
3.
Introduction
Observation
Remediation
During the Introduction stage, the target system was exposed to a threat. Before the threat was introduced, a snapshot
was taken of the system. This created a list of Registry entries and files on the hard disk. We used Regshot (see
Appendix D: Tools) to take and compare system snapshots. The threat was then introduced.
Immediately after the system’s exposure to the threat, the Observation stage is reached. During this time, which
typically lasted at least 10 minutes, the tester monitored the system both visually and using a range of third-party
tools. The tester reacted to pop-ups and other prompts according to the directives described below (see 7.6
Observation and intervention).
In the event that hostile activity to other internet users was observed, such as when spam was being sent by the
target, this stage was cut short. The Observation stage concluded with another system snapshot. This ‘exposed’
snapshot was compared to the original ‘clean’ snapshot and a report generated. The system was then rebooted.
PC Anti-Virus Protection 2012
Page 18 of 106
The Remediation stage is designed to test the products’ ability to clean an infected system. If it defended against the
threat in the Observation stage then we skipped this stage. An on-demand scan was run on the target, after which a
‘scanned’ snapshot was taken. This was compared to the original ‘clean’ snapshot and a report was generated. All log
files, including the snapshot reports and the product’s own log files, were recovered from the target. In some cases
the target became so damaged that log recovery was considered impractical. The target was then reset to a clean
state, ready for the next test.
7.4 Threat introduction
Malicious websites were visited in real-time using Internet Explorer. This risky behavior was conducted using live
internet connections. URLs were typed manually into Internet Explorer’s address bar.
Web-hosted malware often changes over time. Visiting the same site over a short period of time can expose systems
to what appear to be a range of threats (although it may be the same threat, slightly altered to avoid detection). Also,
many infected sites will only attack a particular IP address once, which makes it hard to test more than one product
against the same threat.
In order to improve the chances that each target system received the same experience from a malicious web server,
we used a web replay system. When the verification target systems visited a malicious site, the page’s content,
including malicious code, was downloaded, stored and loaded into the replay system. When each target system
subsequently visited the site, it received exactly the same content.
The network configurations were set to allow all products unfettered access to the internet throughout the test,
regardless of the web replay systems.
7.5 Secondary downloads
Established malware may attempt to download further files (secondary downloads), which are stored in a cache by a
proxy on the network and re-served to other targets in some circumstances. These circumstances include cases
where:
1.
2.
The download request is made using HTTP (e.g. http://badsite.example.com/...) and
The same filename is requested each time (e.g. badfile1.exe)
There are scenarios in which target systems receive different secondary downloads. These include cases where:
1.
2.
The download request is made using HTTPS or a non-web protocol such as FTP or
A different filename is requested each time (e.g. badfile2.exe; random357.exe)
PC Anti-Virus Protection 2012
Page 19 of 106
7.6 Observation and intervention
Throughout each test, the target system was observed both manually and in real-time. This enabled the tester to take
comprehensive notes about the system’s perceived behavior, as well as to compare visual alerts with the products’
log entries. At certain stages the tester was required to act as a regular user. To achieve consistency, the tester
followed a policy for handling certain situations, including dealing with pop-ups displayed by products or the
operating system, system crashes, invitations by malware to perform tasks and so on.
This user behavior policy included the following directives:
1.
2.
3.
4.
5.
6.
Act naively. Allow the threat a good chance to introduce itself to the target by clicking OK to malicious
prompts, for example.
Don’t be too stubborn in retrying blocked downloads. If a product warns against visiting a site, don’t take
further measures to visit that site.
Where malware is downloaded as a Zip file, or similar, extract it to the Desktop then attempt to run it. If
the archive is protected by a password, and that password is known to you (e.g. it was included in the body
of the original malicious email), use it.
Always click the default option. This applies to security product pop-ups, operating system prompts
(including Windows firewall) and malware invitations to act.
If there is no default option, wait. Give the prompt 20 seconds to choose a course of action automatically.
If no action is taken automatically, choose the first option. Where options are listed vertically, choose the
top one. Where options are listed horizontally, choose the left-hand one.
7.7 Remediation
When a target is exposed to malware, the threat may have a number of opportunities to infect the system. The
security product also has a number of chances to protect the target. The snapshots explained in 7.3 Test stages
provided information that was used to analyze a system’s final state at the end of a test.
Before, during and after each test, a ‘snapshot’ of the target system was taken to provide information about what
had changed during the exposure to malware. For example, comparing a snapshot taken before a malicious website
was visited to one taken after might highlight new entries in the Registry and new files on the hard disk. Snapshots
were also used to determine how effective a product was at removing a threat that had managed to establish itself on
the target system. This analysis gives an indication as to the levels of protection that a product has provided.
These levels of protection have been recorded using three main terms: defended, neutralized, and compromised. A
threat that was unable to gain a foothold on the target was defended against; one that was prevented from continuing
its activities was neutralized; while a successful threat was considered to have compromised the target.
A defended incident occurs where no malicious activity is observed with the naked eye or third-party monitoring
tools following the initial threat introduction. The snapshot report files are used to verify this happy state.
If a threat is observed to run actively on the system, but not beyond the point where an on-demand scan is run, it is
considered to have been neutralized. Comparing the snapshot reports should show that malicious files were created
and Registry entries were made after the introduction. However, as long as the ‘scanned’ snapshot report shows that
either the files have been removed or the Registry entries have been deleted, the threat has been neutralized.
The target is compromised if malware is observed to run after the on-demand scan. In some cases a product might
request a further scan to complete the removal. We considered secondary scans to be acceptable, but further scan
requests would be ignored. Even if no malware was observed, a compromise result was recorded if snapshot reports
showed the existence of new, presumably malicious files on the hard disk, in conjunction with Registry entries
designed to run at least one of these files when the system booted. An edited ‘hosts’ file or altered system file also
counted as a compromise.
7.8 Automatic monitoring
Logs were generated using third-party applications, as well as by the security products themselves. Manual
observation of the target system throughout its exposure to malware (and legitimate applications) provided more
PC Anti-Virus Protection 2012
Page 20 of 106
information about the security products’ behavior. Monitoring was performed directly on the target system and on
the network.
Client-side logging
A combination of Process Explorer, Process Monitor, TcpView and Wireshark were used to monitor the target
systems. Regshot was used between each testing stage to record a system snapshot. A number of Dennis
Technology Labs-created scripts were also used to provide additional system information. Each product was able to
generate some level of logging itself.
Process Explorer and TcpView were run throughout the tests, providing a visual cue to the tester about possible
malicious activity on the system. In addition, Wireshark’s real-time output, and the display from the web proxy (see
Network logging, below), indicated specific network activity such as secondary downloads.
Process Monitor also provided valuable information to help reconstruct malicious incidents. Both Process Monitor
and Wireshark were configured to save their logs automatically to a file. This reduced data loss when malware
caused a target to crash or reboot.
In-built Windows commands such as 'systeminfo' and 'sc query' were used in custom scripts to provide additional
snapshots of the running system's state.
Network logging
All target systems were connected to a live internet connection, which incorporated a transparent web proxy and a
network monitoring system. All traffic to and from the internet had to pass through this system. Further to that, all
web traffic had to pass through the proxy as well. This allowed the testers to capture files containing the complete
network traffic. It also provided a quick and easy view of web-based traffic, which was displayed to the testers in
real-time.
The network monitor was a dual-homed Linux system running as a transparent router, passing all web traffic
through a Squid proxy.
An HTTP replay system ensured that all target systems received the same malware as each other. It was configured
to allow access to the internet so that products could download updates and communicate with any available ‘in the
cloud’ servers.
PC Anti-Virus Protection 2012
Page 21 of 106
8. CONCLUSIONS
Where are the threats?
The threats used in this test were genuine, real-life threats that were infecting victims globally at the same time as we
tested the products. In almost every case the threat was launched from a legitimate website that had been
compromised by an attacker. The types of infected or malicious sites were varied, which demonstrates that effective
anti-virus software is essential for those who want to use the web using a Windows PC, whether they are looking for
pornography, music or a local taco restaurant.
The vast majority of the threats installed automatically when a user visited the infected webpage. This infection was
usually invisible to a casual observer and rarely did the malware make itself known, unless it was installing a fake
anti-virus program. These rogue applications pretend to detect viruses on the system and harass the user into paying
for a full license, which the program claims will allow it to remove the ‘infections’. In reality the only infection is the
fake anti-virus program itself.
Where does protection start?
The best-performing products were Symantec’s Norton Internet Security 2012, G Data InternetSecurity 2012,
ESET Smart Security 4, Kaspersky Internet Security 2012 and Trend Micro Titanium Internet Security 2011. These
five had one notable similarity: they all blocked threats early in the attack process, which meant that there was less
opportunity for the malware to infect the systems. The three least effective products, those from McAfee, AVG and
K7 often tackled the threat only once the malware had started to infect the system.
Sorting the wheat from the chaff
The false positive results were quite low, which shows that most of the products are not tuned too aggressively to
detect and block malware at the expense of regular programs. Notably, Norton Internet Security, Microsoft Security
Essentials and ESET Smart Security produced no false positive results at all.
Anti-virus is important (but not a panacea)
This test shows that there is a significant difference in performance between popular anti-virus programs. Most
importantly it illustrates this difference using real threats that were attacking real computers at the time of testing.
The average protection level of the tested products is 87.5 per cent (see 3. Protection Scores), which is significant.
The presence of anti-virus software can be seen to decrease the chances of a malware infection even when the only
sites being visited are proven to be actively malicious. It's worth noting, however, that a 100 per cent success rate is
rare. Even those products that performed the best in this test are unlikely to be completely bullet-proof in every
given situation.
PC Anti-Virus Protection 2012
Page 22 of 106
APPENDIX A: TERMS
Compromised
Malware continues to run on an infected system, even after an on-demand scan.
Defended
Malware was prevented from running on, or making changes to, the target.
False Positive
A legitimate application was incorrectly classified as being malicious.
Introduction
Test stage where a target system is exposed to a threat.
Neutralized
Malware was able to run on the target, but was then removed by the security product.
Observation
Test stage during which malware may affect the target.
On-demand (protection)
Manual ‘virus’ scan, run by the user at an arbitrary time.
Prompt
Questions asked by software, including malware, security products and the operating
system. With security products, prompts usually appear in the form of pop-up windows.
Some prompts don’t ask questions but provide alerts. When these appear and
disappear without a user’s interaction, they are called ‘toasters’.
Real-time (protection)
The ‘always-on’ protection offered by many security products.
Remediation
Test stage that measures a product’s abilities to remove any installed threat.
Round
Test series of multiple products, exposing each target to the same threat.
Snapshot
Record of a target’s file system and Registry contents.
Target
Test system exposed to threats in order to monitor the behavior of security products.
Threat
A program or other measure designed to subvert a system.
Update
Code provided by a vendor to keep its software up to date. This includes virus
definitions, engine updates and operating system patches.
PC Anti-Virus Protection 2012
Page 23 of 106
INCIDENT
APPENDIX B: LEGITIMATE SAMPLES
PRODUCT
DESCRIPTION
OBTAINED VIA
PREVALENCE
STATS
(LAST WEEK)
PREVALENCE
STATS
SOURCE
PREVALENCE
STATS DATE
PREVALENCE
RATING
1
SlimCleaner
1.6
SlimCleaner is a cloudenhanced Windows cleaner that
uses crowd-sourcing to optimize
PC performance.
Download.com
7,565
Download.com
31/05/2011
High Impact
2
Soluto 1.2
Soluto's 'Anti-Frustration
Software' detects PC users'
frustrations, reveals their cause,
learns which actions really
eliminate them and improves
user experience.
Download.com
34,407
Download.com
31/05/2011
Very High
Impact
3
WinUtils
Free Edition
a suite of tools designed to free
up disk space and improve
system performance.
Download.com
17,799
Download.com
31/05/2011
High Impact
4
Yoono
Desktop
Access multiple social
networking accounts all in one
place with Yoono.
Download.com
63
Download.com
31/05/2011
Low Impact
5
Skype 5.3
Talk with friends and family for
free over the Internet.
Download.com
89669
Download.com
31/05/2011
Medium Impact
6
Skype
Translate
Skype Translate is tool that
allows you to translate language
real time during a text chat on
Skype.
Download.com
356
Download.com
31/05/2011
Medium Impact
7
FaceSmooch
Spice up your facebook chat
with cool Smileys, Emoticons,
Winks, Animations and many
more.
Download.com
197
Download.com
31/05/2011
Medium Impact
8
Archivarius
3000
Archivarius 3000 is a simple
program that allows users to
search their computers,
removable drives, and networks
for documents.
Download.com
2
Download.com
31/05/2011
Very Low Impact
9
FontViewOK
Portable
FontViewOK Portable creates a
quick visual overview of all
installed fonts.
Download.com
9
Download.com
31/05/2011
Very Low Impact
PC Anti-Virus Protection 2012
Page 24 of 106
INCIDENT
PRODUCT
DESCRIPTION
OBTAINED VIA
PREVALENCE
STATS
(LAST WEEK)
PREVALENCE
STATS
SOURCE
PREVALENCE
STATS DATE
PREVALENCE
RATING
10
URLStringGr
abber
URLStringGrabber is a small
utility that scans all opened
windows of Internet Explorer and
grab the URLs stored in them,
including clickable links, images,
script files, CSS files, RSS
feeds, and flash (.swf) files.
Download.com
4
Download.com
31/05/2011
Very Low Impact
11
Smart PDF
Creator 6.5
Smart PDF Creator will easily
convert files such as DOC, XLS,
HTML, RTF ,TXT to PDF format.
Download.com
1
Download.com
31/05/2011
Very Low Impact
12
Free CD
Ripper
Extract CD tracks to WAV, MP3,
or OGG audio files.
Download.com
2,275
Download.com
31/05/2011
High Impact
13
GrieeX
Movie
Archive
Program
GrieeX Movie Archive Program
is a database that lets people
keep track of the movies they
own and import a variety of
related information from the
Internet, too.
Download.com
17
Download.com
31/05/2011
Very Low Impact
14
CNET
TechTracker
Detect and download updates
for all of your installed software.
Download.com
163,172
Download.com
31/05/2011
Very High
Impact
15
UMPlayer
UMPlayer is an advanced yet
simple to use open-source
cross-platform multimedia player
that aims to fill all your needs…
Download.com
134,191
Download.com
31/05/2011
Very High
Impact
16
ContentRewrite
Content-Rewrite can rewrite any
text article, and generate
hundreds of unique content
articles
Download.com
30
Download.com
06/07/2011
Low Impact
17
Google
Chrome 11
Explore the Web using Google's
super-fast browser.
Download.com
88122
Download.com
31/05/2011
Very High
Impact
18
Netpas
Distance
Netpas Distance offers sea
travelers an opportunity to gauge
the distance between any ports
on Earth.
Download.com
445
Download.com
01/06/2011
Medium Impact
PC Anti-Virus Protection 2012
Page 25 of 106
INCIDENT
PRODUCT
DESCRIPTION
OBTAINED VIA
PREVALENCE
STATS
(LAST WEEK)
PREVALENCE
STATS
SOURCE
PREVALENCE
STATS DATE
PREVALENCE
RATING
19
QIF Viewer
A QIF Viewer, it can open up a
file you downloaded from your
financial institution or exported
from Microsoft money or quicken
or whatever.
Download.com
393
Download.com
02/06/2011
Medium Impact
20
Invoicer
Creates and prints invoices.
Download.com
203
Download.com
03/06/2011
Medium Impact
21
DKOSD Caps-Lock
Status
DKOSD shows an On Screen
Display about the status of the
Caps Lock on the keyboard.
Download.com
197
Download.com
04/06/2011
Medium Impact
22
CuteRank
Free Edition
Check and track keyword
rankings on multiple search
engines.
Download.com
24
Download.com
06/07/2011
Low Impact
23
TortoiseSVN
(32-bit)
TortoiseSVN is a really easy to
use Revision control / version
control / source control
application for Windows.
Download.com
111
Download.com
04/06/2011
Medium Impact
24
Docx
Converter
Convert Microsoft Word DOCX
documents to various formats.
Download.com
57
Download.com
04/06/2011
Low Impact
25
VRS
Recording
System
Record up to 64 audio channels
simultaneously.
Download.com
43
Download.com
04/06/2011
Low Impact
26
PowerISO
Create, edit, and encrypt
CD/DVD image files.
Download.com
91,062
Download.com
04/07/2011
Very High
Impact
27
Glary Utilities
Utilities to improve your system's
performance and protect your
privacy
Download.com
128,699
Download.com
04/07/2011
Very High
Impact
28
OpenVPN
(VPNUK)
VPNUK supports connections
over OpenVPN.
Download.com
50
n/a
04/07/2011
Low Impact
29
MemTurbo
Optimize memory and manage
computer's cache.
Download.com
641
Download.com
04/07/2011
Medium Impact
30
Ghost
Installer Free
Edition
Create single-file self-extracting
setups for your applications
Download.com
638
Download.com
04/07/2011
Medium Impact
31
PDF Plain
Text
Extractor
Convert from PDF to text,
preserving layout, with support
for multiple languages
Download.com
29
Download.com
04/07/2011
Low Impact
PC Anti-Virus Protection 2012
Page 26 of 106
INCIDENT
PRODUCT
DESCRIPTION
OBTAINED VIA
PREVALENCE
STATS
(LAST WEEK)
PREVALENCE
STATS
SOURCE
PREVALENCE
STATS DATE
PREVALENCE
RATING
32
My Drivers
Extract, back up, restore, and
update all the device drivers on
your PC.
Download.com
363
Download.com
04/07/2011
Medium Impact
33
WinDriver
Ghost
Back up and restore hardware
device drivers on your computer.
Download.com
107
Download.com
04/07/2011
Medium Impact
34
Ping-OMeter
Try this highly visual version of
an ICMP Ping program.
Download.com
3
Download.com
04/07/2011
Very Low Impact
35
Universal
Extractor
UniExtract Installer (5.3 MB) This is the recommended
download.
Download.com
72
Download.com
04/07/2011
Low Impact
36
jsMSIx.exe
A simple GUI program.
(Compiled EXE file.) Runs on all
Windows versions. No
installation necessary. The
easiest option. Unpack MSI
Download.com
10
n/a
04/07/2011
Very Low Impact
37
Simple "OneClick" MSI
Unpacker
As above, but VBScript
Download.com
10
n/a
04/07/2011
Very Low Impact
38
RoboForm
Reduce multiple passwords to
one single item.
Download.com
41375
Download.com
04/07/2011
Very High
Impact
39
SopCast
Broadcast and access videos
and radio on the Internet.
Download.com
14156
Download.com
04/07/2011
High Impact
40
Easy-Hide-IP
Hide your IP address and
prevent Internet activity tracking.
Download.com
10389
Download.com
04/07/2011
High Impact
41
Free Internet
Eraser
Protect your online privacy by
cleaning up history and past
activities.
Download.com
684
Download.com
04/07/2011
Medium Impact
42
CyberGhost
VPN
Share an IP with a number of
other users to ensure you cannot
be identified.
Download.com
7975
Download.com
04/07/2011
High Impact
43
BearFlix
Search and download videos.
Download.com
636
Download.com
04/07/2011
Medium Impact
44
Online Armor
Free
Monitor data transfer into and
from PC and get secure online
access for surfing and online
transactions.
Download.com
2315
Download.com
04/07/2011
High Impact
PC Anti-Virus Protection 2012
Page 27 of 106
INCIDENT
PRODUCT
DESCRIPTION
OBTAINED VIA
PREVALENCE
STATS
(LAST WEEK)
PREVALENCE
STATS
SOURCE
PREVALENCE
STATS DATE
PREVALENCE
RATING
45
Badongo
Buddy
Upload large media files.
Download.com
542
Download.com
04/07/2011
Medium Impact
46
WebFerret
Query multiple search engines
from your desktop at the same
time.
Download.com
807
Download.com
04/07/2011
Medium Impact
47
ExtractNow
Extract multiple archives with the
ease of a single button.
Download.com
1268
Download.com
04/07/2011
High Impact
48
PCI32
View your system hardware
information
Download.com
7
Download.com
04/07/2011
Very Low Impact
49
DU Meter
Use your Internet bandwidth
more efficiently with this realtime display of internet data
transfer
Download.com
1110
Download.com
04/07/2011
High Impact
50
Magic
Square
Generator
Search for all magic squares of
an order prescribed by the user
(in a clever way).
Download.com
6
Download.com
04/07/2011
Very Low Impact
PC Anti-Virus Protection 2012
Page 28 of 106
APPENDIX C: THREAT REPORT
Code
Product
Product
Code
Product
Code
Product
AVA
Avast! Free AntiVirus 6
GIS
G Data InternetSecurity 2012
NIS
Symantec Norton Internet Security 2012
AVG
AVG Anti-Virus Free Edition 2011
K7
K7 Total Security 11
PCT
PC Tools Internet Security 8
AVI
Avira Antivir Personal Free Antivirus
KIS
Kaspersky Internet Security 2012
TIS
Trend Micro Titanium Internet Security 2011
BDF
BitDefender Internet Security 2011
MIS
McAfee Internet Security 2011
ESS
ESET Smart Security 4
MSE
Microsoft Security Essentials 2.1
NOTE: The following table is a summary. The full report was provided to Symantec as an Excel spreadsheet, which includes any Notes that may be referred to in some Threat
Report entries.
none
none
1
AVI
none
none
none
1
1
BDF
ESS
Toaster
Toaster
Denied
Terminated Quarantined
Trojan.Downloader.Java.C
TrojanDownloader.Agent.NCJ trojan
PC Anti-Virus Protection 2012
n/a
n/a
1
1
Removed and
healed: 1
A virus or
unwanted program
was found!
n/a
n/a
Moved to Virus
Vault
Moved to
quarantine
Corrupted
executable file
eicar.txt
1
1
1
1
n/a
n/a
n/a
n/a
1
1
1
1
Page 29 of 106
Compromised
AVG
n/a
Neutralized
1
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site
none
Defended
Blocked
Complete
Reme
Remediation
diation
Effect
(intro)
Toaster
Threat Report
(manual)
Alert
(intro)
AVA
Effect
(manual)
Product
1
Alert
(manual)
Incident
Threat Report
(intro)
In cases where the malware fails for any reason, the product is given the full benefit of the doubt and is classified as having Defended with full remediation.
