pc anti-virus protection 2012 - dennistechnologylabs · 2011-08-30 · avast free antivirus 6.0 47...
TRANSCRIPT
PC Anti-Virus Protection 2012 Page 1 of 106
PC Anti-Virus Protection 2012
13 POPULAR ANTI-VIRUS PROGRAMS COMPARED FOR EFFECTIVENESS
Dennis Technology Labs, 26/07/2011
www.DennisTechnologyLabs.com
This test aims to compare the effectiveness of the most recent releases of popular anti-virus software1. The products
include those from Kaspersky, McAfee, Microsoft, Symantec (Norton) and Trend Micro, as well as free versions
from Avast, AVG and Avira. Other products include those from BitDefender, ESET, G Data, K7 and PC Tools.
The tests were conducted between 14/07/2011 and 26/07/2011 using the most up to date versions of the software
available.
A total of 13 products were exposed to genuine internet threats that real customers could have encountered during
the test period. Crucially, this exposure was carried out in a realistic way, reflecting a customer’s experience as closely
as possible. For example, each test system visited real, infected websites that significant numbers of internet users
were encountering at the time of the test. These results reflect what would have happened if those users were using
one of the products tested.
EXECUTIVE SUMMARY
� Products that block attacks early tended to protect the system more fully
The nature of web-based attacks means that the longer malware has access to a system, the more chances it has of
downloading and installing further threats. Products that blocked the malicious and infected websites from the start
reduced the risk of compromise by secondary and further downloads.
� 100 per cent protection is rare
This test recorded an average protection score of 87.5 per cent. New threats appear online frequently and it is
inevitable that there will be times when specific security products are unable to protect against some of these threats.
� The products rarely prevented the installation of legitimate applications
With the exception of K7 TotalSecurity 11, most products were fairly accurate when it came to classifying legitimate
applications. That said, only three of the products were 100 per cent accurate in this part of the test.
Simon Edwards, Dennis Technology Labs
1 The latest available products were used in the test:
Avast! Free AntiVirus 6 Kaspersky Internet Security 2012
AVG Anti-Virus Free Edition 2011 McAfee Internet Security 2011
Avira Antivir Personal Free Antivirus Microsoft Security Essentials 2.1
BitDefender Internet Security 2011 Norton Internet Security 2012
ESET Smart Security 4 PC Tools Internet Security 8
G Data InternetSecurity 2012 Trend Micro Titanium Internet Security 2011
K7 Total Security 11
PC Anti-Virus Protection 2012 Page 2 of 106
CONTENTS
Executive summary ..................................................................................................................................................................... 1
Contents ........................................................................................................................................................................................ 2
1. Total Accuracy Ratings ........................................................................................................................................................... 3
2. Protection Ratings ................................................................................................................................................................... 5
3. Protection Scores ..................................................................................................................................................................... 7
4. Protection Details .................................................................................................................................................................... 9
5. False Positives ........................................................................................................................................................................ 11
6. The Tests ................................................................................................................................................................................ 16
7. Test Details ............................................................................................................................................................................. 18
8. Conclusions ............................................................................................................................................................................ 22
Appendix A: Terms ................................................................................................................................................................... 23
Appendix B: Legitimate Samples ............................................................................................................................................ 24
Appendix C: Threat Report ..................................................................................................................................................... 29
Appendix D: Tools .................................................................................................................................................................. 105
Appendix E: Terms of the Test ............................................................................................................................................ 106
PC Anti-Virus Protection 2012 Page 3 of 106
1. TOTAL ACCURACY RATINGS
The security products on test are expected to prevent threats from attacking the target systems successfully. They
should also allow users to install legitimate software unhampered. The scoring system used in this test penalises
products when they fail to achieve these goals and rewards those that excel.
Products gain points for stopping threats successfully and lose points for failing to stop them. They also lose points
for handling legitimate files incorrectly, while gaining points for allowing users to install them. Each product then
receives a final rating based on its performance in each of the ‘threat’ and ‘legitimate software’ tests.
The following results show a combined accuracy rating, taking into account each product’s performance with both
threats and non-malicious software. There is a maximum possible score of 150 and a minimum of -350.
See 5. False Positives for detailed results and an explanation on how the false positive ratings are calculated.
There is only a fractional difference between the top three products. Norton Internet Security 2012, G Data
Internet Security 2012 and ESET Smart Security 4 are all within one point of each other.
14
6
14
5.5
14
5
13
7.7
5
13
6.5
13
2
12
2
11
4.9
10
4
10
3
84
.75
80
79
.25
-10
10
30
50
70
90
110
130
150
Total Accuracy
Total
PC Anti-Virus Protection 2012 Page 4 of 106
TOTAL ACCURACY
ProductProductProductProduct Accuracy ScoreAccuracy ScoreAccuracy ScoreAccuracy Score
Symantec Norton Internet Security 2012 146
G Data InternetSecurity 2012 145.5
ESET Smart Security 4 145
Kaspersky Internet Security 2012 137.75
Trend Micro Titanium Internet Security 2011 136.5
Avast Free Antivirus 6.0 132
Microsoft Security Essentials 2.1 122
PC Tools Internet Security 8 114.9
Avira Antivir Personal Free Antivirus 104
BitDefender Internet Security 2011 103
K7 TotalSecurity 11 84.75
AVG Anti-Virus Free Edition 2011 80
McAfee Internet Security 2011 79.25
PC Anti-Virus Protection 2012 Page 5 of 106
2. PROTECTION RATINGS
The following results show how each product has been scored for its accuracy in detecting and handling malware
only. They do not take into account false positives.