1
KIS
Denied (2x)
1
MIS
toaster
(2x)
none
1
MSE
pop-up
Removed
1
1
NIS
TIS
none
Browser
none
Blocked
1
2
PCT
AVA
none
Toaster
none
Blocked
2
AVG
Pop up
2
2
AVI
BDF
none
Toaster
Quarantine
(Action was
unsuccessful)
none
Denied
2
2
ESS
GDA
Toaster
none
2
K7
toaster
none (see
note)
Blocked
none (see
note)
Access
denied
PC Anti-Virus Protection 2012
na
na
na
1
1
none
none (see note)
Denied: Trojan-Downloader.Java.OpenConnection.dh
(2x)
none
na
na
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
report
Quarantined
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: TrojanDownloader:
Java/OpenConnection.MY. Recommended action:
Remove.
none
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
none
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site.
Threat Detected! (Default: Move to Vault)
na
1
1
1
na
Viruses, Trojans,
and Cookies
Quarantined:
Downloader-BCS
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
Removed and
healed: 1
Moved to Virus
Vault
Corrupted
executable file
1
1
none
BitDefender has blocked a virus! Virus Name:
Gen.Trojan.Heur.PT.rOqpbioDPhmG
Address has been blocked.
none
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
na
n/a
na
n/a
na
1
1
1
1
High Security Risk Found! Trojan Downloader
(0028b20a1)
na
na
na
1
1
Page 30 of 106
1
Compromised
none (see
note)
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Downloader.Java.C (Engine A). File:
jar_cache58882.tmp. Default option: "Disinfect (if not
possible: quarantine)". When you disinfect a file, data
loss may occur thereby rendering the file unusable. Are
you sure you want to disinfect the file? Default option:
"Yes".
none
Neutralized
none
Defended
K7
Complete
Reme
Remediation
diation
1
Threat Report
(manual)
Effect
(intro)
Disinfected
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
GDA
Threat Report
(intro)
Incident
1
2
MSE
pop-up
Removed
2
2
NIS
TIS
Toaster
Browser
Removed
Blocked
2
PCT
3
AVA
1)Toaster
2) Toaster
Toaster
1) Block 2)
Quarantined
Blocked
3
AVG
Pop up
3
3
AVI
BDF
none
Toaster
Quarantine
(Action was
unsuccessful)
none
Denied
3
ESS
1)Toaster,
2)Warning
on the
browser
1)Denied,
2)Blocked
PC Anti-Virus Protection 2012
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
none
BitDefender has blocked multiple viruses! The infected
objects have been treated. Your PC is protected! Virus
Name: Trojan.Generic.KD.2861… (File access was
blocked) and Gen:Variant.Kazy.30647 (File access was
blocked)
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
Page 31 of 106
Compromised
Removed
(1) Access Denied. The request URL cannot be provided.
URL: http:// 69 DOT 64 DOT 49 DOT 35 / videospedofilia-1039-oastir-fazendo-sexo-oral-com-adolescentAVI DOT exe; (2) Denied: http:// 69 DOT 64 DOT 49 DOT
35 / videos-pedofilia-1039-oastir-fazendo-sexo-oral-comadolescent-AVI DOT exe (analysis using the database of
suspicious URLs). (3) Denied: http:// 69 DOT 64 DOT 49
DOT 35 / favicon DOT ico (analysis using the database
of suspicious URLs).
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Generic Trojan.x!fzr (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: TrojanDownloader:
Win32/Banload. Recommended action: Remove.
AVI[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Medium Risk Level Threat Blocked, Internet Security has
blocked the medium risk threat Trojan-PWS.Bancos!rem.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site.
Threat Detected! (Default: Move to Vault) Trojan horse
Agent_r.AKC
Neutralized
toaster
Defended
MIS
Complete
Reme
Remediation
diation
2
Threat Report
(manual)
Effect
(intro)
(1) Access
denied; (2)
Denied; (2)
Denied;
Effect
(manual)
Alert
(intro)
(1)
browser;
(2)
toaster;
(3) toaster
Alert
(manual)
Product
KIS
Threat Report
(intro)
Incident
2
KIS
3
MIS
(1)
browser;
(2) toaster
toaster
3
MSE
pop-up
Removed
3
NIS
Toaster
Blocked
3
TIS
Browser
Blocked
3
PCT
4
AVA
1)Toaster
2) Toaster
Toaster
1) Block 2)
Quarantined
Blocked
4
AVG
none
none
4
AVI
Toaster
Removed
PC Anti-Virus Protection 2012
na
na
na
1
1
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// gandon DOT cx DOT cc / d DOT
php?f=72&e=0; (2) Denied: Backdoor.Win32.Gbot.mej
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: W32/Waledda.dam (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
Backdoor:Win32/Cybot.B. Recommended action:
Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Medium Risk Level Threat Blocked, Internet Security has
blocked the medium risk threat Backdoor.Trojan
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site.
none
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Removed and
healed: 1
n/a
Moved to Virus
Vault
n/a
Corrupted
executable file
n/a
Guard: Malware found. A virus or unwanted program was
found. Access to this file was denied. Please select a
further action: (default: Remove)
Page 32 of 106
Compromised
3
Access
denied
(1) Access
Denied; (2)
Denied
Removed
(1) Virus alert. An attempt was made to access an
infected file. Virus: Gen:Variant.Kazy.30647 (Engine A).
File: readme[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.;
(2) Virus alert. An attempt was made to access an
infected file. Virus: Win32:Cycbot-HC [Trj] (Engine B).
File: wireshark.exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
High Security Risk Found! Riskware (0015e4f01)
Neutralized
toaster
Defended
K7
Complete
Reme
Remediation
diation
3
Threat Report
(manual)
Effect
(intro)
Disinfected
(2x)
Effect
(manual)
Alert
(intro)
pop-up
(2x)
Alert
(manual)
Product
GDA
Threat Report
(intro)
Incident
3
1
1
1
GDA
pop-up
4
K7
toaster
4
KIS
(1)
browser;
(2) toaster
4
MIS
(1) popup; (2)
dialogue
box
Removed
(see note)
4
MSE
pop-up
Removed
(after required
reboot)
4
4
NIS
TIS
Toaster
Browser
Removed
Blocked
4
PCT
5
AVA
1)Toaster
2) Toaster
Toaster
1) Block 2)
Quarantined
Blocked
Access
denied
(1) Access
Denied; (2)
Denied
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// 208 DOT 115 DOT 203 DOT 77 /
Comprovante DOT php; (2) Denied: http:// 208 DOT 115
DOT 203 DOT 77 / Comprovante DOT php (analysis
using the database of phishing URLs)
(1) Potentially Unwanted Program Blocked. McAfee
prevented a potentially unwanted program from running.
Protect your PC by only allowing programs you trust.
Potentially unwanted programs can compromise your
privacy or security. They can include spyware, adware,
and dialers, and can be downloaded with the programs
you want. Name: Tool-Wget. Default option: Remove. (2)
McAfee was unable to remove this program. Please try
removing it using Add or Remove Programs in Windows.
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: Trojan:Win32/Comame.
Recommended action: Remove.
Comprovante[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
High Risk Level Threat Blocked, Internet Security has
blocked the medium risk threat Trojan.Gen
Malware blocked. Avast! File System Shield has blocked
a threat. No further action is required. Infection:
Win32:Malware-gen. The threat was detected and
blocked when the file was created or modified.
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Page 33 of 106
Compromised
4
Terminated Quarantined
Disinfected
BitDefender has blocked a virus! Virus Name:
Trojan.Generic.62258666 Access to this file has been
denied.
Threat: BAT/Qhost.NMO trojan. Connection terminated quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Generic.6258666 (Engine A). File:
comprovante[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
High Security Risk Found! Riskware (3949ecb40)
Neutralized
Toaster
Defended
ESS
Complete
Reme
Remediation
diation
4
Threat Report
(manual)
Effect
(intro)
Denied
Effect
(manual)
Alert
(intro)
Toaster
Alert
(manual)
Product
BDF
Threat Report
(intro)
Incident
4
none
5
BDF
none
none
none
5
ESS
none
none
none
5
GDA
pop-up
Disinfected
5
5
K7
KIS
toaster
pop-up
5
MIS
pop-up
Removed
Allowed
access to
password
storage.
Removed
(see note)
5
MSE
pop-up
Removed
5
NIS
Pop up
Detected
5
TIS
Browser
Blocked
Virus alert. An attempt was made to access an infected
file. Virus: Application.Generic.37931 (Engine A). File:
MPR[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
High Security Risk Found! Hacktool (000615521)
Application Control. MPR[1].EXE from "Low Restricted"
group is trying to get access to protected passwords
storage. Default option: Make trusted. Move appliction to
the "Trusted" group.
Potentially Unwanted Program Blocked. McAfee
prevented a potentially unwanted program from running.
Protect your PC by only allowing programs you trust.
Potentially unwanted programs can compromise your
privacy or security. They can include spyware, adware,
and dialers, and can be downloaded with the programs
you want. Name: Generic PUP.x. Default option:
Remove.
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: PWS:Win32/Ldpinch.gen.
Recommended action: Remove.
Threat Detected, This threat has been detected. We
recommend that you remove this threat. MPR[1].exe
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
PC Anti-Virus Protection 2012
Compromised
none
n/a
n/a
n/a
1
1
A virus or
unwanted program
was found!
Solved issues: 2
Moved to
quarantine
eicar.txt
1
Deleted
1
Number of threats
found: 0
na
n/a
MPR[1].exe and
Cookie.DoubleClic
k
n/a
na
na
1
1
na
none
na
none (see note)
na
none
1
1
na
na
na
1
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Page 34 of 106
Neutralized
AVI
Defended
5
Threat detected. Threat name: Generic PUP.x /
Category: PUA - Potentially Unwanted Application.
(default: Move to Vault)
none
Complete
Reme
Remediation
diation
Removed
Threat Report
(manual)
Effect
(intro)
Pop up
Effect
(manual)
Alert
(intro)
AVG
Alert
(manual)
Product
Threat Report
(intro)
Incident
5
1
1
1
6
AVG
Pop up
Quarantined
6
AVI
none
none
6
BDF
Toaster
Denied
6
6
ESS
GDA
Toaster
pop-up
Blocked
Disinfected
6
K7
(1-4) popup; (5)
toaster
Removed
6
KIS
(1)
browser;
(2) toaster
(1) Access
Denied; (2)
Denied
PC Anti-Virus Protection 2012
BitDefender has blocked a virus! Virus Name:
Gen.Trojan.Heur.DP.jKO@aW1sl3gO Access to this file
has been denied.
Address has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Trojan.Heur.DP.jK0@aW1sJ3gO (Engine
A). File: download13072011[1].exe. Default option:
Disinfect (if not possible: quarantine). When you disinfect
a file, data loss may occur thereby rendering the file
unusable. Are you sure you want to disinfect the file?
Default option: Yes.
(1) Application is accessing the Internet. The program
download13072011[1].exe is connection to a network.
Developer Name: Winrar. Default option: Allow; (2)
System monitor alert. New AutoStart Entry Found! A new
program has been added to run atuomatically whenever
Windows boots up. Default option: Block Always; (3)
Application is accessing the Internet. The program
iexplore.exe is connection to a network. Developer
Name: Not Available. Default option: Allow; (4) New
AutoStart Entry Found! A new program has been added
to run atuomatically whenever Windows boots up. Default
option: Block Always; (5) High Security Alert. Riskware
(37db41910)
(1) Access Denied. The request URL cannot be provided.
URL: http:// pulicidade DOT land DOT ru /
download13072011.exe; (2) Detected: HEUR:TrojanDownloader.Win32.Generic
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
A virus or
unwanted program
was found!
n/a
Move to quarantine
Detection:
TR/Dropper.Gen
n/a
n/a
1
1
n/a
na
n/a
na
n/a
na
1
1
1
1
none
none (see note)
Scan Completed.
No Viruses,
spyware or other
risks were found.
1
na
na
na
1
Page 35 of 106
Compromised
Blocked
n/a
Neutralized
Toaster
Defended
AVA
Complete
Reme
Remediation
diation
6
High Risk Level Threat Blocked, Internet Security has
blocked the medium risk threat
SecurityRisk.MultipassRecover.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site.
Threat detected. Threat name: Suspicious.DLoader /
Category: Unknown. (default: Move to Vault)
none
Threat Report
(manual)
Effect
(intro)
1) Block 2)
Removed
Effect
(manual)
Alert
(intro)
1)Toaster
2) Toaster
Alert
(manual)
Product
PCT
Threat Report
(intro)
Incident
5
1
1
1
1
1
Alert
(manual)
Effect
(manual)
none
none (see note)
6
MSE
pop-up
Removed
na
6
NIS
Toaster
Removed
6
TIS
Browser
Blocked
6
PCT
Toaster
Blocked
7
AVA
Toaster
Blocked
7
AVG
Pop up
Quarantined
7
AVI
Toaster
Removed
7
BDF
Toaster
Denied
7
7
ESS
GDA
Toaster
pop-up
Blocked
Disinfected
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: Trojan:Win32/Comisproc.
Recommended action: Remove.
download1307201[1].exe is not safe and has been
removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
High Risk Level Threat Blocked, Internet Security has
blocked the medium risk threat
HeurEngine.ZeroDayThreat.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected. Threat name:
Win32/TrojanDownloader.VB.PHC. Category: Trojan.
Description: This is a known Trojan/Backdoor. It is
recommended that you quarantine this threat. (default:
Move to Vault)
Guard: Malware found. A virus or unwanted program
'TR/Spy.38912.77' was found in file
DSC25293.jpg[1].exe. Access to this file was denied.
Please select a further action: (default: Remove)
BitDefender has blocked a virus! Virus Name:
Gen.Trojan.Heur.cq0@bTbnbLki Access to this file has
been denied.
Address has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus: Gen.Trojan.Heur.cq0@bTbnbLki (Engine A).
File: DSC25293.exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
PC Anti-Virus Protection 2012
na
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Removed and
healed: 1
Moved to Virus
Vault
Corrupted
executable file
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
na
n/a
na
n/a
na
1
1
1
1
Page 36 of 106
Compromised
Threat Report
(intro)
none
Neutralized
Effect
(intro)
none (see
note)
Defended
Alert
(intro)
none
Complete
Reme
Remediation
diation
Product
MIS
Threat Report
(manual)
Incident
6
1
1
toaster
Removed
7
MSE
pop-up
Removed
7
7
NIS
TIS
Toaster
Browser
Removed
Blocked
7
PCT
Blocked
8
AVA
1)Toaster
2) Toaster
Toaster
8
AVG
Blocked
8
8
AVI
BDF
1)Warning
on the
browser,
2)Pop up
none
1)Toaster,
2)Toaster,
3)Toaster
8
ESS
Toaster
Terminated Quarantined
Blocked
none
Blocked
PC Anti-Virus Protection 2012
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// azdl DOT org / libraries /simplepie DOT Idn
/DSC25293 DOT jpg DOT exe; (2) Denied:
Trojan.Win32.VBKrypt.eghz
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Generic.evx!q (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: Trojan:Win32/Sisproc.
Recommended action: Remove.
DSC25293.jpg[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
High Risk Level Threat Blocked, Internet Security has
blocked the medium risk threat Trojan.Gen
Trojan Horse Blocked. Avast! File System Shield has
blocked a threat. No further action is required. Infection:
VBS:Agent-DZ
1)Danger: Surf-Shield has detected active threats on this
page and has blocked access for your protection.
2)Threat was blocked! Threat name: Exploit JavaScript
Obfuscation (type 1627)
none
1)BitDefender has blocked a virus! Virus Name:
Trojan.Downloader.INUE Access to this file has been
denied. 2)BitDefender has blocked multiple viruses! Virus
name: Trojan.Downloader.VBS File access was blocked.
Virus name: Trojan.Downloader.INUE File access was
blocked. The infected objects have been treated. Your
PC is protected! 3)BitDefender has blocked a virus! Virus
name: Trojan.Downloader.VBS.DZ Access to this file has
been denied.
Threat: Java/TrojanDownloader.Agent.NBB trojan.
Connection terminated - quarantined
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
Scan complete,
THREAT
DETECTED!
n/a
Move to chest
VBS:Agent-DZ [Trj]
1
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
Page 37 of 106
1
Compromised
MIS
High Security Risk Found! Trojan (0028f1c91)
Neutralized
7
Defended
(1)
browser;
(2) toaster
Complete
Reme
Remediation
diation
KIS
Threat Report
(manual)
Effect
(intro)
7
Access
denied
(1) Access
Denied; (2)
Denied
Effect
(manual)
Alert
(intro)
toaster
Alert
(manual)
Product
K7
Threat Report
(intro)
Incident
7
Threat Report
(manual)
Complete
Reme
Remediation
diation
Defended
na
na
1
1
Denied: Trojan-Downloader.Java.Agent.jv (2x)
na
na
na
1
1
none (see
note)
none
report
Quarantined
pop-up
Removed
na
na
1
1
NIS
Toaster
Removed
n/a
n/a
n/a
1
1
8
TIS
Browser
Blocked
n/a
n/a
n/a
1
1
8
PCT
Toaster
Blocked
n/a
n/a
n/a
1
1
9
AVA
Toaster
Blocked
n/a
n/a
n/a
1
1
9
AVG
Pop up
Quarantine
(Action was
unsuccessful)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
TrojanDownloader:Java/Agent.E. Recommended action:
Remove.
SONAR has removed security risk update… Your
computer is secure.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
High Risk Level Threat Blocked, Internet Security has
blocked the medium risk threat Trojan.Gen
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected! Threat name: Trojan horse
Generic23.WSS Detected on open (default: Move to
Vault)
Viruses, Trojans,
and Cookies
Quarantined:
Downloader-BCS
na
n/a
n/a
n/a
1
1
(1)
Disinfected;
(2) Blocked;
(3) default
option not
chosen to be
able to obtain
Wireshark
logs
8
K7
toaster
(3x)
8
KIS
8
MIS
toaster
(2x)
none
(1) Removed;
(2) Access
denied; (3)
Removed
Denied (2x)
8
MSE
8
PC Anti-Virus Protection 2012
Page 38 of 106
Compromised
Effect
(manual)
na
pop-up
(3x)
Neutralized
Alert
(manual)
1
GDA
Threat Report
(intro)
1
Effect
(intro)
na
Alert
(intro)
na
Product
na
Incident
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Downloader.JNUE (Engine A). File:
subway[1].htm. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.; (2)
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Java.Downloader.G (Engine A). File:
jar_cache45566.tmp. Default option: Block file access;
(3) Virus alert. An attempt was made to access an
infected file. Virus: VBS:Agent-DZ [Trj] (Engine B}. File:
net.cap. Default option: Disinfect (if not possible:
quarantine).
(1) High Security Risk Found! Exploit (6802f3540); (2)
High Security Risk Found! Trojan (781652440); High
Security Risk Removed! Exploit (6802f3540)
8
1
9
ESS
Toaster
9
GDA
pop-up
Terminated Quarantined
Disinfected
9
K7
toaster
9
KIS
(1)
browser;
(2) toaster
Access
denied
(1) Access
Denied; (2)
Denied
9
MIS
toaster
Removed
9
MSE
pop-up
Removed
9
NIS
1)Toaster
2) Toaster
Blocked
9
TIS
Browser
Blocked
9
PCT
Toaster
Yes
10
AVA
Toaster
Blocked
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// 109 DOT 230 DOT 246 DOT 198 / d DOT
php?e=7&f=32; (2) Denied: TrojanDownloader.Win32.Tiny.crb
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Artemis!0247309E6298 (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
TrojanDownloader:Win32/Drstwax.A. Recommended
action: Remove.
1) Norton blocked an attack by: Web Attack: Seosploit
Request. 2) Norton blocked an attack by: Web Attack:
Blackhole Toolkit Activity 3.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Contact[1].exe is trying to access the Internet. Option
clicked Yes.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
none
none
none
n/a
n/a
n/a
Page 39 of 106
1
1
1
Compromised
Denied
Guard: Malware found - A virus or unwanted program
'TR/Crypt.XPACK.Gen' was found in file contacts[1].exe
Access to this file was denied. Please select a further
action: (default: Remove)
BitDefender has blocked a virus! Virus Name:
Gen.Variant.Kazy.21497 Access to this file has been
denied.
Threat: a variant of Win32/Kryptik.MUW trojan.
Connection terminated - quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Kazy.21497 (Engine A). File:
contacts[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
High Security Risk Found! Trojan (68334a840)
Neutralized
Toaster
Defended
BDF
Complete
Reme
Remediation
diation
9
Threat Report
(manual)
Effect
(intro)
Removed
Effect
(manual)
Alert
(intro)
Toaster
Alert
(manual)
Product
AVI
Threat Report
(intro)
Incident
9
Blocked
PC Anti-Virus Protection 2012
n/a
n/a
1
1
A virus or
unwanted program
was found!
Move to quarantine
HTML/rug.A.3
1
Solved issues: 2
Deleted
1
n/a
n/a
Trojan.Generic.KD.
289143 (in
jar_cache39951.tm
p) and
Cookie.DoubleClic
k
n/a
Page 40 of 106
1
1
Compromised
1)Warning
on the
browser,
2)Toaster
n/a
Neutralized
ESS
Defended
1)Blocked,
2)Terminated
Complete
Reme
Remediation
diation
1)Toaster,
2)Toaster
Threat Report
(manual)
10
BDF
Detected
1)Danger: Surf-Shield has detected active threats on this
page and has blocked access for your protection.
2)Threat was blocked! Threat name: Exploit Blackhole
Exploit Kit (type 2029)
1)Guard: Malware found. A virus or unwanted program
'EXP/Pidief.hem' was found in file 5a065[1].pdf. Access
to this file was denied. Please select a further action:
(default: Remove), 2)Guard: Malware found. AntiVir
Guard detected 3 viruses or unwanted programs. Access
was denied. Please select a further action: (default:
Remove), 3)Guard: Malware found. A virus or unwanted
program 'TR/Crypt.XPACK.Gen' was found in file
jar_cache16022.tmp. Access to this file was denied.