We awarded two points for defending against a threat, one for neutralizing it and deducted two points every time a
product allowed the system to be compromised. The best possible score is 100 and the worst is -100.
The reason behind this score weighting is to give credit to products that deny malware an opportunity to tamper
with the system and to penalize those that allow malware to damage it. It is quite possible that a compromised
system will be made unstable, or even unusable without expert knowledge. Even if active malware was removed, we
considered such damaged systems to count as being compromised.
The Norton product defended against 49 out of the 50 threats, so it scores 96. It gains double points for each
defense (2x 49), totaling 98. It then loses two points because it was compromised once, ending up with 96 points. G
Data’s product was the only one to avoid all compromises. It scored the same number of points as the Norton
product, however, because it defended against 46 threats but neutralized four of them. Its score is calculated like
this: (2x46) + (4x1) = 96.
Symantec’s Norton product ties with G Data’s software, even though G Data InternetSecurity 2012 was the
only one to protect against all the internet threats used (see 3. Protection Scores).
96
96
95
93
88
85
73
72
55
55
48
33
30
0
10
20
30
40
50
60
70
80
90
100
Protection Ratings
PC Anti-Virus Protection 2012 Page 6 of 106
PROTECTION RATINGS
ProductProductProductProduct TargetTargetTargetTarget DefendedDefendedDefendedDefended
TargetTargetTargetTarget NeutralizedNeutralizedNeutralizedNeutralized
TargetTargetTargetTarget CompromisedCompromisedCompromisedCompromised
Protection Protection Protection Protection RatingRatingRatingRating
G Data InternetSecurity 2012 46 4 0 96
Symantec Norton Internet Security 2012 49 0 1 96
ESET Smart Security 4 48 1 1 95
Kaspersky Internet Security 2012 46 3 1 93
Trend Micro Titanium Internet Security 2011 47 0 3 88
Avast Free Antivirus 6.0 44 3 3 85
PC Tools Internet Security 8 38 7 5 73
Microsoft Security Essentials 2.1 40 4 6 72
Avira Antivir Personal Free Antivirus 35 5 10 55
BitDefender Internet Security 2011 35 5 10 55
K7 TotalSecurity 11 28 12 10 48
AVG Anti-Virus Free Edition 2011 28 7 15 33
McAfee Internet Security 2011 28 6 16 30
PC Anti-Virus Protection 2012 Page 7 of 106
3. PROTECTION SCORES
The following illustrates the general level of protection provided by each of the security products, combining the
defended and neutralized incidents into an overall figure. This figure is not weighted with an arbitrary scoring system
as it was in 1. Total Accuracy Ratings and 2. Protection Ratings.
The average protection levels afforded by the tested products, when exposed to the threats used in this test, was
87.5 per cent. Above average products included Microsoft Security Essentials and all those products to its left on the
graph below. In this test two of the above-average products are free for non-commercial use.
Two out of the three free products performed above the average when protecting against threats.
0
10
20
30
40
50
Protection Scores
PC Anti-Virus Protection 2012 Page 8 of 106
PROTECTION SCORES
ProductProductProductProduct Protected IncidentsProtected IncidentsProtected IncidentsProtected Incidents Percentage of Percentage of Percentage of Percentage of IIIIncidentsncidentsncidentsncidents
G Data InternetSecurity 2012 50 100%
Kaspersky Internet Security 2012 49 98%
Symantec Norton Internet Security 2012 49 98%
ESET Smart Security 4 49 98%
Trend Micro Titanium Internet Security 2011
47 94%
Avast Free Antivirus 6.0 47 94%
PC Tools Internet Security 8 45 90%
Microsoft Security Essentials 2.1 44 88%
Avira Antivir Personal Free Antivirus 40 80%
BitDefender Internet Security 2011 40 80%
K7 TotalSecurity 11 40 80%
AVG Anti-Virus Free Edition 2011 35 70%
McAfee Internet Security 2011 34 68%
(Average: 87.5 per cent)
PC Anti-Virus Protection 2012 Page 9 of 106
4. PROTECTION DETAILS
The security products provided different levels of protection. When a product defended against a threat, it
prevented the malware from gaining a foothold on the target system. A threat might have been able to infect the
system and, in some cases, the product neutralized it later. When it couldn’t, the system was compromised.
The graph below shows that the most successful products tended to defend, rather than neutralize, the threats.
Between them the top five products only neutralized eight threats, while they defended a total of 236. They were
compromised just six times. The five least effective products, on the other hand, neutralized 35 threats and
defended just 154. They were compromised a total of 61 times.