Please select further action: (default: Remove)
1)BitDefender has blocked multiple viruses! The infected
objects have been treated. Your PC is protected! Virus
Name: Trojan.Generic.KD.2891… (File access was
blocked) and Trojan.Generic.KD.2891... (File access was
blocked), 2)An .exe program was terminated because it
was deemed to be harmful.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
Effect
(manual)
10
Blocked
Alert
(manual)
AVI
1)Warning
on the
browser,
2)Pop up
1)Toaster,
2)Toaster,
3)Toaster
Threat Report
(intro)
10
Effect
(intro)
Product
AVG
Alert
(intro)
Incident
10
KIS
(1)
browser;
(2) toaster
10
MIS
none
none (see
note)
PC Anti-Virus Protection 2012
na
na
1
1
none
none (see note)
na
na
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
none
none (see note)
Page 41 of 106
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
1
1
1
1
Compromised
10
Allowed
access to the
Internet (see
note)
(1) Access
Denied; (2)
Denied
na
Neutralized
pop-up
Defended
K7
Complete
Reme
Remediation
diation
10
(1) Virus alert. An attempt was made to access an
infected file. Virus: Java:AGent-OC [Expl] (Engine B).
File: jar_cache28166.tmp. Default option: Block file
access.; (2) Virus alert. An attempt was made to access
an infected file. Virus: JS:Pdfka-gen [Expl] (Engine B).
File: a8f15[1].pdf. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.;
(3) Virus alert. An attempt was made to access an
infected file. Virus: Trojan.Generic.KD.289143 (Engine
A). File: contacts[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.;
(4) Virus alert. An attempt was made to access an
infected file. Virus: Trojan.Generic.KD.289143 (Engine
A). File: contacts[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
Application is accessing the Internet. The program
0.747759393045344.exe is preparing to act as server on
the network. Developer name: iF System. Default option:
Allow
(1) Access Denied. The request URL cannot be provided.
URL: http:// jerlitincho DOT no-ip DOT biz / forum DOT
php?tp=b2dd1dcd5d; (2) Denied: http: jerlitincho DOT
no-ip DOT biz / forum DOT php?tp=b2dd1dcd5d and
http:// jerlitincho DOT no-ip DOT biz / favicon DOT ico
(analysis using the database of suspicious URLs)
none
Threat Report
(manual)
Effect
(intro)
(1) Blocked;
(2-4)
Disinfected
Effect
(manual)
Alert
(intro)
pop-up
(4x)
Alert
(manual)
Product
GDA
Threat Report
(intro)
Incident
10
10
TIS
Browser
Blocked
10
PCT
1)Pop up
2) Pop Up
1) Yes 2)
Quarantine
11
AVA
Toaster
Blocked
11
AVG
Pop up
Quarantine
11
11
AVI
BDF
none
Toaster
none
Blocked
11
ESS
Toaster
11
GDA
(1) popup; (2)
toaster
Terminated Quarantined
Disinfected
(after required
reboot)
PC Anti-Virus Protection 2012
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Removed and
healed: 1
Moved to Virus
Vault
Corrupted
executable file
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
Page 42 of 106
Compromised
Blocked
na
Neutralized
Toaster
Defended
NIS
Complete
Reme
Remediation
diation
10
(1) Security Essentials detected 3 potential threats that
might compromise your privacy or damage your
computer. Your access to these items may be suspended
until you take an action. Detected items:
Exploit:JS/Blacole.A, TrojanDownloader:Win32/Ufraie.A;
Exploit:Win32/Pdfjsc.US. Recommended action:
Remove.; (2) Security Essentials detected 2 potential
threats that might compromise your privacy or damage
your computer. Your access to these items may be
suspended until you take an action. Detected items:
TrojanDownloader:Win32/Ufraie.A;
Exploit:Win32/Pdfjsc.US. Recommended action:
Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1) Gandhi Hodgkin is trying to modify or control another
application. Do you Trust this Application? 2) Suspicious
Activity Detected. A program is deleting itself. Gandhi
Hodgkin.
Malware blocked. Avast! File System Shield has blocked
a threat. No further action is required.
Threat detected! Threat name: Trojan horse
Downloader.Agent2.AQJU Detected on open (default:
Move to Vault)
none
BitDefender has blocked a virus! Virus Name:
Trojan.Generic.6294802 Access to this file has been
denied.
Threat: a variant of Win32/Giku.I trojan. Connection
terminated - quarantined
(1) Virus alert. An attempt was made to access an
infected file. Virus: Trojan.Generic.6294802 (Engine A).
File: comprov_13072011[1].exe. Default option: Disinfect
(if not possible: quarantine). When you disinfect a file,
data loss may occur thereby rendering the file unusable.
Are you sure you want to disinfect the file? Default
option: Yes. (2) Unable to place file in quarantine
because access is blocked. The file will be deleted next
time the system restarts.
Threat Report
(manual)
Effect
(intro)
(1) Removed;
(2) Removed
(after required
reboot)
Effect
(manual)
Alert
(intro)
pop-up
(2x)
Alert
(manual)
Product
MSE
Threat Report
(intro)
Incident
10
1
toaster
Removed
11
MSE
pop-up
Removed
11
11
NIS
TIS
Toaster
Browser
Removed
Blocked
11
PCT
1)Pop up
2) Pop Up
1) Yes 2)
Quarantine
12
AVA
Toaster
Blocked
12
AVG
Pop up
12
AVI
Toaster
Quarantine
(Action was
unsuccessful)
Removed
12
BDF
Toaster
Blocked
12
ESS
1)Warning
on the
browser,
2)Toaster
Blocked
PC Anti-Virus Protection 2012
na
na
1
1
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Page 43 of 106
Compromised
MIS
na
Neutralized
11
Defended
(1)
browser;
(2) toaster
Complete
Reme
Remediation
diation
KIS
High Security Risk Found! Trojan-Downloader
(00290e341)
(1) Access Denied. The request URL cannot be provided.
URL: http:// 83 DOT 92 DOT 252 DOT 198 / images /
comprov_13072011 DOT exe; (2) Denied: TrojanDownloader.Win32.Agent.ssfd
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Generic.bfr!ch (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: Trojan:Win32/Giku.A.
Recommended action: Remove.
Comprovante[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)comprovante[1].exe is trying to access the internet. 2)
Suspicious Activity Detected. A program is deleting itself.
Comprovante[1].exe
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected! Threat name: Trojan horse
PSW.Generic8.CORW Detected on open. (default: Move
to Vault)
Guard: Malware found - A virus or unwanted program
'TR/Crypt.CFI.Gen' was found in file readme[1].exe
Access to this file was denied. Please select a further
action: (default: Remove)
BitDefender has blocked a virus! Virus Name:
Gen:Variant.Kazy.26500 Access to this file has been
denied.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
Threat Report
(manual)
Effect
(intro)
11
Access
denied
(1) Access
Denied; (2)
Denied
Effect
(manual)
Alert
(intro)
toaster
Alert
(manual)
Product
K7
Threat Report
(intro)
Incident
11
12
KIS
(1)
browser;
(2) toaster
(1) Access
Denied; (2)
Denied
12
MIS
toaster
Removed
12
MSE
pop-up
Removed
12
12
NIS
TIS
Toaster
Browser
Removed
Blocked
PC Anti-Virus Protection 2012
na
na
1
1
none
none (see note)
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
Page 44 of 106
Compromised
Blocked (7x)
(see note)
na
Neutralized
pop-up
(7x)
Defended
K7
Complete
Reme
Remediation
diation
12
(1) Virus alert. An attempt was made to access an
infected file. Virus: Gen:Variant.Kazy.26500 (Engine A).
File: readme[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.;
(2) Virus alert. An attempt was made to access an
infected file. Virus: Win32:Zbot-NEH (Engine B)A). File:
net.cap. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
(1) System monitor alert. New AutoStart Entry Found! A
new program has been added to run atuomatically
whenever Windows boots up. Default option: Block
Always; (2) System monitor alert! Iexplorer Zone Settings
have been modified. The following entries have changed:
Unknown(1609). Default option: Block; (3) System
monitor alert! Iexplorer Zone Settings have been
modified. The following entries have changed: Access
data sources across domains(1406), Unknown(1609).
Default option: Block (5x)
(1) Access Denied. The request URL cannot be provided.
URL: http:// americanmobile DOT ca / k DOT
php?f=20&amp;amp;amp;amp;amp;amp;e; (2) Denied:
http:http:// americanmobile DOT ca / k DOT
php?f=20&amp;amp;amp;amp;amp;amp;e; and http://
americanmobile DOT ca / favicon DOT ico (analysis
using the database of suspicious URLs)
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected:PWS.Zbot.gen.qi (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
PWS:Win32/Zbot.gen!AF. Recommended action:
Remove.
readme[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Threat Report
(manual)
Effect
(intro)
Disinfected
Effect
(manual)
Alert
(intro)
pop-up
(2x)
Alert
(manual)
Product
GDA
Threat Report
(intro)
Incident
12
1
13
AVG
Pop up
13
13
AVI
BDF
none
Toaster
Quarantine
(Action was
unsuccessful)
none
Blocked
13
ESS
Blocked
13
GDA
1)Warning
on the
browser,
2)Toaster
pop-up
13
K7
toaster
13
KIS
(1)
browser;
(2) toaster
Access
denied
(1) Access
Denied; (2)
Denied
13
MIS
toaster
Removed
13
MSE
pop-up
Removed
Disinfected
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
none
BitDefender has blocked a virus! Virus Name:
Variant.Kazy.30791 Access to this file has been denied.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Kazy.30791 (Engine A). File:
about[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
High Security Risk Found! Riskware (0015e4f01)
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// hhjkfgjhdfgdg DOT cx DOT cc / d DOT
php?f=36&amp;amp;e=2; (2) Denied: TrojanSpy.Win32.Zbot.bwym
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Generic.PWS.bfr!c (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
PWS:Win32/Zbot.gen!AF. Recommended action:
Remove.
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
Page 45 of 106
1
Compromised
Blocked
1)High Risk Level Threat Blocked, Internet Security has
blocked the medium risk threat
RogueAntiSpyware.UltraDegragFraud!gen1. 2) Windows
Delayed Write Failed. Windows was not able to save all
data for the file C:\Documents and Settings ….\Temporary
Internet Files\Content.IE5\readme[1].exe. The data has
been lost. This may be caused by a failure of your
computer hardware. 3) IntelliGuard Detections Cleaned.
1 detected infections were successfully removed
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected! Trojan horse PSW.Generic8.COHU
Detected on open. (default: Move to Vault)
Neutralized
Toaster
Defended
AVA
Complete
Reme
Remediation
diation
13
Threat Report
(manual)
Effect
(intro)
1)Block 2)
Write Delayed
3) Removed
Effect
(manual)
Alert
(intro)
1)Pop up
2)
Dialogue
box on the
icon tray
3) Toaster
Alert
(manual)
Product
PCT
Threat Report
(intro)
Incident
12
14
AVA
Toaster
Blocked
14
AVG
Pop up
Removed
14
AVI
Toaster
Removed
14
BDF
Toaster
Blocked
14
ESS
Blocked
14
GDA
1)Warning
on the
browser,
2)Toaster
pop-up
14
K7
toaster
Access
denied
Disinfected
PC Anti-Virus Protection 2012
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Removed and
healed: 1
Moved to Virus
Vault
Corrupted
executable file
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
na
na
na
1
1
Page 46 of 106
Compromised
1)Block 2)
Write Delayed
3) Removed
n/a
n/a
Neutralized
1)Pop up
2)
Dialogue
box on the
icon tray
3) Toaster
Defended
PCT
Complete
Reme
Remediation
diation
13
about[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)High Risk Level Threat Blocked, Internet Security has
blocked the medium risk threat. 2) Windows Delayed
Write Failed. Windows was not able to save all data for
the file C:\Documents and Settings ….\Temporary Internet
Files\Content.IE5\about[1].exe. The data has been lost.
This may be caused by a failure of your computer
hardware. 3) IntelliGuard Detections Cleaned. 1 detected
infections were successfully removed
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected. Threat name: Win32/Injector.HTF
Category: Trojan. Description: This is a known
Trojan/Backdoor. It is recommended that you quarantine
this threat. (default: Move to Vault)
Guard: Malware found - A virus or unwanted program
'TR/VBKrypt.egbh' was found in file about[1].exe Access
to this file was denied. Please select a further action:
(default: Remove)
BitDefender has blocked a virus! Virus Name:
Trojan.Generic.KD.288527 Access to this file has been
denied.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Generic.KD.288527 (Engine A). File:
about[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
High Security Risk Found! Trojan (00290e331)
Threat Report
(manual)
Effect
(intro)
Removed
Blocked
Effect
(manual)
Alert
(intro)
Toaster
Browser
Alert
(manual)
Product
NIS
TIS
Threat Report
(intro)
Incident
13
13
1
14
MSE
pop-up
Removed
14
14
NIS
TIS
Toaster
Browser
Removed
Blocked
14
PCT
Toaster
Quarantine
15
AVA
Toaster
Blocked
15
AVG
Pop up
Quarantine
15
15
AVI
BDF
none
Toaster
none
Blocked
15
ESS
1)Warning
on the
browser,
2)Toaster
PC Anti-Virus Protection 2012
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Removed and
healed: 1
Moved to Virus
Vault
Corrupted
executable file
n/a
Solved issues: 2
n/a
Moved to
quarantine
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
n/a
n/a
n/a
Gen:Variant.Kazy.
30045 (moved to
quarantine) and
Cookie.DoubleClic
k (deleted)
n/a
Page 47 of 106
Compromised
Removed
(1) Access Denied. The request URL cannot be provided.
URL: http:// vawboman71 DOT co DOT be / k DOT
php?f=61&amp;amp;amp;amp;e=4; (2) Denied: http://
vawboman71 DOT co DOT be / k DOT
php?f=61&amp;amp;amp;amp;e=4 and http://
vawboman71 DOT co DOT be / favicon DOT ico
(analysis using the database of suspicious URLs)
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Generic.dx!zzd (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
TrojanDownloader:Win32/Dofoil.D. Recommended
action: Remove.
about[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Download Guard detected a threat in ABOOUT[1].EXE.
This file has been automatically quarantined for your
protection.
Dropper blocked. Avast! File System Shield has blocked
a threat. No further action is required.
Threat detected! Threat name: Trojan horse
PSW.Generic8.CMWC Detected on open. (default: Move
to Vault)
none
BitDefender has blocked a virus! Virus Name:
Variant.Kazy.30045 Access to this file has been denied.
Neutralized
toaster
Defended
MIS
Complete
Reme
Remediation
diation
14
Threat Report
(manual)
Effect
(intro)
(1) Access
Denied; (2)
Denied
Effect
(manual)
Alert
(intro)
(1)
browser;
(2) toaster
Alert
(manual)
Product
KIS
Threat Report
(intro)
Incident
14
1
1
1
1
1
1
15
KIS
15
MIS
(1)
browser;
(2) toaster
toaster
(1) Access
Denied; (2)
Denied
Removed
15
MSE
none
none (see
note)
15
NIS
Toaster
Removed
15
TIS
Browser
Blocked
15
PCT
1)Pop up
2) Pop Up
3) Pop up
1)Allow
2)Allow 3)
Quarantine
16
AVA
Pop up
Open in
sandbox
PC Anti-Virus Protection 2012
na
na
na
1
1
none
none (see note)
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
na
na
1
1
na
na
na
1
1
none
none (see note)
Patch_Aplet_flash2.55[1].exe is not safe and has been
removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)PATCH_APLET_FLASH_2 is trying to modify or control
another application. 2) SERVER_ET is trying to modify or
control another application. 3) Suspicious Activity
Detected. Behaviour Guard detected suspicious activity
in MSERVICE32_T.EXE. This program is attempting to
register itself in your Windows startup.
You are opening an application that may be potentially
unsafe. We strongly recommend opening this application
in the virtual environment of the avast! Sandbox to avoid
any risk to your computer.
n/a
n/a
Scan completed on
160503 items. No
threats were
detected on your
computer during
this scan.
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
No threat found
n/a
n/a
Page 48 of 106
Compromised
(1) Allowed
access to the
Internet; (2)
Blocked (see
note)
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Kazy.30045 (Engine A). File:
Patch_Aplet_flash_2.55[1].exe. Default option: Disinfect
(if not possible: quarantine). When you disinfect a file,
data loss may occur thereby rendering the file unusable.
Are you sure you want to disinfect the file? Default
option: Yes.
(1) Application is accessing the Internet. The program
mservice32_t.exe is preparing to act as server on the
network. Developer name: Not Available. Default option:
Allow; (2) System monitor alert. New AutoStart Entry
Found! A new program has been added to run
atuomatically whenever Windows boots up. Default
option: Block Always;
(1) Access Denied. The request URL cannot be provided.
URL: http:// sciagaj DOT to / pobierz /1017; (2) Denied:
Trojan-PSW.Win32.Delf.qpj
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Generic.qrp!q (Trojan)
none
Neutralized
pop-up
(2x)
Defended
K7
Complete
Reme
Remediation
diation
15
Threat Report
(manual)
Effect
(intro)
Disinfected
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
GDA
Threat Report
(intro)
Incident
15
1
1
1
16
BDF
Toaster
Blocked
16
ESS
Blocked
16
GDA
1)Warning
on the
browser,
2)Toaster
pop-up
16
K7
toaster
Quarantined
16
KIS
(1)
browser;
(2) toaster
(1) Access
Denied; (2)
Denied
16
MIS
none
none (see
note)
Disinfected
PC Anti-Virus Protection 2012
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
none
none (see note)
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
Page 49 of 106
Compromised
Removed
n/a
Neutralized
Pop up
Defended
AVI
Complete
Reme
Remediation
diation
16
Threat detected. Category: Trojan. Description: This is a
known Trojan/Backdoor. It is recommended that you
quarantine this threat. (default: Move to Vault)
Guard: Malware found - A virus or unwanted program
'TR/Crypt.CFI.Gen' was found in file
Planilha_visualizar_Documento-DOC[1].scr Access to
this file was denied. Please select a further action:
(default: Remove)
BitDefender has blocked multiple viruses! The infected
objects have been treated. Your PC is protected! Virus
Name: Gen.Trojan.Downloader.j… (File access was
blocked) and Gen:Trojan.Heur.amW@... (File access
was blocked)
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Trojan.Heur.anW@rjqAGOoGf (Engine
A). File: Planilha_visualiza_Documento-DOC[1].scr.
Default option: Disinfect (if not possible: quarantine).
When you disinfect a file, data loss may occur thereby
rendering the file unusable. Are you sure you want to
disinfect the file? Default option: Yes.
Suspicious program (ID30003) found. Need to restart
computer.
(1) Access Denied. The request URL cannot be provided.
URL: http:// www DOT ergotables DOT com / , / new / , /
pnc03944 / Planilha_visualizar_Documento-DOC DOT
scr; (2) Denied: HEUR:TrojanDownlaoder.Win32.Generic
none
Threat Report
(manual)
Effect
(intro)
Quarantine
Effect
(manual)
Alert
(intro)
Pop up
Alert
(manual)
Product
AVG
Threat Report
(intro)
Incident
16
1
16
TIS
Browser
Blocked
16
PCT
Toaster
17
AVA
Toaster
Detected and
Stopped
Blocked
17
AVG
1)Pop up,
2)Pop up
1)Detected,
2)Detected
and Healed
17
AVI
1)Toaster,
2)Toaster,
3)Toaster
Removed
17
BDF
Toaster
Blocked
17
ESS
1)Warning
on the
browser,
2)Toaster
Blocked
PC Anti-Virus Protection 2012
Compromised
Removed
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
TrojanDownloader:Win32/Banload.XH. Recommended
action: Remove.
Planilha_visualizar_Documento_DOC[1].scr is not safe
and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Behaviour Guard. Threat Name: Heur
Engine.MaliciousPacker.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
1)Threat detected, 2)Multiple threat detection: Trojan
horse Generic23.BOPB (Result: Infected), Virus found
JS/Generic (Result: Infected)
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Infection: 1,
removed and
healed; Warning:
1, removed and
healed
Moved to Virus
Vault
1
1)Guard: Malware found - A virus or unwanted program
'TR/Crypt.XPACK.Gen5' was found. Access to this file
was denied. Please select a further action: (default:
Remove), 2)Guard: Malware found - AntiVir Guard
detected 2 viruses or unwanted programs. Access was
denied. Please select a further action: (default: Remove),
3)Guard: Malware found - A virus or unwanted program
'TR/Crypt.XPACK.Gen5' was found in file
jar_cache15217.tmp. Access to this file was denied.
Please select a further action: (default: Remove)
BitDefender has blocked multiple viruses! Virus Name:
Gen:Variant.Kazy.31040 (File access was blocked),
Virus Name: Gen:Varian.Kazy.31040 (File access was
blocked). The infected objects have been treated. Your
PC is protected!
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
A virus or
unwanted program
was found!
Move to quarantine
Virus found
JS/Generic and
Corrupted
executable file [the
latter is not
relevant]
HTML/rug.A.3,
Eicar-TestSignature,
JAVA/Exdoer.ED
Solved issues: 2
Deleted
Gen:Variant.Kazy.
31040 and
Cookie.DoubleClic
k
1
n/a
n/a
n/a
Page 50 of 106
Neutralized
Toaster
Defended
NIS
Complete
Reme
Remediation
diation
16
Threat Report
(manual)
Effect
(intro)
Removed
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
MSE
Threat Report
(intro)
Incident
16
1
1
1
17
MIS
none
none (see
note)
(1) Access
Denied; (2)
Denied
PC Anti-Virus Protection 2012
na
na
na
1
1
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// sdi2u3i2h DOT com / index DOT
php?tp=001e4bb7b4d7333d; (2) Denied: http://
sdi2u3i2h DOT com / index DOT
php?tp=001e4bb7b4d7333d and http:// sdi2u3i2h DOT
com / favicon DOT ico (analysis using the database of
suspicious URLs)
none
na
na
na
1
1
none
none (see note)
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
Page 51 of 106
Compromised
KIS
(1) Virus alert. An attempt was made to access an
infected file. Virus: Gen:Variant.Kazy.31040 (Engine A).
File: 0.22766812357144284.exe. Default option:
Disinfect (if not possible: quarantine). When you disinfect
a file, data loss may occur thereby rendering the file
unusable. Are you sure you want to disinfect the file?
Default option: Yes.; (2) Virus alert. An attempt was
made to access an infected file. Virus:
Gen:Variant.Kazy.31040 (Engine A). File: calc[1].exe.
Default option: Disinfect (if not possible: quarantine).
When you disinfect a file, data loss may occur thereby
rendering the file unusable. Are you sure you want to
disinfect the file? Default option: Yes; (3) Virus alert. An
attempt was made to access an infected file. Virus:
Gen:Variant.Kazy.31040 (Engine A). File: exe.exe.
Default option: Disinfect (if not possible: quarantine).
When you disinfect a file, data loss may occur thereby
rendering the file unusable. Are you sure you want to
disinfect the file? Default option: Yes
High Security Risk Found! Riskware (0015e4f01) (4x)
Neutralized
Removed (4x)
17
toaster
(4x)
(1)
browser;
(2) toaster
Defended
K7
Complete
Reme
Remediation
diation
17
Threat Report
(manual)
Effect
(intro)
Disinfected
(3x)
Effect
(manual)
Alert
(intro)
pop-up
(3x)
Alert
(manual)
Product
GDA
Threat Report
(intro)
Incident
17
1
17
TIS
Browser
Blocked
17
PCT
Pop up
Allow
18
AVA
Toaster
Blocked
18
AVG
1)Pop up,
2)Pop up
1)Detected,
2)Detected
and Healed
18
AVI
1)Toaster,
2)Toaster
Removed
PC Anti-Virus Protection 2012
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
none
none
none
n/a
n/a
n/a
Infection: 1,
removed and
healed; Warning:
1, removed and
healed
Moved to Virus
Vault
1)Guard: Malware found - A virus or unwanted program
'TR/Crypt.XPACK.Gen5' was found. Access to this file
was denied. Please select a further action: (default:
Remove), 2)Guard: Malware found - AntiVir Guard
detected 5 viruses or unwanted programs. Access was
denied. Please select a further action: (default: Remove)
A virus or
unwanted program
was found!
Move to quarantine
(moved 3 out of 7
detections)
Virus found
JS/Generic and
Corrupted
executable file [the
latter is not
relevant]
Moved to
quarantine:
HTML/rug.A.3,
Eicar-TestSignature,
JAVA/Exdoer.ED,
Detected:
JAVA/Exdoer.EC,
JAVA/Exdoer.EB,
EXP/2010-0840.I,
JAVA/Exdoer.ckl
Page 52 of 106
Compromised
Blocked
(1) Security Essentials detected 3 potential threats that
might compromise your privacy or damage your
computer. Your access to these items may be suspended
until you take an action. Detected items:
Exploit:JS/Blacole.A,
TrojanDownloader:HTML/Adodb.gen!A;
PWS:Win32/Sinowal.gen!Y. Recommended action:
Remove.; (2) Security Essentials detected 2 potential
threats that might compromise your privacy or damage
your computer. Your access to these items may be
suspended until you take an action. Detected items:
PWS:Win32/Sinowal.gen!Y. Recommended action:
Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Services and Controller app was temporarily allowed
since it locked the screen and messages could not be
displayed. Do you trust this application?
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
1)Trojan horse detected, 2)Multiple threat detection:
Trojan horse Generic23.BOPB (Result: Infected), Virus
found JS/Generic (Result: Infected) [default: Remove all
unhealed]
Neutralized
Toaster
Defended
NIS
Complete
Reme
Remediation
diation
17
Threat Report
(manual)
Effect
(intro)
(1) Removed;
(2) Removed
(after required
reboot)
Effect
(manual)
Alert
(intro)
pop-up
(2x)
Alert
(manual)
Product
MSE
Threat Report
(intro)
Incident
17
1
1
1
1
1
PC Anti-Virus Protection 2012
n/a
n/a
1
1
Number of infected
objects: 0
n/a
n/a
Page 53 of 106
1
Compromised
1)Terminated
- quarantined,
2)Deleted
n/a
Neutralized
1)Toaster,
2)Toaster
Defended
ESS
Complete
Reme
Remediation
diation
18
BitDefender 2011. This web page has been blocked by
BitDefender Antivirus Real-time Protection! The web
page blocked by BitDefender included objects that were
wither infected or likely to be infected with a virus. Your
system has NOT been infected.
1)Threat: JS/Exploit.Pdfka.PAE.Gen trojan Connection
terminated - quarantined 2)Threat: A variant of
Win32/Kryptik.QKM trojan Cleaned by deleting
Threat Report
(manual)
Effect
(intro)
Blocked
Effect
(manual)
Alert
(intro)
Warning
on the
browser
Alert
(manual)
Product
BDF
Threat Report
(intro)
Incident
18
PC Anti-Virus Protection 2012
none
none (see note)
Scan Completed.
No Viruses,
spyware or other
risks were found.
Page 54 of 106
1
1
1
Compromised
Removed
(3x); Access
Denied (2x)
(1) Virus alert. An
attempt was made
to access an
infected file. Virus:
JS:ScriptDC-inf[Trj]
(EngineB). File:
index.dat. Default
option: Disinfect (if
not possible:
quarantine). When
you disinfect a file,
data loss may
occur thereby
rendering the file
unusable. Are you
sure you want to
disinfect the file?
Default option:
Yes.; (2)
File/object:
ProcessMonitorLo
g.PML
(JS:ScripDC-inf
[Trj] (Engine B));
index.dat
(JS:ScriptDC-inf
[Trj] (Engine B));
jar_cache50224.tm
p
(Gen:Variant.Kazy.
31040 (Engine A))
Neutralized
toaster
(5x)
(1) Disinfected; (2)
Disinfected (see
note)
Defended
K7
(1) pop-up; (2)
report
Complete
Reme
Remediation
diation
18
(1) Virus alert. An attempt was made to access an
infected file. Virus:JS:Pdfka-BAH [Expl] (Engine B).
File:10bb9[1].pdf. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.;
(2) Virus alert. An attempt was made to access an
infected file. Virus: Gen:Variant.Kazy.31040 (Engine A).
File: 0.3066005932720315.exe. Default option: Disinfect
(if not possible: quarantine). When you disinfect a file,
data loss may occur thereby rendering the file unusable.
Are you sure you want to disinfect the file? Default
option: Yes. (3) Virus alert. An attempt was made to
access an infected file. Virus: Gen:Variant.Kazy.31040
(Engine A). File: readme[1].exe. Default option: Disinfect
(if not possible: quarantine). When you disinfect a file,
data loss may occur thereby rendering the file unusable.
Are you sure you want to disinfect the file? Default
option: Yes. (4) Virus alert. An attempt was made to
access an infected file. Virus: Gen:Variant.Kazy.31040
(Engine A). File: iexplore.exe. Default option: Disinfect (if
not possible: quarantine). When you disinfect a file, data
loss may occur thereby rendering the file unusable. Are
you sure you want to disinfect the file? Default option:
Yes.; (5) Virus alert. An attempt was made to access an
infected file. Virus: Gen:Variant.Kazy.31040 (Engine A).
File: exe.exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.; (6)
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Kazy.31040 (Engine A). File:
file.dll. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
High Security Risk Found! Riskware (0015e4f01) (5x)
Threat Report
(manual)
Effect
(intro)
Disinfected
(6x)
Effect
(manual)
Alert
(intro)
pop-up
(6x)
Alert
(manual)
Product
GDA
Threat Report
(intro)
Incident
18
18
MSE
pop-up
Removed
18
NIS
Toaster
Blocked
18
TIS
Browser
Blocked
18
PCT
Pop up
Allow
19
AVA
Toaster
Blocked
19
AVG
Pop up
Quarantine
PC Anti-Virus Protection 2012
na
na
na
1
1
none
none (see note)
Security Essentials detected 4 potential threats that
might compromise your privacy or damage your
computer. Your access to these items may be suspended
until you take an action. Detected items:
Exploit:JS/Blacole.A,
TrojanDownloader:HTML/Adodb.gen!A;
PWS:Win32/Sinowal.gen!Y; Exploit:Win32/Pdfjsc.RF.
Recommended action: Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Services and Controller app was temporarily allowed
since it locked the screen and messages could not be
displayed. Do you trust this application?
na
na
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Pop up
Removed
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected! Threat name: Virus found JS/Generic
Detected on open. (default: Move to Vault)
n/a
n/a
There are 1 threat
and 3 infections in
your computer.
HeurEngine.Suspic
ious.High
n/a
Infection: 1,
removed and
healed; Warning:
1, removed and
healed
Moved to Virus
Vault
Page 55 of 106
Virus found
JS/Generic and
Corrupted
executable file [the
latter is not
relevant]
Compromised
none (see
note)
(1) Access Denied. The request URL cannot be provided.
URL: http:// hdjwuy2gvn DOT com / index DOT
php?tp=001e4bb7b4d7333d; (2) Denied:
HEUR:Trojan.Script.Generic
none
Neutralized
none
Defended
MIS
Complete
Reme
Remediation
diation
18
Threat Report
(manual)
Effect
(intro)
(1) Access
Denied; (2)
Denied
Effect
(manual)
Alert
(intro)
(1)
browser;
(2) toaster
Alert
(manual)
Product
KIS
Threat Report
(intro)
Incident
18
1
1
1
1
1
1)Guard: Malware found - AntiVir Guard detected 2
viruses or unwanted programs. Access was denied.
Please select a further action: (default: Remove),
2)AntiVir Guard detected 2 viruses or unwanted
programs. Access was denied. Please select a further
action: (default: Remove)
A virus or
unwanted program
was found!
Move to quarantine
(moved 3 out of 7
detections)
19
BDF
1)Toaster,
2)Toaster
1)Blocked,
2)Deleted
No threats were
found. No further
action is
necessary.
n/a
19
ESS
1)Warning
on the
browser,
2)Toaster,
3)Toaster
Blocked
1)BitDefender has blocked multiple viruses! Virus Name:
Gen:Variant.Kazy.31040 (File access was blocked),
Virus Name: Gen:Varian.Kazy.31040 (File access was
blocked). The infected objects have been treated. Your
PC is protected!, 2)BitDefender has blocked multiple
viruses! Virus Name: Gen:Variant.Kazy.31040 (File
access was blocked), Virus Name:
Gen:Varian.Kazy.31040 (File access was deleted). To
remove this file and complete the cleaning process, you
must reboot your system. The infected objects have been
treated. Your PC is protected!
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked. 3)Address has been blocked.
Moved to
quarantine:
HTML/rug.A.3,
Eicar-TestSignature,
JAVA/Exdoer.ED,
Detected:
JAVA/Exdoer.EC,
JAVA/Exdoer.EB,
EXP/2010-0840.I,
JAVA/Exdoer.ckl
n/a
n/a
n/a
n/a
PC Anti-Virus Protection 2012
Page 56 of 106
Compromised
Effect
(manual)
Removed
Neutralized
Alert
(manual)
1)Toaster,
2)Toaster
Defended
Effect
(intro)
AVI
Complete
Reme
Remediation
diation
Alert
(intro)
Threat Report
(manual)
Product
Threat Report
(intro)
Incident
19
1
1
1
1
19
KIS
(1)
browser;
(2) toaster
(1) Access
Denied; (2)
Denied
19
MIS
none
none (see
note)
PC Anti-Virus Protection 2012
none (see note)
none
1
none
none (see note)
(1) Access Denied. The request URL cannot be provided.
URL: http:// 4uiokwnbe DOT com / index DOT
php?tp=001e4bb7b4d7333d; (2) Denied: http://
4uiokwnbe DOT com / index DOT
php?tp=001e4bb7b4d7333d and http:// 4uiokwnbe DOT
com / favicon DOT ico (analysis using the database of
suspicious URLs)
none
na
na
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
none
none (see note)
Page 57 of 106
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
Compromised
none (see
note)
none
Neutralized
none
(1-2) Virus alert. An attempt was made to access an
infected file. Virus: Gen:Variant.Kazy.31040 (Engine A).
File: readme.exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option:
Yes.(2x); (3) Virus alert. An attempt was made to access
an infected file. Virus: Gen:Variant.Kazy.31040 (Engine
A). File: file.dll. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes; (4)
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Kazy.31040 (Engine A). File:
exe.exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes
none
Defended
K7
Complete
Reme
Remediation
diation
19
Threat Report
(manual)
Effect
(intro)
Disinfected
(4x)
Effect
(manual)
Alert
(intro)
pop-up
(4x)
Alert
(manual)
Product
GDA
Threat Report
(intro)
Incident
19
1
1
1
1
1
19
TIS
Browser
Blocked
19
PCT
Pop up
Allow
20
AVA
Toaster
Blocked
20
AVG
Pop up
Quarantine
20
AVI
1)Toaster,
2)Toaster
Removed
PC Anti-Virus Protection 2012
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
none
none
none
n/a
n/a
n/a
Infection: 1,
removed and
healed; Warning:
1, removed and
healed
Moved to Virus
Vault
1)Guard: Malware found - AntiVir Guard detected 2
viruses or unwanted programs. Access was denied.
Please select a further action: (default: Remove),
2)AntiVir Guard detected 2 viruses or unwanted
programs. Access was denied. Please select a further
action: (default: Remove)
A virus or
unwanted program
was found!
Move to quarantine
(moved 3 out of 7
detections)
Virus found
JS/Generic and
Corrupted
executable file [the
latter is not
relevant]
Moved to
quarantine:
HTML/rug.A.3,
Eicar-TestSignature,
JAVA/Exdoer.ED,
Detected:
JAVA/Exdoer.EC,
JAVA/Exdoer.EB,
EXP/2010-0840.I,
JAVA/Exdoer.ckl
Page 58 of 106
Compromised
Blocked
Security Essentials detected 2 potential threats that
might compromise your privacy or damage your
computer. Your access to these items may be suspended
until you take an action. Detected items:
TrojanDownloader:HTML/Adodb.gen!A;
PWS:Win32/Sinowal.gen!Y. Recommended action:
Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Services and Controller app was temporarily allowed
since it locked the screen and messages could not be
displayed. Do you trust this application?
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected! Threat name: Virus found JS/Generic
Detected on open. (default: Move to Vault)
Neutralized
Toaster
Defended
NIS
Complete
Reme
Remediation
diation
19
Threat Report
(manual)
Effect
(intro)
Removed
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
MSE
Threat Report
(intro)
Incident
19
1
1
1
1
1
Disinfected
(4x)
PC Anti-Virus Protection 2012
n/a
n/a
n/a
n/a
1
(1) Virus alert. An attempt was made to access an
infected file. Virus: Gen:Variant.Kazy.31040 (Engine A).
File: info[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.(2x); (2)
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Kazy.31040 (Engine A). File:
readme[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes; (3)
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Kazy.31040 (Engine A). File:
file.dll. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes; (4)
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Kazy.31040 (Engine A). File:
exe.exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes
none
none (see note)
none
1
Page 59 of 106
1
1
1
Compromised
GDA
n/a
Neutralized
Blocked
20
1)Warning
on the
browser,
2)Toaster,
3)Toaster
pop-up
(4x)
No threats were
found. No further
action is
necessary.
Defended
ESS
1)BitDefender has blocked multiple viruses!
2)BitDefender has blocked multiple viruses! Virus Name:
Gen:Variant.Kazy.31040 (File access was blocked),
Virus Name: Gen:Varian.Kazy.31040 (File access was
blocked). The infected objects have been treated. Your
PC is protected!, 3)BitDefender has blocked multiple
viruses! Virus Name: Gen:Variant.Kazy.31040 (File
access was blocked), Virus Name:
Gen:Varian.Kazy.31040 (File access was deleted). To
remove this file and complete the cleaning process, you
must reboot your system. The infected objects have been
treated. Your PC is protected!
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked. 3)Address has been blocked.
Complete
Reme
Remediation
diation
20
Threat Report
(manual)
Effect
(intro)
Blocked
Effect
(manual)
Alert
(intro)
1)Toaster,
2)Toaster,
3)Toaster
Alert
(manual)
Product
BDF
Threat Report
(intro)
Incident
20
Alert
(manual)
Effect
(manual)
none
none (see note)
20
KIS
(1)
browser;
(2) toaster
(1) Access
Denied; (2)
Denied
na
na
20
MIS
none
none (see
note)
(1) Access Denied. The request URL cannot be provided.
URL: http://kdjeluhebn DOT com / index DOT
php?tp=001e4bb7b4d7333d; (2) Denied:
http://kdjeluhebn DOT com / index DOT
php?tp=001e4bb7b4d7333d and http://kdjeluhebn DOT
com / favicon DOT ico (analysis using the database of
suspicious URLs)
none
none
none (see note)
20
MSE
pop-up
(2x)
Removed (2x)
report
Removed
20
NIS
Toaster
Blocked
n/a
n/a
n/a
1
1
20
TIS
Browser
Blocked
n/a
n/a
n/a
1
1
20
PCT
Pop up
Allow
none
none
none
21
AVA
Toaster
Blocked
(1) Security Essentials detected 1 potential threat that
might compromise your privacy or damage your
computer. Your access to these items may be suspended
until you take an action. Detected items:
TrojanDownloader:HTML/Adodb.gen!A. Recommended
action: Remove.; (2) Security Essentials detected 1
potential threat that might compromise your privacy or
damage your computer. Your access to these items may
be suspended until you take an action. Detected items:
PWS:Win32/Sinowal.gen!Y. Recommended action:
Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Services and Controller app was temporarily allowed
since it locked the screen and messages could not be
displayed. Do you trust this application?
Malware blocked. Avast! File System Shield has blocked
a threat.
n/a
n/a
n/a
Page 60 of 106
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
Compromised
Threat Report
(intro)
none
Neutralized
Effect
(intro)
none (see
note)
Defended
Alert
(intro)
none
Complete
Reme
Remediation
diation
Product
K7
PC Anti-Virus Protection 2012
Threat Report
(manual)
Incident
20
1
1
1
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
Exploit: Java/CVE2010-0840.EW
1
1
1
1
1
21
21
ESS
GDA
Toaster
pop-up
Blocked
Disinfected
21
K7
pop-up
(2x)
(1) Allowed
access to the
Internet; (2)
Blocked (see
note)
21
KIS
toaster
(3x)
Deleted
21
MIS
toaster
Removed
21
MSE
pop-up
Removed
21
NIS
Toaster
Removed
21
TIS
Browser
Blocked
PC Anti-Virus Protection 2012
n/a
n/a
1
1
n/a
Solved issues: 1
n/a
Deleted
n/a
Cookie.DoubleClic
k
1
1
n/a
na
n/a
na
n/a
na
1
1
none
none (see note)
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Page 61 of 106
Compromised
none
Blocked
n/a
Neutralized
none
Toaster
Defended
AVI
BDF
Complete
Reme
Remediation
diation
21
21
1)Threat detected! Threat name: Win32:Malware-gen,
Category: Malware, Description: This is a known piece of
Malware (malicious software). It is recommended that
you quarantine this threat. 2)Threat detected! Trojan
horse Generic23.BJGC Detected on open. (default: Move
to Vault)
none
BitDefender has blocked a virus! Virus name:
Gen:Trojan.Crypt.Delf.F.GGW@a4NSXwkG Location:
Cobranca_boleto[1].exe Access to this file has been
denied.
Address has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Trojan.Crypt.Delf.F.GGW@a4NSXwkG
(Engine A). File: Cobranca_boleto[1].exe. Default option:
Disinfect (if not possible: quarantine). When you disinfect
a file, data loss may occur thereby rendering the file
unusable. Are you sure you want to disinfect the file?
Default option: Yes.
(1) Application is accessing the Internet. The program
Cobranca_boleto[1].exe is connection to a network.
Developer name: Not Available. Default option: Allow; (2)
System monitor alert. New AutoStart Entry Found! A new
program has been added to run atuomatically whenever
Windows boots up. Default option: Block Always.
(1) Detected: Trojan.Win32.Scar.ehai; (2) Backed up:
Trojan.Win32.Scar.eha ; (3) Will be deleted on reboot:
Trojan.Win32.Scar.ehai
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Generic BackDoor!djb (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
Backdoor:Win32/Sodager.B. Recommended action:
Remove.
cobranca_boleto[1].exe is not safe and has been
removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Threat Report
(manual)
Effect
(intro)
Quarantine
Effect
(manual)
Alert
(intro)
1)Pop up,
2)Pop up
Alert
(manual)
Product
AVG
Threat Report
(intro)
Incident
21
1
1
1
1
22
AVG
Pop up
Quarantine
22
22
AVI
BDF
none
Toaster
none
Blocked
22
ESS
Toaster
22
GDA
pop-up
Terminated Quarantined
Disinfected
22
K7
toaster
22
KIS
(1)
browser;
(2) toaster
22
MIS
none
none (see
note)
22
MSE
none
none (see
note)
Access
denied
(1) Access
Denied; (2)
Denied
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Warning: 1,
Removed and
healed
Moved to Virus
Vault
Corrupted
executable file
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// 64 DOT 95 DOT 243 DOT 111 / descarga
DOT php; (2) Denied: http:// 64 DOT 95 DOT 243 DOT
111 / descarga DOT php and http:// 64 DOT 95 DOT 243
DOT 111 / favicon DOT ico (analysis using the database
of suspicious URLs)
none
na
na
na
1
1
none
none (see note)
none
none
none (see note)
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
Scan completed on
155866 items. No
threats were
detected on your
computer during
this scan.
Page 62 of 106
Compromised
Blocked
1) Cobranca_boleto[1] is trying to access the internet. Do
you trust this application. 2) Internet Security has blocked
access to the bad website.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected. Threat name: RAR.Qhost.c Category:
Trojan. Description: This is a known Trojan/Backdoor. It
is recommended that you quarantine this threat. (default:
Move to Vault)
none
BitDefender has blocked a virus! Virus name:
Trojan.Qhost.LYG Location: postal_amor.avi[1].exe
Access to this file has been denied.
Threat: Win32/Qhost trojan Connection terminated quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Qhost.LYG (Engine A). File:
postal_amor.avi[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
High Security Risk Found! Trojan (00020d971)
Neutralized
Toaster
Defended
AVA
Complete
Reme
Remediation
diation
22
Threat Report
(manual)
Effect
(intro)
1) Yes 2)
Blocked
Effect
(manual)
Alert
(intro)
1)Pop up
2) Pop Up
Alert
(manual)
Product
PCT
Threat Report
(intro)
Incident
21
1
1
1
23
23
AVA
AVG
none
none
none
none
23
AVI
Toaster
Removed
23
BDF
Toaster
Blocked
23
23
ESS
GDA
Toaster
pop-up
Blocked
Disinfected
23
K7
toaster
23
KIS
none
23
MIS
toaster
Access
denied
none (see
note)
Removed
23
MSE
pop-up
Removed
(after required
reboot)
23
NIS
Toaster
Removed
PC Anti-Virus Protection 2012
none
n/a
none
n/a
1
1
n/a
n/a
n/a
1
1
No threat found
Warning: 1,
Removed and
healed
n/a
n/a
Moved to Virus
Vault
n/a
Corrupted
executable file
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
na
n/a
na
n/a
na
1
1
1
1
na
na
na
1
1
none
none
none
none
Potentially Unwanted Program Blocked. McAfee
prevented a potentially unwanted program from running.
Protect your PC by only allowing programs you trust.
Potentially unwanted programs can compromise your
privacy or security. They can include spyware, adware,
and dialers, and can be downloaded with the programs
you want. Name: Adware-HotBar.d. Default option:
Remove.
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: Adware:Win32/Hotbar.
Alert level: Medium. Default option: Remove
vlcsetup[1].exe is not safe and has been removed.
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
1
1
Guard: Malware found. A virus or unwanted program
'TR/Spy.Gen4' was found in file VLCSetup[1].exe Access
to file was denied. Please select a further action: (default:
Remove)
BitDefender has blocked a virus! Virus name:
Gen:Variant.Adware.Hotbar1 Location: VLCSetup[1].exe
Access to this file has been denied.
Address has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Adware.Hotbar.1 (Engine A). File:
VLCSetup[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
High Security Risk Found! Adware (00234eb41)
Page 63 of 106
Compromised
Quarantine
none
n/a
postal_amor.avi[1].exe is safe
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Behaviour Guard. Threat Name:
POSTAL_AMOR.AVI[1].exe
none
none
Neutralized
Pop up
Defended
PCT
Complete
Reme
Remediation
diation
22
Threat Report
(manual)
Effect
(intro)
Safe
Blocked
Effect
(manual)
Alert
(intro)
Toaster
Browser
Alert
(manual)
Product
NIS
TIS
Threat Report
(intro)
Incident
22
22
1
1
1
1
24
AVA
Toaster
Blocked
24
AVG
Pop up
Quarantine
24
AVI
Toaster
Removed
24
BDF
Toaster
Blocked
24
ESS
Blocked
24
GDA
1)Warning
on the
browser,
2)Toaster
pop-up
24
K7
toaster
24
KIS
(1)
browser;
(2) toaster
Access
denied
(1) Access
Denied; (2)
Denied
24
MIS
toaster
Removed
Disinfected
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
Pop up
Removed
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected! Threat name: Trojan horse
Generic23.BKUI Detected on open. (default: Move to
Vault)
Guard: Malware found. A virus or unwanted program
'TR/Kazy.30791.2' was found in file readme[1].exe
Access to file was denied. Please select a further action:
(default: Remove)
BitDefender has blocked a virus! Virus name:
Gen:Variant.Kazy.30791 Location: readme[1].exe Access
to this file has been denied.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus: Gen:VariantKazy.30791 (Engine A). File:
readme[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
High Security Risk Found! Spyware (00290e351)
n/a
n/a
There are 1 threat
and 3 infections in
your
computer.VLCSetu
p[1].exe
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// kdbhhhgsdjsb DOT cx DOT cc / k DOT
php?f=116%26e=1; (2) Denied: http:// kdbhhhgsdjsb
DOT cx DOT cc / k DOT php?f=116%26e=1 and http://
kdbhhhgsdjsb DOT cx DOT cc / favicon DOT ico
(analysis using the database of suspicious URLs)
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Artemis!42B87CD69202 (Trojan)
na
na
na
1
1
na
na
na
1
1
Page 64 of 106
1
Compromised
none
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
none
Neutralized
none
Defended
PCT
Complete
Reme
Remediation
diation
23
Threat Report
(manual)
Effect
(intro)
Blocked
Effect
(manual)
Alert
(intro)
Browser
Alert
(manual)
Product
TIS
Threat Report
(intro)
Incident
23
24
PCT
1)Pop up
2) Toaster
1)Block
2)Removed
25
AVA
Toaster
Blocked
25
AVG
Pop up
Removed
25
25
AVI
BDF
none
Toaster
none
Blocked
25
ESS
Blocked
25
GDA
1)Warning
on the
browser,
2)Toaster
(1) popup; (2)
dialogue
box
Disinfected
(after required
reboot)
PC Anti-Virus Protection 2012
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
Page 65 of 106
Compromised
Removed
Blocked
na
Neutralized
Toaster
Browser
Defended
NIS
TIS
Complete
Reme
Remediation
diation
24
24
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
PWS:Win32.Zbot.gen!AF. Recommended action:
Remove.
readme[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)Internet Security has blocked the high risk threat
Trojan.Gen 2)IntelliGuard was enabled and 1 detected
infections were successfully removed.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected. Threat name: TR/Crypt.XPACK.Gen3
Category: Unknown. Description: This is a potentially
unwanted application. These are programs that computer
users wish to be made aware of. These programs include
applications that have an impact on security, privacy,
resource consumption, or are associated with other
security risks. These programs can show a pattern of
installation without user permission or notice on a system
or be deemed to be separate and different from the
application installed. (default: Move to Vault)
none
BitDefender has blocked a virus! Virus name:
Trojan.Generic.KD.294205 Location: info[1].exe Access
to this file has been denied.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
(1) Virus alert. An attempt was made to access an
infected file. Virus: Trojan.Generic.KD.294205 (Engine
A). File: readme[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
(2) Unable to place file in quarantine because access is
blocked. The file will be deleted next time the system
restarts!
Threat Report
(manual)
Effect
(intro)
Removed
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
MSE
Threat Report
(intro)
Incident
24
1
toaster
Removed
25
MSE
pop-up
Removed
25
NIS
Toaster
Blocked
25
TIS
Browser
Blocked
25
PCT
Toaster
Quarantine
26
AVA
Toaster
Blocked
26
AVG
Pop up
Quarantine
26
26
AVI
BDF
none
Toaster
none
Blocked
26
ESS
1)Warning
on the
browser,
2)Toaster
Blocked
PC Anti-Virus Protection 2012
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// check DOT couponandfreebiemom DOT
com / d DOT php?f=21&e=5; (2) Denied: http:// check
DOT couponandfreebiemom DOT com / d DOT
php?f=21&e=5 and http:// check DOT
couponandfreebiemom DOT com / favicon DOT ico
(analysis using the database of suspicious URLs)
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Artemis!F305D1C09F08 (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: Rogue:Win32/FakeRean.
Recommended action: Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Behaviour Guard detected suspicious activity in
INFO[1].exe
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected! Threat name: Trojan horse
Generic4_c.QSF Detected on open. (default: Move to
Vault)
none
BitDefender has blocked a virus! Virus name:
Gen:Variant.Adware.Torpump.1 Location:
keygen_official[1].exe Access to this file has been
denied.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
Solved issues: 1
n/a
Deleted
n/a
Cookie.DoubleClic
k
1
1
n/a
n/a
n/a
1
Page 66 of 106
Compromised
MIS
High Security Risk Found! Trojan (0001140e1)
Neutralized
25
Defended
(1)
browser;
(2) toaster
Complete
Reme
Remediation
diation
KIS
Threat Report
(manual)
Effect
(intro)
25
Access
denied
(1) Access
Denied; (2)
Denied
Effect
(manual)
Alert
(intro)
toaster
Alert
(manual)
Product
K7
Threat Report
(intro)
Incident
25
1
1
Threat Report
(manual)
Complete
Reme
Remediation
diation
Defended
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// 100gigabitdownload DOT com /
getwinpump<...>; (2) Denied: http:// 100gigabitdownload
DOT com /
getwinpump?q=hotel%20imperium%20keygen%20officia
l and http:// 100gigabitdownload DOT com / favicon DOT
ico (analysis using the database of phishing URLs)
Program Wants Internet Access. McAfee detected a
program on your PC that is trying to accept incoming
connections from the Internet. Protect your PC by only
allowing Internet access for programs you trus. Program:
pumpa.exe. Default option: Allow always.
na
na
na
1
1
none
none (see note)
none (see
note)
none
none
none (see note)
Toaster
Blocked
n/a
n/a
1
1
TIS
Browser
Blocked
n/a
n/a
n/a
1
1
26
PCT
Yes
none
none
none
27
AVA
1)Pop up
2) Pop Up
Toaster
n/a
n/a
n/a
1
1
27
AVG
Pop up
Quarantine
n/a
n/a
n/a
1
1
27
AVI
none
none
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)Hotel_imperium_keygen_official is trying to access the
internet. 2) WinPump is trying to access the internet.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected! Threat name: Trojan horse
SHeur3.CIUF Detected on open. (default: Move to Vault)
none
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
Scan completed on
161641 items. No
threats were
detected on your
computer during
this scan.
n/a
n/a
n/a
n/a
1
1
Disinfected
26
K7
toaster
26
KIS
(1)
browser;
(2) toaster
Access
denied
(1) Access
Denied; (2)
Denied
26
MIS
pop-up
Allowed
access to the
Internet (see
note)
26
MSE
none
26
NIS
26
Blocked
PC Anti-Virus Protection 2012
Page 67 of 106
Compromised
Effect
(manual)
na
pop-up
Neutralized
Alert
(manual)
1
GDA
Threat Report
(intro)
1
Effect
(intro)
na
Alert
(intro)
na
Product
na
Incident
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Adware.Torpump.1 (Engine A).
File: hotel_imperium_keygen_official[1].exe. Default
option: Disinfect (if not possible: quarantine). When you
disinfect a file, data loss may occur thereby rendering the
file unusable. Are you sure you want to disinfect the file?
Default option: Yes.
High Security Risk Found! Riskware (0015e4f21)
26
1
1
1
Threat Report
(manual)
Complete
Reme
Remediation
diation
Defended
n/a
n/a
1
1
na
na
na
1
1
none
none (see note)
Denied (2x)
Denied: Trojan-Downloader.Java.Agent.au (2x)
na
na
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
Removed
(more than
10x) see note
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Artemis!FE89D25ABBBA (Trojan)
(more than 10x)
report
Quarantined
pop-up
Removed
na
NIS
TIS
none
Browser
none
Blocked
27
PCT
Pop up
Blocked
28
28
AVA
AVG
none
none
none
none
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
TrojanDownloader:Java/OpenConnection.AO.
Recommended action: Remove.
none
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Internet Security has blocked the high risk threat
Trojan.ADH.
none
none
28
AVI
Toaster
Removed
Blocked
27
ESS
Toaster
27
GDA
pop-up
Terminated Quarantined
Blocked
27
K7
none
none (see
note)
27
KIS
27
MIS
toaster
(2x)
toaster
(more
than 10x)
27
MSE
27
27
PC Anti-Virus Protection 2012
Guard: Malware found. A virus or unwanted program
'TR/Spy.Gen4' was found in file VLCSetup[1].exe Access
to file was denied. Please select a further action: (default:
Remove)
1
1
1
1
na
Viruses, Trojans,
and Cookies
Quarantined:
Artemis!FE89D25A
BBBA;
Downloader-BCS
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
No threat found
Warning: 1,
Removed and
healed
n/a
n/a
Moved to Virus
Vault
n/a
Corrupted
executable file
n/a
n/a
Page 68 of 106
Compromised
Effect
(manual)
n/a
Toaster
Neutralized
Alert
(manual)
1
BDF
Threat Report
(intro)
1
Effect
(intro)
n/a
Alert
(intro)
n/a
Product
n/a
Incident
BitDefender has blocked a virus! Virus name:
Trojan.Generic.6276009 Location: javatmp11055.com
Access to this file has been denied.
Threat: Java/TrojanDownloader.Agent.NBN trojan
Connection terminated -quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Java.Trojan.Downloader.OpenConnection.C
(Engine A). File: jar_cache56703.tmp. Default option:
Block file access
none
27
1
1
1
1
1
28
K7
toaster
28
KIS
none
28
MIS
toaster
Access
denied
none (see
note)
Removed
28
MSE
none
none (see
note)
28
28
NIS
TIS
Toaster
Browser
Removed
Blocked
28
PCT
none
none
29
AVA
Toaster
Blocked
29
AVG
none
none
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
n/a
na
n/a
na
n/a
na
1
1
1
1
na
na
na
1
1
none
none
none
none
Potentially Unwanted Program Blocked. McAfee
prevented a potentially unwanted program from running.
Protect your PC by only allowing programs you trust.
Potentially unwanted programs can compromise your
privacy or security. They can include spyware, adware,
and dialers, and can be downloaded with the programs
you want. Name: Adware-HotBar.d. Default option:
Remove.
none
na
na
na
none
none (see note)
VLCSectup[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
none
n/a
n/a
n/a
n/a
Scan completed on
179388 items. No
threats were
detected on your
computer during
this scan.
n/a
n/a
Pop up
Removed
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
none
n/a
n/a
There are 1 threat
and 3 infections in
your
computer.VLCSetu
p[1].exe
n/a
Warning: 1,
Removed and
healed
Moved to Virus
Vault
Corrupted
executable file
Page 69 of 106
Compromised
Blocked
Disinfected
BitDefender has blocked a virus! Virus name:
Gen:Variant.Adware.Hotbar1 Location: VLCSetup[1].exe
Access to this file has been denied.
Address has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus:Gen:Varaint.Adware.Hotbar.1 (Engine A). File:
VLCSetup[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
High Security Risk Found! Adware (00234eb41)
Neutralized
Toaster
pop-up
Defended
ESS
GDA
Complete
Reme
Remediation
diation
28
28
Threat Report
(manual)
Effect
(intro)
Blocked
Effect
(manual)
Alert
(intro)
Toaster
Alert
(manual)
Product
BDF
Threat Report
(intro)
Incident
28
1
1
1
1
1
1
1
1
1
1
1
1
Threat Report
(manual)
Complete
Reme
Remediation
diation
Defended
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
na
na
na
1
1
Denied (2x)
Denied: Trojan-Downloader.Java.Agent.dh (2x)
na
na
na
1
1
none (see
note)
none
report
Quarantined
pop-up
Removed
na
na
1
1
NIS
TIS
Toaster
Browser
Removed
Blocked
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
PCT
AVA
none
Toaster
none
Blocked
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
TrojanDownloader:Java/OpenConnection.MY.
Recommended action: Remove.
JavaLoad[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
none
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Viruses, Trojans,
and Cookies
Quarantined:
Downloader-BCS
na
none
n/a
none
n/a
none
n/a
1
1
Removed
29
BDF
Toaster
Blocked
29
ESS
Toaster
29
GDA
pop-up
Terminated Quarantined
Disinfected
29
K7
29
KIS
29
MIS
toaster
(2x)
toaster
(2x)
none
29
MSE
29
29
29
30
PC Anti-Virus Protection 2012
Page 70 of 106
Compromised
Effect
(manual)
n/a
1)Toaster,
2)Toaster
Neutralized
Alert
(manual)
n/a
AVI
Threat Report
(intro)
1
Effect
(intro)
1
Alert
(intro)
n/a
Product
n/a
Incident
n/a
Removed (2x)
1)Guard: Malware found. A virus or unwanted program
'WORM/Rebhip.A.3410' was found in file
JavaLoad[1].exe Access to file was denied. Please select
a further action: (default: Remove), 2)Guard: Malware
found. A virus or unwanted program
'WORM/Rebhip.A.3410' was found in file
jar_cache2670.tmp Access to file was denied. Please
select a further action: (default: Remove)
BitDefender has blocked a virus! Virus name:
Trojan.DownLoader.Java.C Location:
jar_cache37809.tmp Access to this file has been denied.
Threat: Java/TrojanDownloader.Agent.NCJ trojan
Connection terminated -quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Downloader.Java.C (Engine A). File:
jar_cache64469.tmp. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
High Security Risk Found! Trojan (00029332e1) (2x)
29
1
1
30
BDF
Toaster
Blocked
30
ESS
Blocked
30
GDA
1)Warning
on the
browser,
2)Toaster,
3)Toaster
pop-up
30
K7
toaster
30
KIS
(1)
browser;
(2) toaster
Access
denied
(1) Access
Denied; (2)
Denied
Disinfected
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Generic.KD.292675 (Engine A). File:
contact[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
High Security Risk Found! Riskware (0015e4f01)
na
na
na
1
1
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// securepaid DOT biz / verified / d DOT
php?f=21&e=3; (2) Denied: TrojanDropper.Win32.Dapato.frn
na
na
na
1
1
Page 71 of 106
Compromised
Removed
Threat detected! Threat name: Trojan horse
Downloader.VB.OSV Detected on open. (default: Move
to Vault)
Guard: Malware found. A virus or unwanted program
'TR/Dldr.Zbot.G' was found in file contacts[1].exe Access
to file was denied. Please select a further action: (default:
Remove)
BitDefender has blocked a virus! Virus name:
Trojan.Generic.KD.292675 Location: contacts[1].exe
Access to this file has been denied.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked. 3)Address has been blocked.
Neutralized
Toaster
Defended
AVI
Complete
Reme
Remediation
diation
30
Threat Report
(manual)
Effect
(intro)
Quarantine
Effect
(manual)
Alert
(intro)
Pop up
Alert
(manual)
Product
AVG
Threat Report
(intro)
Incident
30
(1) report; (2)
toaster; (3) pop-up
(1) none (see
note); (2) Buffer
Overflow
Prevented; (3)
Removed (after
required reboot)
30
MSE
pop-up
Removed
na
30
NIS
Toaster
Blocked
30
TIS
Browser
Blocked
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
TrojanDownloader:Win32/Zbot.G. Recommended action:
Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
PC Anti-Virus Protection 2012
na
(1) McAfee did not
detect any issues
on your PC. No
further action is
required.; (2)
Buffer Overflow
Prevented. McAfee
prevented a
program from
causing a buffer
overflow on your
PC (svchost.exe).
Hackers can use
buffer overflows to
secretly run
malicious
programs, steal
personal
information, or
hijack your PC. (3)
Trojan Detected.
McAfee detected
an infected file on
your PC. Restart
yoru PC so we can
fix it. Detected:
FakeAlertFAB!3b80803DBA
E4 (Trojan).
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Page 72 of 106
Compromised
Effect
(manual)
(1) Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: FakeAlert.XPSpy (Trojan); (2) Trojan
Removed. McAfee detected and automatically removed a
Trojan from your PC. No further action is needed.
Detected: Artemis!3B80803DBAE4 (Trojan); (3) Buffer
Overflow Prevented. McAfee prevented a program from
causing a buffer overflow on your PC (svchost.exe).
Hackers can use buffer overflows to secretly run
malicious programs, steal personal information, or hijack
your PC. (4) Trojan Removed. McAfee detected and
automatically removed a Trojan from your PC. No further
action is needed. Detected: Artemis!3B80803DBAE4
(Trojan); (5) Trojan Removed. McAfee detected and
automatically removed a Trojan from your PC. No further
action is needed. Detected: Artemis!968246F56184
(Trojan); (6) Trojan Removed. McAfee detected and
automatically removed a Trojan from your PC. No further
action is needed. Detected: Artemis!8C42CF4C13F0
(Trojan)
Neutralized
Alert
(manual)
(1-2)
Removed; (3)
Buffer
Overflow
Prevented; (46) Removed
Defended
Effect
(intro)
toaster
(6x)
Complete
Reme
Remediation
diation
Alert
(intro)
MIS
Threat Report
(manual)
Product
Threat Report
(intro)
Incident
30
1
31
AVG
Blocked
31
31
AVI
BDF
1)Warning
on the
browser,
2)Pop up
none
Toaster
31
31
ESS
GDA
Toaster
pop-up
Blocked
Disinfected
31
K7
toaster
(3x)
31
KIS
31
MIS
toaster
(3x)
(1)
toaster;
(2)
toaster;
(3) pop-up
(1) Access
denied; (2-3)
Removed (2x)
Denied (3x)
none
Blocked
Removed (3x)
(see note)
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
na
n/a
na
n/a
na
1
1
1
1
na
na
na
1
1
na
na
na
1
1
(1) Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Artemis!ACB5F39F2C4E (Trojan); (2)
Potentially Unwanted Program Blocked. McAfee
prevented a potentially unwanted program from running.
Protect your PC by only allowing programs you trust.
Potentially unwanted programs can compromise your
privacy or security. They can include spyware, adware,
and dialers, and can be downloaded with the programs
you want. Name: Generic PUP.x. Default option:
Remove.; (3) Trojan Detected. McAfee detected an
infected file on your PC. Restart your PC so we can fix it.
Detected: AdClicker-BJ (Trojan)
na
na (see note)
na
Page 73 of 106
Compromised
Blocked
1)Wahlen Werther is trying to access the internet. Do you
trust this application? 2) IntelliGuard was enabled and 1
detected infections were successfully removed.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
1)Danger: Surf-Shield has detected active threats on this
page and has blocked access for your protection.
2)Threat was blocked! File name: 7.htm Threat name:
Exploit Exploitive IFrame Collection (type 1506)
none
BitDefender has blocked a virus! Virus name:
Gen:Variant.Kazy.22992 Location: p[1].exe Access to
this file has been denied.
Address has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus: JS:CVE-2010-0806-AP [Expl] (Engine B). File:
ieee[1].jpg. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
(1) High Security Risk Found! Exploit (4fef863b0); (2)
High Security Risk Found! Trojan (8b0117490); (3) High
Security Risk Found! Exploit (4fef863b0)
Denied: HEUR:Exploit.Script.Generic (3x)
Neutralized
Toaster
Defended
AVA
Complete
Reme
Remediation
diation
31
Threat Report
(manual)
Effect
(intro)
Yes
Effect
(manual)
Alert
(intro)
1)Pop up
2) Toaster
Alert
(manual)
Product
PCT
Threat Report
(intro)
Incident
30
1
31
PCT
1)Pop up
2) Toaster
Quarantine
32
AVA
Toaster
Blocked
32
AVG
Pop up
Quarantine
32
AVI
Toaster
Removed
32
BDF
Toaster
Blocked
32
32
ESS
GDA
Toaster
pop-up
Blocked
Blocked
32
K7
pop-up
(2x)
32
KIS
toaster
(1) Allowed
access to the
Internet; (2)
Unable to
delete
Denied (see
note)
PC Anti-Virus Protection 2012
Address has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus:Trojan.Generic.6334305 (Engine A). File:
resulturl-setup[1].exe. Default option: Block file access
(1) Application is accessing the Internet. The program
resulturl178.exe is preparing to act as server on the
network. Developer name: Not Available. Default option:
Allow; (2) High Security Risk Found. Adware (0006f6b21)
Denied: not-a-virus:Adware.Win32.Zwangi.heur
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
No threat found
n/a
n/a
Warning: 1,
Removed and
healed
Moved to Virus
Vault
Corrupted
executable file
1
A virus or
unwanted program
was found!
Move to quarantine
Moved to
quarantine: EicarTest-Signature
1
Your attention is
required to clean 1
threat(s) affecting
1 object(s).
n/a
na
Ignore
Trojan.Generic.633
4305
n/a
na
n/a
na
none
none (see note)
Scan Completed.
No Viruses,
spyware or other
risks were found.
none
none (see note)
none
Page 74 of 106
Compromised
none
Blocked
na
Neutralized
none
Browser
Defended
NIS
TIS
Complete
Reme
Remediation
diation
31
31
Security Essentials detected 2 potential threats that
might compromise your privacy or damage your
computer. Your access to these items may be suspended
until you take an action. Detected items:
Exploit:JS/Mult.DE and
TrojanDownloader:Win32/Small.gen!AO. Recommended
action: Remove.
none
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)Behaviour Guard detected suspicious activity in P.exe,
2) Internet Security has blocked an application
iexplorer.exe attempting to close a file.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected. Threat name: OneStepSearcher.AG
Category: Adware Description: This is a potentially
unwanted application. These are programs that computer
users wish to be made aware of. (default: Move to Vault)
Guard: Malware found. A virus or unwanted program
'TR/Boigy.AD.2' was found in file resulturl.dll Access to
file was denied. Please select a further action: (default:
Remove)
BitDefender has blocked a virus! Virus name:
Trojan.Generic.6334305 Location: resulturl[1].exe
Access to this file has been denied.
Threat Report
(manual)
Effect
(intro)
Removed
(see note)
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
MSE
Threat Report
(intro)
Incident
31
1
1
1
1
1
1
1
1
Alert
(manual)
Effect
(manual)
none
none (see note)
32
MSE
none
none (see
note)
none
none
none (see note)
32
32
NIS
TIS
Toaster
Browser
Removed
Blocked
n/a
n/a
n/a
n/a
32
PCT
1)Pop Up
2) Pop Up
1)yes 2)Block
resulturl-setup[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)RESULTURL_SETUP[1].exe is trying to modify or
control another application. 2) Internet Security has
blocked access to the bad website:
upgrade.resultbrowse.com
Pop up
Removed
33
33
AVA
AVG
none
Pop up
none
Quarantine
none
Threat detected. Threat name: Unknown. Description:
Not available. (default: Move to Vault)
n/a
Moved to Virus
Vault
33
33
AVI
BDF
none
Toaster
none
Blocked
n/a
n/a
n/a
n/a
1
1
1
1
33
ESS
Toaster
Terminated Quarantined
n/a
n/a
n/a
1
1
33
GDA
pop-up
Disinfected
none
BitDefender has blocked a virus! Virus name:
Trojan.Generic.KD.295620 Location: album[1].cmd
Access to this file has been denied.
Threat: probably a variant of
Win32/TrojanDownloader.VB.PHI trojan Connection
terminated - quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Generic.KD.295620 (Engine A). File:
album[1].cmd. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
No threat found
Warning: 1,
Removed and
healed
n/a
n/a
There are 1 threat
and 3 infections in
your
computer.resulturl_
setup.exe
n/a
Corrupted
executable file
na
na
na
1
1
Page 75 of 106
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
Scan completed on
156032 items. No
threats were
detected on your
computer during
this scan.
n/a
n/a
Compromised
Threat Report
(intro)
none
Neutralized
Effect
(intro)
none (see
note)
Defended
Alert
(intro)
none
Complete
Reme
Remediation
diation
Product
MIS
PC Anti-Virus Protection 2012
Threat Report
(manual)
Incident
32
1
1
1
1
1
1
1
1
1
33
MIS
none
none (see
note)
33
MSE
pop-up
Removed
33
33
33
NIS
TIS
PCT
Toaster
none
Pop up
Removed
none
Quarantine
34
AVA
1)Toaster,
2)Toaster
1)Blocked,
2)Quarantine
34
AVG
1)Warning
on the
browser,
2)Pop up
Blocked
PC Anti-Virus Protection 2012
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
na
na
none
none (see note)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
TrojanDownloader:Win32/Banker.G. Recommended
action: Remove.
album[1].cmd is not safe and has been removed.
none
Behaviour Guard detected suspicious activity in winds,
album[1].cmd
1)Malware blocked. Avast! File System Shield has
blocked a threat. No further action is required. Infection:
HTML:Iframe-inf 2)Malware blocked. Avast! Script Shield
has blocked a threat. No further action is required.
Infection: HTML:Iframe-inf Action: Moved to chest
1)Danger: Surf-Shield has detected active threats on this
page and has blocked access for your protection.
2)Threat was blocked! File name: index.php Threat
name: Exploit Blackhole Exploit Kit (type 2029)
na
na
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
na
n/a
none
n/a
n/a
none
n/a
n/a
n/a
Page 76 of 106
Compromised
(1) Access
Denied; (2)
Denied
none (see note)
Neutralized
(1)
browser;
(2) toaster
none
Defended
KIS
(1) Application is accessing the Internet. The program
album[1].cmd is preparing to act as server on the
network. Developer name: Microsoft. Default option:
Allow; (1) Application is accessing the Internet. The
programwinlive.exe is connection to the network.
Developer name: Not Available. Default option: Allow; (3)
System monitor alert. New AutoStart Entry Found! A new
program has been added to run atuomatically whenever
Windows boots up. Default option: Block Always.
(1) Access Denied. The request URL cannot be provided.
URL: http:// dl DOT dropbox DOT com / u / 35838372 /
album DOT cmd? / index DOT html; (2) Denied:
HEUR:Trojan-Downlaoder.Win32.Generic
none
Complete
Reme
Remediation
diation
33
Threat Report
(manual)
Effect
(intro)
(1) Allowed
access to the
Internet; (2)
Unable to
delete
Effect
(manual)
Alert
(intro)
pop-up
(2x)
Alert
(manual)
Product
K7
Threat Report
(intro)
Incident
33
1
1
1
1
1
1
n/a
none
n/a
1
1
1
1
n/a
n/a
1
1
n/a
n/a
1
1
1
34
ESS
Toaster
34
GDA
pop-up
Terminated Quarantined
Disinfected
34
K7
toaster
Quarantined
(after required
reboot)
34
KIS
toaster
Denied
PC Anti-Virus Protection 2012
n/a
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
none
none (see note)
Denied: Trojan-Downloader.JS.Agent.qdq
na
na
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
Page 77 of 106
Compromised
Blocked
n/a
Neutralized
Toaster
n/a
Defended
BDF
1)Guard: Malware found. A virus or unwanted program
'JS/Blacole.A' was found in file index[1].htm Access to file
was denied. Please select a further action: (default:
Remove) 2)Guard: Malware found. AntiVir Guard
detected 3 viruses or unwanted programs. Access was
denied. Please select a further action: (default: Remove)
BitDefender has blocked multiple viruses! Virus Name:
ExploitJS.Agent.BG (File access was blocked), Virus
Name: Gen:Variant.Kazy.31516 (File access was
blocked). The infected objects have been treated. Your
PC is protected!
Threat: HTML/Iframe.B.Gen virus Connection terminated
- quarantined
Virus alert. An attempt was made to access an infected
file. Virus:HTML:Iframe-inf (Engine B). File: ccard[1].htm.
Default option: Disinfect (if not possible: quarantine).
When you disinfect a file, data loss may occur thereby
rendering the file unusable. Are you sure you want to
disinfect the file? Default option: Yes.
High Security Risk Found! Suspicious Program
(ID30005). Marked for deletion after restart.
Complete
Reme
Remediation
diation
34
Threat Report
(manual)
Effect
(intro)
Removed
Effect
(manual)
Alert
(intro)
1)Toaster,
2)Toaster
Alert
(manual)
Product
AVI
Threat Report
(intro)
Incident
34
1
1
1
1
PC Anti-Virus Protection 2012
none
Page 78 of 106
(1) Trojan
Removed. McAfee
detected and
automatically
removed a Trojan
from your PC. No
further action is
needed. Detected:
FAkeAlert!qrb
(Trojan); (2) Risky
Connection
Blocked. McAfee
has blocked your
PC from making a
potentially risky
connection. IP
Address:
95.211.22.217.
Program: Generic
Host Process for
Win32 Services.;
(3) Trojan
Removed. McAfee
detected and
automatically
removed a Trojan
from your PC. No
further action is
needed. Detected:
FAkeAlert!qrb
(Trojan); (4)
Viruses, Trojans,
and Cookies
Removed: TDSS
e!rootkit, CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
Compromised
Neutralized
Defended
(1) Removed; (2)
Blocked; (3)
Removed; (4)
Removed
Complete
Reme
Remediation
diation
(1-3) toaster; (4)
report
Threat Report
(manual)
Effect
(intro)
none (see
note)
Effect
(manual)
Alert
(intro)
none
Alert
(manual)
Product
MIS
Threat Report
(intro)
Incident
34
1
34
TIS
Browser
Blocked
34
35
PCT
AVA
none
Toaster
none
Blocked
35
AVG
1)Pop up,
2)Pop up
Quarantine
35
AVI
Toaster
Removed
35
BDF
Toaster
Blocked
35
ESS
Blocked
35
GDA
1)Warning
on the
browser,
2)Toaster,
3)Toaster
pop-up
Disinfected
PC Anti-Virus Protection 2012
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
Warning: 1,
Removed and
healed
Moved to Virus
Vault
Corrupted
executable file
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Kazy.26919 (Engine A). File:
readme[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
na
na
na
1
1
Page 79 of 106
1
Compromised
Blocked
Security Essentials detected 3 potential threats that
might compromise your privacy or damage your
computer. Your access to these items may be suspended
until you take an action. Detected items:
Exploit:JS/Blacole.A, Trojan:Win32/FakeSysdef,
Exploit:Win32/PDfjsc.RF. Recommended action:
Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
none
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
1)Threat detected! Threat name: Trojan horse
BackDoor.Generic14.HFL Detected on open. (default:
Move to Vault) 2)Threat detected. Threat name:
"Win32/Kryptic.PTH Category: Trojan Description: This is
a known Trojan/Backdoor. It is recommended that you
quarantine this threat. (default: Move to Vault)
Guard: Malware found. A virus or unwanted program
'BDS/Paprs.cyd' was found in file readme[1].exe Access
to file was denied. Please select a further action: (default:
Remove)
BitDefender has blocked multiple viruses! Virus Name:
Trojan.Generic.KD.2847... (File access was blocked),
Virus Name: Gen:Variant.Kazy.26919 (File access was
blocked). The infected objects have been treated. Your
PC is protected!
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked. 3)Address has been blocked.
Neutralized
Toaster
Defended
NIS
Complete
Reme
Remediation
diation
34
Threat Report
(manual)
Effect
(intro)
Removed
(after required
reboot)
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
MSE
Threat Report
(intro)
Incident
34
toaster
Removed
35
MSE
pop-up
Removed
35
35
NIS
TIS
Toaster
Browser
Removed
Blocked
35
PCT
1)Pop up
2) Toaster
3) Toaster
1) Block 2)
Quarantined
3) Removed
36
AVA
Toaster
Blocked
36
AVG
Toaster
Quarantine
36
AVI
Toaster
Removed
36
BDF
Toaster
Blocked
PC Anti-Virus Protection 2012
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// isof DOT susubbs DOT com / d DOT
php?f=45&amp;amp;amp;amp;amp;amp;e=6; (2) Denied:
http:// isof DOT susubbs DOT com / d DOT
php?f=45&amp;amp;amp;amp;amp;amp;e=6 and http://
isof DOT susubbs DOT com / favicon DOT ico (analysis
using the database of suspicious URLs)
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected:Generic.dx!zym (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items:
TrojanSpy:Win32/Ursnif.gen!J. Recommended action:
Remove.
readme[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)Internet Security has blocked the high risk
threatBackdoor.trojan , 2)Download Guard detected a
threat in README[1].EXE, this file has been
automatically quarantined for your protection.
3)IntelliGuard was enabled and 1 detected infections
were successfully removed.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
1)Threat detected! Threat name: Trojan horse
Generic_r.GX Detected on open. (default: Move to Vault)
Guard: Malware found. A virus or unwanted program
'TR/Dropper.Gen' was found in file 216028[1].exe Access
to file was denied. Please select a further action: (default:
Remove)
BitDefender has blocked a virus! Virus name:
Trojan.Generic.KD.294159 Location: 216028[1].exe
Access to this file has been denied.
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Page 80 of 106
Compromised
MIS
High Security Risk Found! Backdoor (0028b0291)
Neutralized
35
Defended
(1)
browser;
(2) toaster
Complete
Reme
Remediation
diation
KIS
Threat Report
(manual)
Effect
(intro)
35
Access
denied
(1) Access
Denied; (2)
Denied
Effect
(manual)
Alert
(intro)
toaster
Alert
(manual)
Product
K7
Threat Report
(intro)
Incident
35
Effect
(manual)
Threat Report
(manual)
Complete
Reme
Remediation
diation
Defended
1
1
Disinfected
na
na
na
1
1
36
K7
toaster
Blocked (see
note)
none
none (see note)
Scan Completed.
No Viruses,
spyware or other
risks were found.
36
KIS
(1)
browser;
(2) toaster
(1) Access
Denied; (2)
Denied
na
na
na
1
1
36
MIS
toaster
Removed
na
na
na
1
1
36
MSE
pop-up
Removed
(see note)
report
Removed
TrojanDownloader:
Win32/Vundo.HIY
36
36
NIS
TIS
Toaster
Browser
Removed
Blocked
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
36
37
PCT
AVA
none
Toaster
none
Blocked
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Genric.KD.294159 (Engine A). File:
216028[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
System monitor alert. New AppInitDll Entry Found! A new
program () has been added as a registry entry to load
automatically when you logon. Normally other than
userinit.exe no other program should be present here.
Advise: Not available. Please proceed with caution!
Default option: Block Always.
(1) Access Denied. The request URL cannot be provided.
URL: http:// dastall DOT dyndns-wiki DOT com / maklr /
d4 DOT php; (2) Denied: http:// dastall DOT dyndns-wiki
DOT com / maklr / d4 DOT php and http:// dastall DOT
dyndns-wiki DOT com / favicon DOT ico (analysis using
the database of suspicious URLs)
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Generic.qrp!k (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
TrojanDownloader:Win32/Vundo.HIY Recommended
action: Remove.
216028[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
none
Dropper blocked. The threat was detected when the file
was created or modified.
none
n/a
none
n/a
none
n/a
1
1
36
PC Anti-Virus Protection 2012
Page 81 of 106
Compromised
Alert
(manual)
n/a
Neutralized
Effect
(intro)
n/a
ESS
Threat Report
(intro)
Alert
(intro)
n/a
Product
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked. 3)Address has been blocked.
Incident
Blocked
GDA
1)Warning
on the
browser,
2)Toaster,
3)Toaster
pop-up
36
1
1
1
37
BDF
Toaster
Blocked
37
ESS
Toaster
Terminated Quarantined
37
GDA
pop-up
Disinfected
37
K7
toaster
37
KIS
(1)
browser;
(2) toaster
Access
denied
(1) Access
Denied; (2)
Denied
37
MIS
toaster
Removed
37
MSE
pop-up
Removed
(see note)
37
37
NIS
TIS
Toaster
Toaster
Removed
Removed
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
none
none (see note)
n/a
none
n/a
none
Scan completed on
175778 items. No
threats were
detected on your
computer during
this scan.
n/a
none
Page 82 of 106
Compromised
Removed
Corrupted
executable file
Neutralized
Toaster
Moved to Virus
Vault
Defended
AVI
Warning: 1,
Removed and
healed
Complete
Reme
Remediation
diation
37
1)Threat detected. Threat name: TR/Dldr.Delphi.Gen
Category: Unknown Description: This is a potentially
unwanted application. These are programs that computer
users wish to be made aware of. (default: Move to Vault)
2)Threat detected! Threat name: Trojan horse
Generic4_c.AKEZ Detected on open (default: Move to
Vault)
Guard: Malware found. A virus or unwanted program
'TR/Dldr.Delphi.Gen' was found in file imagem[1].com
Access to file was denied. Please select a further action:
(default: Remove)
BitDefender has blocked a virus! Virus name:
Gen:Trojan.Heur.PT.cGW@bC4ztaoG Location:
imagem[1].com Access to this file has been denied.
Threat: a variant of
Win32/TrojanDownloader.Banload.PKX trojan
Connection terminated - quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Trojan.Heur.PT.cGW@bC4ztaoG (Engine
A). File: imagem[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
High Security Risk Found! Trojan-Downloader
(85360ede0)
(1) Access Denied. The request URL cannot be provided.
URL: http:// dl DOT dropbox DOT com / u / 35882506 /
imagem DOT com?comprovante DOT bap / index DOT
html; (2) Denied: HEUR:TrojanDownlaoder.Win32.Generic
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: PWS-Banker!qyf (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
Trojan:WinNT/Bancos.G. Recommended action:
Remove.
imagem[1].com is not safe and has been removed.
Some security threats have been removed for your
safety.
Threat Report
(manual)
Effect
(intro)
Quarantine
Effect
(manual)
Alert
(intro)
1)Pop up,
2)Pop up
Alert
(manual)
Product
AVG
Threat Report
(intro)
Incident
37
1
1
1
1
1
38
AVG
Pop up
Quarantine
38
38
AVI
BDF
none
Toaster
none
Blocked
38
ESS
Blocked
38
GDA
1)Warning
on the
browser,
2)Toaster,
3)Toaster
pop-up
38
K7
toaster
38
KIS
(1)
browser;
(2) toaster
Quarantined
(after required
reboot) (see
note)
(1) Access
Denied; (2)
Denied
38
MIS
toaster
Removed
Disinfected
(after required
reboot)
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
Resolved items: 1.
No threats require
your attention.
n/a
n/a
Deleted
n/a
Cookie.DoubleClic
k
1
1
n/a
n/a
1
1
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Generic.KDV.293602 (Engine A). File:
info[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.;
Unable to place file in quarantine because access is
blocked. The file will be deleted next time the system
restarts!
High Security Risk Found! Suspicious Program
(ID30003). Marked for deletion after restart.
na
na
na
1
1
none
none (see note)
(1) Access Denied. The request URL cannot be provided.
URL: http:// x400 DOT bz DOT cm / d DOT
php?f=19&amp;e=0; (2) Denied: http:// x400 DOT bz
DOT cm / d DOT php?f=19&amp;e=0 andhttp:// x400
DOT bz DOT cm / favicon DOT ico (analysis using the
database of suspicious URLs)
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: FakeAlert-Rena.p (Trojan)
na
na
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
1
1
na
na
na
1
1
Page 83 of 106
1
1
Compromised
Blocked
1)Imagem[1] is trying to access the internet. 2) Internet
Security has blocked the high risk threat
HeurEngine.MaliciousPacker. 3) IntelliGuard was
enabled and 1 detected infections were successfully
removed.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected! File name: info[1].exe Threat name:
Trojan horse FakeAlert.AFB Detected on open. (default:
Move to Vault)
none
BitDefender has blocked a virus! Virus name:
Trojan.Generic.KDV.293602 Location: info[1].exe Access
to this file has been denied.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked. 3)Address has been blocked.
Neutralized
Toaster
Defended
AVA
Complete
Reme
Remediation
diation
38
Threat Report
(manual)
Effect
(intro)
1) Yes 2)
Block 3)
Removed
Effect
(manual)
Alert
(intro)
1)Pop up
2) Toaster
3) Toaster
Alert
(manual)
Product
PCT
Threat Report
(intro)
Incident
37
38
PCT
Pop up
Quarantine
39
39
39
39
AVA
AVG
AVI
BDF
Toaster
none
none
Toaster
Blocked
none
none
Blocked
39
ESS
Toaster
39
GDA
pop-up
Terminated Quarantined
Disinfected
39
K7
pop-up
39
KIS
none
39
MIS
toaster
Allowed
access to the
Internet (see
note)
none (see
note)
Removed
39
MSE
pop-up
Removed
PC Anti-Virus Protection 2012
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
1
1
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
none
none (see note)
none
na
na
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
1
1
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Artemis!1B528CF64850 (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
TrojanDownloader:Java/OpenConnection.C.
Recommended action: Remove.
na
na
na
1
1
na
na
na
1
1
Page 84 of 106
Compromised
Removed
Blocked
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
Rogue:Win32/FakeRean. Recommended action:
Remove.
Info[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Behaviour Guard detected suspicious activity in winds,
INFO[1].exe
Trojan horse blocked. HTML:Downloader-AC [Trj]
none
none
BitDefender has blocked a virus! Virus Name:
Trojan.Generic.KD.296178 Location: javafire58115.exe
Access to this file has bee denied.
Threat: Java/TrojanDownloader.Agent.NCC trojan
Connection terminated - quarantined
Virus alert. An attempt was made to access an infected
file. Virus: HTML:Downloader-AC [Trj] (Engine B). File:
izle-Teen-Wolf-1-Sezon-6-Bolum[1].htm. Default option:
Disinfect (if not possible: quarantine). When you disinfect
a file, data loss may occur thereby rendering the file
unusable. Are you sure you want to disinfect the file?
Default option: Yes.
Application is accessing the Internet. The program
javafire25800.exe is connection to a network. Developer
name: Microsoft. Default option: Allow.
Neutralized
Toaster
Browser
Defended
NIS
TIS
Complete
Reme
Remediation
diation
38
38
Threat Report
(manual)
Effect
(intro)
Removed
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
MSE
Threat Report
(intro)
Incident
38
1
40
AVA
Toaster
Blocked
40
AVG
Toaster
Blocked
40
AVI
none
none
40
BDF
Toaster
Blocked
40
ESS
Blocked
40
GDA
1)Warning
on the
browser,
2)Toaster,
3)Toaster
pop-up
40
K7
toaster
Quarantined
(after required
reboot) (see
note)
Disinfected
PC Anti-Virus Protection 2012
BitDefender has blocked a virus! Virus Name:
Gen:Variant.FakeAlert.88 Location: readme[1].exe
Access to this file has been denied.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked. 3)Address has been blocked.
Virus alert. An attempt was made to access an infected
file. Virus:Gen:Vriant.FakeAlert.88 (Engine A). File:
readme[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.;
Unable to place file in quarantine because access is
blocked. The file will be deleted next time the system
restarts!
High Security Risk Found! Suspicious Program
(ID30003). Marked for deletion after restart.
Compromised
Blocked
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
A virus or
unwanted program
was found!
Resolved items: 1.
No threats require
your attention.
n/a
Move to quarantine
Moved to
quarantine: EicarTest-Signature
Cookie.DoubleClic
k
1
n/a
n/a
1
1
na
na
na
1
1
none
none (see note)
Scan Completed.
No Viruses,
spyware or other
risks were found.
Page 85 of 106
Deleted
Neutralized
Pop up
Defended
PCT
Complete
Reme
Remediation
diation
39
javafire37568.exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Internet Security has blocked the high risk threat
Trojan.ByteVerify
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat detected. File name: WUE.EXE Threat name:
"Win32/Kryptic.QPO Category: Trojan Description: This
is a known Trojan/Backdoor. It is recommended that you
quarantine this threat. (default: Move to Vault)
none
Threat Report
(manual)
Effect
(intro)
Removed
Blocked
Effect
(manual)
Alert
(intro)
Toaster
Browser
Alert
(manual)
Product
NIS
TIS
Threat Report
(intro)
Incident
39
39
1
1
40
MSE
pop-up
Removed
40
NIS
Toaster
Blocked
40
TIS
Browser
Blocked
40
PCT
Pop up
Blocked
41
41
AVA
AVG
Toaster
Pop up
Blocked
Quarantine
41
AVI
Toaster
Removed
41
BDF
Toaster
Blocked
41
ESS
Toaster
Blocked
41
GDA
pop-up
Disinfected
PC Anti-Virus Protection 2012
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
Page 86 of 106
Compromised
Removed
na
Neutralized
toaster
Defended
MIS
Complete
Reme
Remediation
diation
40
(1) Access Denied. The request URL cannot be provided.
URL: http:// games DOT localtraficattorneus DOT com /
d DOT php?f=19&e=2; (2) Denied: http:// games DOT
localtraficattorneus DOT com / d DOT php?f=19&e=2
and http:// games DOT localtraficattorneus DOT com /
favicon DOT ico (analysis using the database of
suspicious URLs)
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: FakeAlert-Rena.p (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
Rogue:Win32/FakeRean. Recommended action:
Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Behaviour Guard detected suspicious activity in
winds,README[1].exe
Trojan horse blocked. Win32:Small-JPG
Threat detected! File name: load[1].exe Threat name:
Trojan horse Flooder.O Detected on open. (default: Move
to Vault)
Guard: Malware found. A virus or unwanted program
'WORM/Rbot.Gen' was found in file load[1].exe Access to
file was denied. Please select a further action: (default:
Remove)
BitDefender has blocked a virus! Virus Name:
Trojan.Generic.5959985 Location: load[1].exe Access to
this file has been denied.
Threat: Win32/Agent.NGC trojan Connection terminated quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Generic.5959985 (Engine A). File:
load[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
Threat Report
(manual)
Effect
(intro)
(1) Access
Denied; (2)
Denied
Effect
(manual)
Alert
(intro)
(1)
browser;
(2) toaster
Alert
(manual)
Product
KIS
Threat Report
(intro)
Incident
40
toaster
Removed
41
MSE
pop-up
Removed
41
41
NIS
TIS
Toaster
Pop up
Removed
Restart
41
PCT
1)Pop up
2)Toaster
Blocked
42
AVA
Toaster
Blocked
42
AVG
Pop up
Quarantine
42
AVI
Toaster
Removed
42
BDF
Toaster
Blocked
42
ESS
Toaster
42
GDA
pop-up
Terminated Quarantined
Disinfected
PC Anti-Virus Protection 2012
na
na
1
1
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
Page 87 of 106
Compromised
MIS
na
Neutralized
41
Defended
(1)
browser;
(2) toaster
Complete
Reme
Remediation
diation
KIS
High Security Risk Found! Trojan-Downloader
(00014ede1)
(1) Access Denied. The request URL cannot be provided.
URL: http:// ad DOT inewsweek DOT cn / docs / DOT q /
load DOT php; (2) Denied: URL: http:// ad DOT
inewsweek DOT cn / docs / DOT q / load DOT php
(analysis using the base of suspicious URLs)
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: FDoS-BEnergy (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
Backdoor:Win32/Phdet.gen!A. Recommended action:
Remove.
load[1].exe is not safe and has been removed.
You must restart the computer to finish removing a
security threat in the file named below. Load[1].exe
1)Internet Security has blocked the high risk threat
Downloader.Generic. 2) IntelliGuard was enabled and 1
detected infections were successfully removed.
Malware blocked. Avast! File System Shield has blocked
a threat. Infection: Win32:Malware-gen
Threat detected! Threat name: Trojan horse
Downloader.Generic11.BIXL Detected on open. (default:
Move to Vault)
Guard: Malware found. A virus or unwanted program
'TR/Downloader.Gen' was found in file
FlashUpdate[1].exe Access to file was denied. Please
select a further action: (default: Remove)
BitDefender has blocked a virus! Virus Name:
Trojan.Generic.6342238 Location: FlashUpdate[1].exe
Access to this file has been denied.
Threat: Win32/ProxyChanger.T trojan Connection
terminated - quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Generic.6342238 (Engine A). File:
FlashUpdate[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
Threat Report
(manual)
Effect
(intro)
41
Access
denied
(1) Access
Denied; (2)
Denied
Effect
(manual)
Alert
(intro)
toaster
Alert
(manual)
Product
K7
Threat Report
(intro)
Incident
41
toaster
Removed
42
MSE
pop-up
Removed
42
42
NIS
TIS
Toaster
Browser
Removed
Blocked
42
PCT
1)Pop up
2)Toaster
3) Toaster
1)yes
2)Quarantine
3)Blocked
43
AVA
Toaster
Blocked
43
AVG
Pop up
Quarantine
43
AVI
none
none
PC Anti-Virus Protection 2012
na
na
na
1
1
(1) Access Denied. The request URL cannot be provided.
URL: http:// host11 dot 186-109-81 DOT telecom DOT
net DOT ar / PortalZafiro / Lib /FlashUpdate DOT exe; (2)
Denied: Trojan-Downloader.Win32.Delf.hfrh
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Artemis!2A0A224BED00 (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
TrojanSpy:Win32/Bancos.ACM. Recommended action:
Remove.
FlashUpdate[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)Flashupdate[1].exe is trying to access the internet.
2)Behaviour Guard detected suspicious activity in
Flashupdate[1].exe. 3) Internet security has blocked an
application attempting to close a file.
Spyware blocked.
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
Threat detected!
Move to Chest
Threat detected. Threat name:
"Win32/TrojanDownloader.Banload.QBI Category: Trojan
Description: This is a known Trojan/Backdoor. It is
recommended that you […] (default: Move to Vault)
none
Warning: 1,
Removed and
healed
Moved to Virus
Vault
Threat:
Win32:Spywaregen[Spy]
Corrupted
executable file
4 viruses and/or
unwanted
programs were
found | Detections:
4, Moved: 3
Move to quarantine
Page 88 of 106
Moved to
quarantine: EicarTest-Signature,
TR/Spy.Banocs.ZL
.28 (in
modulo[1].txt),
TR/Spy.Bancos.ZL
.28 (in iexplorer.txt)
Compromised
MIS
(1) High Security Risk Found! Trojan (ce03e6000); (2)
High Security Risk Found! Riskware (b7a972fl0)
Neutralized
42
Defended
(1)
browser;
(2) toaster
Complete
Reme
Remediation
diation
KIS
Threat Report
(manual)
Effect
(intro)
42
(1) Access
denied; (2)
Removed
(1) Access
Denied; (2)
Denied
Effect
(manual)
Alert
(intro)
toaster
(2x)
Alert
(manual)
Product
K7
Threat Report
(intro)
Incident
42
1
1
1
43
GDA
pop-up
Disinfected
43
K7
(1) popup; (2)
toaster;
(3) popup; (4)
toaster
43
KIS
(1)
browser;
(2) toaster
(1) Allowed
access to the
Internet; (2)
Removed; (3)
Allowed
access to the
Internet; (4)
Removed
(see note)
(1) Access
Denied; (2)
Denied
43
MIS
toaster
Removed
43
MSE
pop-up
Removed
43
NIS
Toaster
Removed
43
43
TIS
PCT
none
Pop up
none
Quarantine
44
AVA
Toaster
Blocked
PC Anti-Virus Protection 2012
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
none
none (see note)
Scan Completed.
No Viruses,
spyware or other
risks were found.
(1) Access Denied. The request URL cannot be provided.
URL: http:// dress2impress DOT nl / templates / adobeacrobat DOT php?open; (2) Denied: HEUR:TrojaDownlaoder.Win32.Generic
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Generic Downlaoder.x!fod (Trojan)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
TrojanDownloader:Win32/Banload.QI. Recommended
action: Remove.
adobe-acrobat01634[1].com is not safe and has been
removed.
none
Behaviour Guard detected suspicious activity in ADOBEACROBATE01634[1].COM
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
Page 89 of 106
1
Compromised
Terminated Quarantined
BitDefender has blocked a virus! Virus Name:
Trojan.Crypt.Delf.AG Location: AdobeAcrobate01634[1].com Access to this file has been
denied.
Threat: a variant of
Win32/TrojanDownloader.Banload.QBI trojan Connection
terminated - quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Crypt.Delf.AG (Engine A). File:AdobeAcrobate01634[1].com. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
(1) Application is accessing the Internet. The program
Adobe-Acrobate01634[1].com is connection to a network.
Developer name: Not Available. Default option: Allow; (2)
High Security Risk Found! Riskware (0015e4f01); (3)
Application is accessing the Internet. The program
msmsgs.exe is connection to a network. Developer
name: Not Available. Default option: Allow; (4) High
Security Risk Found! Riskware (8ea0f2f10)
Neutralized
Toaster
Defended
ESS
Complete
Reme
Remediation
diation
43
Threat Report
(manual)
Effect
(intro)
Blocked
Effect
(manual)
Alert
(intro)
Toaster
Alert
(manual)
Product
BDF
Threat Report
(intro)
Incident
43
44
BDF
Toaster
Blocked
44
ESS
Blocked
44
GDA
1)Warning
on the
browser,
2)Toaster
pop-up
(2x)
44
K7
none
none (see
note)
44
KIS
(1)
browser;
(2) toaster
(1) Access
Denied; (2)
Denied
(1) Blocked;
(2)
Disinfected
PC Anti-Virus Protection 2012
BitDefender has blocked multiple viruses! Virus Name:
Gen:Variant.Downloader... File access was blocked.
Virus Name: Gen:Variant.Downloader... File access was
blocked.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
(1) Virus alert. An attempt was made to access an
infected file. Virus: Java:Agent-PM [Expl] (Engine B).
File: jar_cache6623.tmp. Default option: Block file
access; (2) Virus alert. An attempt was made to access
an infected file. Virus: VBS:Agent-KP [Trj] (Engine B).
File:l.vbs. Default option: Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
none
Solved issues: 2.
No threats require
your attention.
Deleted
n/a
(1) Access Denied. The request URL cannot be provided.
URL: http:// uhgswbufds DOT com / index DOT
php?tp=001e4bb7b4d7333d; (2) Denied: http://
uhgswbufds DOT com / index DOT
php?tp=001e4bb7b4d7333d and http:// uhgswbufds
DOT com / favicon DOT ico (analysis using the database
of suspicious URLs)
n/a
1
1
na
na
na
1
1
none
none (see note)
na
na
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
Page 90 of 106
Compromised
Removed
Virus found
JS/Generic
HTML/rug.A.3
HTML script virus,
EXP/20100840.AC exploit,
Eicar-TestSignature
Gen:Variant.Downl
oader.127 and
Cookie.DoubleClic
k
n/a
Neutralized
Toaster
Moved to Virus
Vault
Move to quarantine
Defended
AVI
Warning: 1,
Infections: 1
3 viruses and/or
unwanted
programs were
found | Detections:
4, Moved: 3
Complete
Reme
Remediation
diation
44
Threat detected! Threat name: Virus found JS/Generic
Detected on open. (default: Move to Vault)
Guard: Malware found. A virus or unwanted program
'JS/Blacole.A' was found. Access to file was denied.
Please select a further action: (default: Remove)
Threat Report
(manual)
Effect
(intro)
Quarantine
Effect
(manual)
Alert
(intro)
Pop up
Alert
(manual)
Product
AVG
Threat Report
(intro)
Incident
44
1
1
1
1
1
1
Alert
(manual)
Effect
(manual)
none
none (see note)
44
MSE
pop-up
(2x)
Removed (2x)
na
44
NIS
Toaster
Blocked
44
TIS
Browser
Blocked
44
PCT
Toaster
Yes
45
AVA
Toaster
Blocked
45
AVG
Blocked
45
45
AVI
BDF
Warning
on the
browser
none
Toaster
(1) Security Essentials detected 1 potential threat that
might compromise your privacy or damage your
computer. Your access to these items may be suspended
until you take an action. Detected items:
TrojanDownloader:HTML/Adodb.gen!A. Recommended
action: Remove.; (2) Security Essentials detected 1
potential threat that might compromise your privacy or
damage your computer. Your access to these items may
be suspended until you take an action. Detected items:
PWS:Win32/Sinowal.gen!Y. Recommended action:
Remove.; (2) Security Essentials detected 1 potential
threat that might compromise your privacy or damage
your computer. Your access to these items may be
suspended until you take an action. Detected items:
PWS:Win32/Sinowal.gen!Y. Recommended action:
Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
Services and Controller app is trying to gain kernel
access. Event type: Registry Set Drivers Image Path. Do
you allow this application to perform this operation?
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Danger: Search-Shield has detected active threats on
this page and has blocked access for your protection.
45
ESS
Toaster
Blocked
none
BitDefender has blocked a virus! Virus Name:
Trojan.Downloader.Istbar.ZG Location:
istsvc_updater[1].exe Access to this file has been denied.
Address has been blocked.
none
Blocked
PC Anti-Virus Protection 2012
na
Viruses, Trojans,
and Cookies
Removed: CookieInsightexpres,
CookieDoubleclick,
Cookie-Atdmt
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
Page 91 of 106
1
Compromised
Threat Report
(intro)
none
Neutralized
Effect
(intro)
none (see
note)
Defended
Alert
(intro)
none
Complete
Reme
Remediation
diation
Product
MIS
Threat Report
(manual)
Incident
44
KIS
(1)
browser;
(2) toaster
45
MIS
(1) popup; (2)
dialogue
box
Removed
(see note)
45
MSE
pop-up
Removed
45
45
NIS
TIS
Toaster
Browser
Removed
Blocked
45
PCT
1)Pop up
2)Toaster
3) Toaster
1)Block
2)Quarantine
3)Removed
46
AVA
Toaster
Blocked
PC Anti-Virus Protection 2012
na
na
1
1
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Page 92 of 106
Compromised
45
Access
denied
(1) Access
Denied; (2)
Denied
na
Neutralized
toaster
Defended
K7
Complete
Reme
Remediation
diation
45
Virus alert. An attempt was made to access an infected
file. Virus: Trojan.Downloader.Istbar.ZG (Engine A). File:
istsvc_updater[1].exe. Default option: Disinfect (if not
possible: quarantine). When you disinfect a file, data loss
may occur thereby rendering the file unusable. Are you
sure you want to disinfect the file? Default option: Yes.
High Security Risk Found! Trojan-Downloader
(282294dd0)
(1) Access Denied. The request URL cannot be provided.
URL: http:// cache DOT ysbweb DOT com / ist /
softwares / istupdates / istsvc_updater DOT exe; (2)
Denied: http:// cache DOT ysbweb DOT com / ist /
softwares / istupdates / istsvc_updater DOT exe (analysis
using the database of suspicious URLs)
(1) Potentially Unwanted Program Blocked. McAfee
prevented a potentially unwanted program from running.
Protect your PC by only allowing programs you trust.
Potentially unwanted programs can compromise your
privacy or security. They can include spyware, adware,
and dialers, and can be downloaded with the programs
you want. Name: Artemis!1346575A86C3. Default option:
Remove. (2) McAfee was unable to remove this program.
Please try removing it using Add or Remove Programs in
Windows.
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
BrowserModifier:Win32/ISTbar.F. Recommended action:
Remove.
istsvc_updater[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)Internet Security has blocked high risk threat
Trojan.ISTbar. 2)Download Guard detected a threat in
ISTSC_UPDATER[1].EXE This file has been
automatically quarantined for your protection. 3)
IntelliGuard was enabled and 1 detected infections were
successfully removed.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
Threat Report
(manual)
Effect
(intro)
Disinfected
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
GDA
Threat Report
(intro)
Incident
45
46
BDF
Toaster
Blocked
46
ESS
Toaster
Blocked
46
GDA
pop-up
Disinfected
PC Anti-Virus Protection 2012
Compromised
none
Moved to Virus
Vault
Corrupted
executable file
1
Delete (see notes)
1
BitDefender has blocked a virus! Virus Name:
Gen:Variant.FaceAlert.47 Location: contacts[1].exe
Access to this file has been denied.
Threat: a variant of Win32/Kryptik.QSP trojan.
Connection terminated - quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Varinat.FakeAlert.47 (Engine A). File:
contacts[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
n/a
n/a
BOO/TDss.M in
the Master boot
sector HD0
(deleted) and
BOO/TDss.M in
the Boot sector
'C:\', Eicar-TestSignature
n/a
1
1
n/a
n/a
n/a
1
1
na
na
na
1
1
Page 93 of 106
Neutralized
none
Warning: 1,
Removed and
healed
3 viruses and/or
unwanted
programs were
found
Defended
AVI
Threat detected. Threat name: Trojan.Agent Category:
Trojan Description: This is a known Trojan/Backdoor. It is
recommended that you quarantine this threat.
none
Complete
Reme
Remediation
diation
46
Threat Report
(manual)
Effect
(intro)
Quarantine
Effect
(manual)
Alert
(intro)
Pop up
Alert
(manual)
Product
AVG
Threat Report
(intro)
Incident
46
(1) pop-up; (2)
pop-up; (3) pop-up;
(4) toaster
(1) Allowed; (2)
Blocked
46
KIS
(1)
browser;
(2) toaster
(1) Access
Denied; (2)
Denied
(1) Access Denied. The request URL cannot be provided.
URL: http:// fowrsir DOT co DOT tv / k DOT
php?f=19&e=4; (2) Denied: HEUR:Trojan.Win32.Generic
na
na
PC Anti-Virus Protection 2012
Page 94 of 106
1) Application is
accessing the
Internet. The
program
conhost.exe is
connection to a
network.
Developer name:
Not Available.
Default option:
Allow; (2) System
monitor alert. New
AutoStart Entry
Found! A new
program has been
added to to load
along with the
Operating System.
Default option:
Block Always; (3)
System monitor
alert. Host File has
been modified. The
system Hosts File
has been modified.
The canges can
redirect the
websites to any
other harmful sites.
Default option:
Block Always; (4)
High Security Risk
Found! Riskware
(eaa3b7fa0)
na
Compromised
Effect
(manual)
(1) Application is accessing the Internet. The program
277008f2.exe is connection to a network. Developer
name: Not Available. Default option: Allow; (2) System
monitor alert. New AutoStart Entry Found! A new
program has been added to run atuomatically whenever
Windows boots up. Default option: Block Always.; (3)
System monitor alert. Host File has been modified. The
system Hosts File has been modified. The canges can
redirect the websites to any other harmful sites. (4)
Application is accessing the Internet. The program
dwm.exe is connection to a network. Developer name:
Not Available. Default option: Allow; (5) Application is
accessing the Internet. The program csrss.exe is
connection to a network. Developer name: Not Available.
Default option: Allow
Neutralized
Alert
(manual)
(1) Allowed
access to the
Internet; (2)
Blocked; (3)
Blocked; (4)
Allowed; (5)
Allowed (see
note)
Defended
Effect
(intro)
pop-up
(5x)
Complete
Reme
Remediation
diation
Alert
(intro)
K7
Threat Report
(manual)
Product
Threat Report
(intro)
Incident
46
1
1
1
PC Anti-Virus Protection 2012
Virus Detected. McAfee detected an infected file on your
PC. Restart your PC so we can fix it. Detected:
W32/Pinkslipbot.gen.x (Virus)
Page 95 of 106
(1) Risky
Connection
blocked. McAfee
has blocked your
PC from making a
potentially risky
connection. IP
Address:
188.229.90.136.
Program:
SYSTEM. Risky
connections leave
you susceptible to
phishing and
malware attacks.
You can change
your Net Guard
setting for this
program in the
Internet
Connections for
Programs drawer
in Firewall. (2)
Risky Connection
blocked. McAfee
has blocked your
PC from making a
potentially risky
connection. IP
Address:
194.11.16.143.
Program: Generic
Host Process for
Win32 Services.
Risky connections
leave you
susceptible to
phishing and
malware attacks.
You can change
your Net Guard
setting for this
program in the
Internet
Connections for
Programs drawer
in Firewall. (3)
Your computer is
at risk. 1 remaining
issue.
Compromised
Neutralized
Defended
(1) Blocked; (2)
Blocked; (3)
Complete
Reme
Remediation
diation
(1) toaster; (2)
toaster; (3) report
Threat Report
(manual)
Effect
(intro)
Removed
(see note)
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
MIS
Threat Report
(intro)
Incident
46
1
report
Removed
46
NIS
Toaster
Blocked
n/a
46
TIS
Browser
Blocked
46
PCT
1)Pop up
2)Toaster
4)Toaster
3) Toaster
1)Yes
2)Quarantine
3)Stopped
47
AVA
Toaster
Blocked
47
AVG
none
none
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1CONTACTS[1].exe is trying to modify or control another
application. Do you trust this application? 2)This program
is attempting to change your security settings and privacy
level by modifying which website are trusted by Internet
explorer. Risk : Very High file name : 277008F2.EXE.
3)HEUREENGIN.ZERODAYTHREAT Behaviour Guard
has detected and stopped malicious activity from a
known threat.4) IntelliGuard was enabled and 1 detected
infections were successfully removed.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
none
47
47
AVI
BDF
none
1)Toaster,
2)Toaster,
3)Toaster
none
1)Blocked,
2)Terminated,
3)Changes
reverted
47
ESS
1)Warning
on the
browser,
2)Toaster
Blocked
PC Anti-Virus Protection 2012
none
1)BitDefender has blocked a virus! Virus Name:
Trojan.Generic.KD.299758 Location: calc[1].exe Access
to this file has been denied. 2)calc[1].exe was terminated
because it was deemed harmful. 3)BitDefender has
reverted the changes on your PC. A reboot is required to
complete the operation.
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
n/a
Trojan:DOS/Alureo
n.A. To finish
removing malware
and other
potentially
unwanted
software, restart
the computer.
n/a
1
1
n/a
n/a
n/a
1
1
Pop up
Removed
There are 4 threats
and 15 infections
in your computer.
All infections
successfully
removed.
n/a
n/a
n/a
No infection found
during this scan.
n/a
Solved issues: 1.
No threats require
your attention.
none
none
n/a
Deleted
n/a
Cookie.DoubleClic
k
1
n/a
n/a
n/a
1
Page 96 of 106
Compromised
Effect
(manual)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
Backdoor:Win32/Cybot.B. Recommended action:
Remove.
Neutralized
Alert
(manual)
Removed
Defended
Effect
(intro)
pop-up
Complete
Reme
Remediation
diation
Alert
(intro)
MSE
Threat Report
(manual)
Product
Threat Report
(intro)
Incident
46
1
1
1
1
1
1
1
1
(1) pop-up; (2)
report
(1) Quarantined;
(2) none
47
K7
(1) popup; (2)
toaster;
(3) popup; (4)
toaster
(1) Allowed
access to the
Internet; (2)
Removed; (3)
Allowed
access to the
Internet; (4)
Removed
(see note)
(1) Application is accessing the Internet. The program
winlogon.exe is connection to a network. Developer
name: Not Available. Default option: Allow; (2) System
Monitor Aler! Iexplore Zone Settings have been modified.
The following entries have changed: Unknown(1609).
Default option: Block; (3) System Monitor Aler! Iexplore
Zone Settings have been modified. The following entries
have changed: Access data sources across
domains(1406); Unknown(1609). Default option: Block.#
(1) pop-up (4x); (2)
report
(1) Blocked (4x);
(2) none (see note)
47
KIS
(1)
browser;
(2) toaster
(1) Access
Denied; (2)
Denied
(1) Access Denied. The request URL cannot be provided.
URL: http:// joilok DOT in / d DOT php?f=21&; (2)
Denied: http:// joilok DOT in / d DOT php?f=21& and
http:// joilok DOT in / favicon DOT ico (analysis using the
database of suspicious URLs)
na
na
PC Anti-Virus Protection 2012
Page 97 of 106
(1) Behavior
monitoring.
Unknown threat.
b6232f3a55a.exe
looks like a
malicious program.
G Data
recommends
removing the
program.
Publisher:
Unknown
publisher. Started
by:
b6232f3a55a.exe.
Default option:
Stop program and
move to
quarantine.; (2)
none
(1) System Monitor
Aler! IExplore Zone
Settings have been
modified. The
following entries
have changed:
Access data
sources across
domains(1406);
Unknown(1609).
Default option:
Block. (4x); (2)
Scan Completed.
No Viruses,
spyware or other
risks were found.
na
1
Compromised
Effect
(manual)
(1) Behavior monitoring. Unknown threat. Info[1].exe
looks like a malicious program. G Data recommends
removing the program. Publisher: Unknown publisher.
Started by: info[1].exe. Default option: Stop program and
move to quarantine. ; (2) Behavior monitoring. Unknown
threat. b6232f3a55a.exe looks like a malicious program.
G Data recommends removing the program. Publisher:
Unknown publisher. Started by: b6232f3a55a.exe.
Default option: Stop program and move to quarantine. ;
(3) Unknown malware found in your browser (Fingerprint:
[155af454]) Malicious routines have been disabled. It is
strongly recommended not to enter any passwords in this
browser and not to perform any senstive actions such as
online banking until the unidentified malware has been
completely removed.
Neutralized
Alert
(manual)
(1)
Quarantined;
(2)
Quarantined;
(3) Warning
Defended
Effect
(intro)
(1) popup; (2)
pop-up;
(3)
dialogue
box
Complete
Reme
Remediation
diation
Alert
(intro)
GDA
Threat Report
(manual)
Product
Threat Report
(intro)
Incident
47
1
1
1
1
Alert
(manual)
Effect
(manual)
report
none (see note)
47
MSE
pop-up
Removed
na
47
47
NIS
TIS
Toaster
Browser
Removed
Blocked
47
PCT
1)Pop up
2)Pop up
1) Yes
2)Quarantine
48
48
48
AVA
AVG
AVI
Toaster
none
Toaster
Blocked
none
Removed
48
BDF
1)Toaster,
2)Toaster
1)Blocked,
2)Deleted
48
ESS
Pop up
Warning
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: .
VirTool:Win32/VBInject.gen!GR. Recommended action:
Remove.
Info[1].exe is not safe and has been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1) Firefox Software Updater is trying to modify or control
another application. Do you trust this application? 2)
Behaviour Guard detected suspicious activity in Firefox
Software Updater. B6232F3A8AA.EXE
Malware blocked. Win32:Malware-gen
none
Guard: Malware found. A virus or unwanted program
'TR/Minggy.2.100' was found in file
HackXuVinagame_2011[1].exe. Access to file was
denied. Please select a further action: (default: Remove)
1)BitDefender has blocked a virus! Virus Name:
Gen:Variant.Minggy.2 Location:
HackXuVinagame_2011[1].exe Access to this file has
been denied. 2)BitDefender has blocked a virus! Virus
Name: Gen:Variant.Minggy.2 Location:
HackXuVinagame_2011[1].exe BitDefender has deleted
the following item because it could not be disinfected.
Warning. Potential threat found. Threat: a variant of
Win32/Packed.MoleboxVS.A potentially unwanted
application Comment: Threat was detected upon access
to web by the application: iexplore.exe. Please submit
this object to ESET for analysis. (default: Disconnect)
PC Anti-Virus Protection 2012
na
McAfee did not
detect any issues
on your PC. No
further action is
required.
na
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
1
1
Solved issues: 1.
No threats require
your attention.
Deleted
Cookie.DoubleClic
k
n/a
n/a
n/a
Page 98 of 106
Compromised
Threat Report
(intro)
none
Neutralized
Effect
(intro)
none (see
note)
Defended
Alert
(intro)
none
Complete
Reme
Remediation
diation
Product
MIS
Threat Report
(manual)
Incident
47
1
1
1
1
KIS
toaster
48
MIS
48
MSE
(1)
toaster;
(2)
dialogue
box
none
48
NIS
Toaster
Removed
48
48
TIS
PCT
none
1) Pop up
2) Toaster
none
1)Blocked
2)Removed
49
AVA
Toaster
Blocked
none (see
note)
PC Anti-Virus Protection 2012
na
na
na
1
1
na
na
na
1
1
Will be deleted on reboot: Trojan-PSW.Win32.Autoit.m
na
na
na
1
1
(1) Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Artemis!ED1E48F2F10E (Trojan); (2)
McAfee detected an infected file on your PC. Restart
your PC so we can fix it.
none
na
na
na
1
1
none
none (see note)
hackxuvinagame_2011[1].exe is not safe and has been
removed.
none
1)Internet Security has blocked the high risk threat
Trojan.Dropper 2) IntelliGuard was enabled and 1
detected infections were successfully removed.
Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal
n/a
n/a
Scan completed on
175245 items. No
threats were
detected on your
computer during
this scan.
n/a
1
1
none
n/a
none
n/a
none
n/a
1
1
n/a
n/a
n/a
1
1
Page 99 of 106
Compromised
48
Access
denied
Deleted (after
required
reboot)
Removed (2x)
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Minggy.2 (Engine A). File:
HackXuVinagame_2011[1].exe. Default option: Disinfect
(if not possible: quarantine). When you disinfect a file,
data loss may occur thereby rendering the file unusable.
Are you sure you want to disinfect the file? Default
option: Yes.
High Security Risk Found! Trojan (c7cdc4080)
Neutralized
toaster
Defended
K7
Complete
Reme
Remediation
diation
48
Threat Report
(manual)
Effect
(intro)
Disinfected
Effect
(manual)
Alert
(intro)
pop-up
Alert
(manual)
Product
GDA
Threat Report
(intro)
Incident
48
1
1
49
BDF
Toaster
Blocked
49
ESS
1)Warning
on the
browser,
2)Toaster
Blocked
PC Anti-Virus Protection 2012
Compromised
Removed
Neutralized
1)Toaster,
2)Toaster,
3)Toaster
Defended
AVI
Complete
Reme
Remediation
diation
49
1)Threat detected. Threat name: Win32.Carberp.ani
Category: Trojan Description: This is a known
Trojan/Backdoor. It is recommended that you quarantine
this threat. (default: Move to Vault), 2)Multiple threat
detected: Trojan horse PSW.Generic9.AUC (default:
Remove all unhealed) [Note: Action was unsuccessful],
3)Threat detected. Threat name: Win32.Carberp.ani
Category: Trojan Description: This is a known
Trojan/Backdoor. It is recommended that you quarantine
this threat. (default: Move to Vault), 4)Threat detected.
Threat name: Win32.Carberp.ani Category: Trojan
Description: This is a known Trojan/Backdoor. It is
recommended that you quarantine this threat. (default:
Move to Vault), 5)Threat removal requires computer
restart.
1)Guard: Malware found. A virus or unwanted program
'TR/Crypt.CFI.Gen' was found. Access to file was
denied. Please select a further action: (default: Remove),
2)Guard: Malware found. AntiVir Guard detected 3
viruses or unwanted programs. Access was denied.
Please select a further action: (default: Remove),
3)Guard: Malware found. A virus or unwanted program
'TR/Crypt.CFI.Gen' was found in file
jar_cache58446.tmp. Access to file was denied. Please
select a further action: (default: Remove)
BitDefender has blocked multiple viruses! Virus name:
Gen:Variant.Kazy.30838 (File access was blocked),
Virus Name: Gen:Varian.Kazy.30838 (File access was
blocked). The infected objects have been treated. Your
PC is protected!
1)Access denied! Access to the web page was blocked
by ESET Smart Security. The web page is on the list of
websites with potentially dangerous content. 2)Address
has been blocked.
Threat Report
(manual)
Effect
(intro)
1)Quarantine,
2)Remove,
3)Quarantine,
4)Quarantine,
5)Reboot
Effect
(manual)
Alert
(intro)
1)Toaster,
2)Toaster,
3)Toaster,
4)Toaster,
5)Toaster
Alert
(manual)
Product
AVG
Threat Report
(intro)
Incident
49
Infections: 1,
Warnings: 1
Moved to Virus
Vault
Trojan horse
PSW.Generic9.AU
C (infection) and
Corrupted
executable file
(warning)
8 viruses and/or
unwanted
programs were
found
Moved to
quarantine
HTML/rugA.3,
Eicar-TestSignature,
JAVA/Exdoer.EJ
1
Solved issues: 1.
No threats require
your attention.
Deleted
Cookie.DoubleClic
k
1
n/a
n/a
n/a
Page 100 of 106
1
1
1
PC Anti-Virus Protection 2012
Defended
na
na
1
1
Page 101 of 106
Compromised
Complete
Reme
Remediation
diation
na
Neutralized
Threat Report
(manual)
(1) Virus alert. An attempt was made to access an
infected file. Virus: Gen:Variant.Kazy.30838 (Engine A).
File: 0.2389620865515687.exe. Default option: Disinfect
(if not possible: quarantine). When you disinfect a file,
data loss may occur thereby rendering the file unusable.
Are you sure you want to disinfect the file? Default
option: Yes.; (2) Virus alert. An attempt was made to
access an infected file. Virus: Gen:Variant.Kazy.30838
(Engine A). File: about[1].exe. Default option: Disinfect (if
not possible: quarantine). When you disinfect a file, data
loss may occur thereby rendering the file unusable. Are
you sure you want to disinfect the file? Default option:
Yes.; (3) Virus alert. An attempt was made to access an
infected file. Virus: VBS:Agent-KP [Trj] (Engine B). File:
l.vbs. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.; (4)
Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Kazy.30838 (Engine A). File:
about[1].exe. Default option: Disinfect (if not possible:
quarantine). When you disinfect a file, data loss may
occur thereby rendering the file unusable. Are you sure
you want to disinfect the file? Default option: Yes.
Effect
(manual)
Disinfected
(4x)
Alert
(manual)
pop-up
(4x)
Threat Report
(intro)
Effect
(intro)
Product
GDA
Alert
(intro)
Incident
49
(1) pop-up; (2)
pop-up; (3) report
(1) Blocked; (2)
Blocked; (3); none
(see note)
49
KIS
(1)
browser;
(2) toaster
(1) Access
Denied; (2)
Denied
na
49
MIS
toaster
(3x)
Removed (3x)
(1) Access Denied. The request URL cannot be provided.
URL: http://de DOT c9 DOT b4 DOT a1 DOT top DOT
list DOT ipq DOT co / index DOT
php?tp=53fa02ad1bfc685a; (2) Denied: http://de DOT c9
DOT b4 DOT a1 DOT top DOT list DOT ipq DOT co /
index DOT php?tp=53fa02ad1bfc685a andhttp://de DOT
c9 DOT b4 DOT a1 DOT top DOT list DOT ipq DOT co /
favicon DOT ico (analysis using the database of
suspicious URLs)
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Artemis!D429D3F95E83 (Trojan) (3x)
na
PC Anti-Virus Protection 2012
Page 102 of 106
na
(1) System Monitor
Aler! IExplore Zone
Settings have been
modified. The
following entries
have changed:
Unknown(1809).
Default option:
Block.; (2) System
monitor alert. New
Program Found in
User StartUp
Folder! A new
program Gtessz
has been added to
your StartUp folder
to run whenever
Windows boots up.
Advise: Not
Available. Please
proceed with
caution!. Default
option: Block
Always; (3) Scan
Completed. No
Viruses, spyware
or other risks were
found.
na
1
1
na
na
1
1
Compromised
Effect
(manual)
none
Neutralized
Alert
(manual)
none (see
note)
Defended
Effect
(intro)
none
Complete
Reme
Remediation
diation
Alert
(intro)
K7
Threat Report
(manual)
Product
Threat Report
(intro)
Incident
49
1
49
49
TIS
PCT
none
1) Pop up
2) Toaster
none
1)Blocked
2)Removed
50
50
AVA
AVG
none
Pop up
none
Quarantine
50
50
AVI
BDF
none
Toaster
none
Blocked
50
ESS
Toaster
50
GDA
pop-up
Terminated Quarantined
Disinfected
50
K7
toaster
Access
denied
PC Anti-Virus Protection 2012
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
n/a
n/a
n/a
n/a
n/a
1
1
1
1
n/a
Solved issues: 1.
No threats require
your attention.
n/a
n/a
Deleted
n/a
Cookie.DoubleClic
k
1
1
n/a
n/a
1
1
na
na
na
1
1
na
na
na
1
1
Page 103 of 106
Compromised
Blocked
na
Neutralized
Toaster
Defended
NIS
Complete
Reme
Remediation
diation
49
(1) Security Essentials detected 2 potential threats that
might compromise your privacy or damage your
computer. Your access to these items may be suspended
until you take an action. Detected items: .
Trojan:Win32/Carberp.gen!A and Exploit:JS/Blacole.A.
Recommended action: Remove. To complete clean-up,
you need to restart your computer. Do you want to
restart now? Default option: Yes.; (2) Security Essentials
detected 1 potential threat that might compromise your
privacy or damage your computer. Your access to these
items may be suspended until you take an action.
Detected items: . Trojan:Win32/Carberp.gen!A.
Recommended action: Remove.
Norton blocked an attack by:Web Attack : Zombie Toolkit
Website
none
1)Internet Security has blocked the high risk threat
Trojan.Gen 2) IntelliGuard was enabled and 1 detected
infections were successfully removed.
none
Threat detected! Threat name: Trojan horse
Generic23.BZMQ Detected on open. (default: Move to
Vault)
none
BitDefender has blocked a virus! Virus Name:
Generic.Banker.Delf.AE29F565 Access to this file has
been denied.
Threat: Win32/Spy.Banker.WJQ trojan Connection
terminated - quarantined
Virus alert. An attempt was made to access an infected
file. Virus: Generic.Banker.Delf.AE29F565 (Engine A).
File: 10368policia-inglesa-divullga-fotos-do-corpo-dacantora-amy-winehouse-WVA[1].exe. Default option:
Disinfect (if not possible: quarantine). When you disinfect
a file, data loss may occur thereby rendering the file
unusable. Are you sure you want to disinfect the file?
Default option: Yes.
High Security Risk Found! Trojan (10ea3e230)
Threat Report
(manual)
Effect
(intro)
(1) Removed
(after required
reboot); (2)
Removed
Effect
(manual)
Alert
(intro)
pop-up
(2x)
Alert
(manual)
Product
MSE
Threat Report
(intro)
Incident
49
1
50
MSE
pop-up
Removed
50
NIS
Toaster
Removed
50
TIS
Browser
Blocked
50
PCT
1)Pop up
2)Toaster
3)Toaster
1) Block 2)
Quarantined
3) Removed
PC Anti-Virus Protection 2012
na
na
1
1
na
na
na
1
1
na
na
na
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
n/a
n/a
n/a
1
1
Page 104 of 106
Compromised
Removed (2x)
na
Neutralized
toaster
(2x)
Defended
MIS
Complete
Reme
Remediation
diation
50
(1) Access Denied. The request URL cannot be provided.
URL: http:// winehouse DOT dyndns DOT tv / pop-arte /
noticia / 2011 / 07 / 103684policia-inglesa-divulga-fotosdo-corpo-da-cantora-amy-winhouse-WVA.exe; (2)
Denied: Trojan.Win32.Hosts2.gen
Trojan Removed. McAfee detected and automatically
removed a Trojan from your PC. No further action is
needed. Detected: Generic.bfr!cj (Trojan) (2x)
Security Essentials detected 1 potential threat that might
compromise your privacy or damage your computer.
Your access to these items may be suspended until you
take an action. Detected items: Trojan:Win32/Comrerop.
Recommended action: Remove.
103684policia-inglesea-divulga-fotos-do-corpo-dacontora-amy-winehouse-wva[1].exe is not safe and has
been removed.
Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been
involved in online scams or fraud.
1)Internet Security has blocked the medium risk threat:
Trojan-PWS.Bancos!rem. 2) Download Guard detected
threat in 103684POLICIA-INGLESA-DIVULGA-FOTOSDO-CORPO-DA-CONTORA-AMY-WINEHOUSEWVA[1].exe this file has been automatically quarantined
for your protection. 3)IntelliGuard was enabled and 1
detected infections were successfully removed.
Threat Report
(manual)
Effect
(intro)
(1) Access
Denied; (2)
Denied
Effect
(manual)
Alert
(intro)
(1)
browser;
(2) toaster
Alert
(manual)
Product
KIS
Threat Report
(intro)
Incident
50
APPENDIX D: TOOLS
Ebtables
http://ebtables.sourceforge.net
The ebtables program is a filtering tool for a bridging firewall. It can be used to force network traffic transparently
through the Squid proxy.
Fiddler2
www.fiddlertool.com
A web traffic (HTTP/S) debugger used to capture sessions when visiting an infected site using a verification target
system (VTS).
HTTPREPLAY
www.microsoft.com
A SOCKTRC plug-in enabling the analysis and replaying of HTTP traffic.
Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Process Explorer shows information about which handles and DLLs processes have opened or loaded. It also
provides a clear and real-time indication when new processes start and old ones stop.
Process Monitor
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Process Monitor is a monitoring tool that shows real-time file system, Registry and process/thread activity.
Regshot
http://sourceforge.net/projects/regshot
Regshot is an open-source Registry comparison utility that takes a snapshot of the Registry and compares it with a
second one.
Squid
www.squid-cache.org
Squid is a caching web proxy that supports HTTP, HTTPS, FTP and other protocols.
Tcpdump
www.tcpdump.org
Tcpdump is a packet capture utility that can create a copy of network traffic, including binaries.
TcpView
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
TcpView displays network connections to and from the system in real-time.
Windows Command-Line Tools
Those used included 'systeminfo' and 'sc query'. The systeminfo command "enables an administrator to query for
basic system configuration information". The sc command is "used for communicating with the NT Service
Controller and services.
Wireshark
www.wireshark.org
Wireshark is a network protocol analyzer capable of storing network traffic, including binaries, for later analysis.
PC Anti-Virus Protection 2012
Page 105 of 106
APPENDIX E: TERMS OF THE TEST
This test was sponsored by Symantec.
The test rounds were conducted between 14/07/2011 and 26/07/2011 using the most up to date versions of the
software available on any given day.
All products were able to communicate with their back-end systems over the internet.
The products selected for this test were chosen by Symantec.
Samples were located and verified by Dennis Technology Labs.
Products were exposed to threats within 24 hours of the same threats being verified. In practice there was only a
delay of up to three to four hours.
Details of the samples, including their URLs and code, were provided to Symantec only after the test was complete.
PC Anti-Virus Protection 2012
Page 106 of 106