The most successful products tended to defend rather than neutralize, blocking the threats early in the
attack.
0
5
10
15
20
25
30
35
40
45
50
Protection Details
Target Compromised Target Neutralized Target Defended
PC Anti-Virus Protection 2012 Page 10 of 106
PROTECTION DETAILS
ProductProductProductProduct Target DefendedTarget DefendedTarget DefendedTarget Defended Target NeutralizedTarget NeutralizedTarget NeutralizedTarget Neutralized Target CompromisedTarget CompromisedTarget CompromisedTarget Compromised
G Data InternetSecurity 2012 46 4 0
Symantec Norton Internet Security 2012
49 0 1
ESET Smart Security 4 48 1 1
Kaspersky Internet Security 2012
46 3 1
Trend Micro Titanium Internet Security 2011
47 0 3
Avast Free Antivirus 6.0 44 3 3
PC Tools Internet Security 8 38 7 5
Microsoft Security Essentials 2.1
40 4 6
Avira Antivir Personal Free Antivirus
35 5 10
BitDefender Internet Security 2011
35 5 10
K7 TotalSecurity 11 28 12 10
AVG Anti-Virus Free Edition 2011
28 7 15
McAfee Internet Security 2011
28 6 16
PC Anti-Virus Protection 2012 Page 11 of 106
5. FALSE POSITIVES
5.1 False positive scores
A security product needs to be able to protect the system from threats, while allowing legitimate software to work
properly. When legitimate software is misclassified a false positive is generated. We split the results into two main
groups because the products all took one of two approaches when attempting to protect the system from the
legitimate programs. They either warned that the software was suspicious or took the more decisive step of blocking
it.
Blocking a legitimate application is more serious than issuing a warning because it directly hampers the user. In this
test the number of warnings (22) was very close to the number of times a product blocked an application (21).
The graph below includes the number and type of false positive that each product generated.
When generating a false positive the products were as likely to block as they were to warn against
legitimate applications. However, overall there were relatively few false positives in this test.
0
1
2
3
4
5
6
7
8
9
Ava
st F
ree
An
tivir
us
6.0
AV
G A
nti
-Vir
us
Fre
e E
dit
ion
20
11
Avir
a A
nti
vir
Pe
rso
na
l F
ree
An
tivir
us
Bit
De
fen
de
r In
tern
et
Se
curi
ty 2
01
1
ES
ET
Sm
art
Se
curi
ty 4
G D
ata
In
tern
etS
ecu
rity
20
12
K7
To
talS
ecu
rity
11
Ka
spe
rsk
y I
nte
rne
t S
ecu
rity
20
12
McA
fee
In
tern
et
Se
curi
ty 2
01
1
Mic
roso
ft S
ecu
rity
Ess
en
tia
ls 2
.1
PC
To
ols
In
tern
et
Se
curi
ty 8
Sy
ma
nte
c N
ort
on
In
tern
et
Se
curi
ty 2
01
2
Tre
nd
Mic
ro T
ita
niu
m I
nte
rne
t S
ecu
rity
20
11
Ava
st F
ree
An
tivir
us
6.0
AV
G A
nti
-Vir
us
Fre
e E
dit
ion
20
11
Avir
a A
nti
vir
Pe
rso
na
l F
ree
An
tivir
us
Bit
De
fen
de
r In
tern
et
Se
curi
ty 2
01
1
ES
ET
Sm
art
Se
curi
ty 4
G D
ata
In
tern
etS
ecu
rity
20
12
K7
To
talS
ecu
rity
11
Ka
spe
rsk
y I
nte
rne
t S
ecu
rity
20
12
McA
fee
In
tern
et
Se
curi
ty 2
01
1
Mic
roso
ft S
ecu
rity
Ess
en
tia
ls 2
.1
PC
To
ols
In
tern
et
Se
curi
ty 8
Sy
ma
nte
c N
ort
on
In
tern
et
Se
curi
ty 2
01
2
Tre
nd
Mic
ro T
ita
niu
m I
nte
rne
t S
ecu
rity
20
11
Warnings Blockings
False Positive Scores
Total
PC Anti-Virus Protection 2012 Page 12 of 106
FALSE POSITIVE SCORES
False Positive TypeFalse Positive TypeFalse Positive TypeFalse Positive Type ProductProductProductProduct TotalTotalTotalTotal
WarningsWarningsWarningsWarnings Avira Antivir Personal Free Antivirus 0
BitDefender Internet Security 2011 0
ESET Smart Security 4 0
G Data InternetSecurity 2012 0
Microsoft Security Essentials 2.1 0
PC Tools Internet Security 8 0
Symantec Norton Internet Security 2012 0
Trend Micro Titanium Internet Security 2011
0
AVG Anti-Virus Free Edition 2011 2
McAfee Internet Security 2011 2
Avast Free Antivirus 6.0 4
Kaspersky Internet Security 2012 6
K7 TotalSecurity 11 8
BlockingsBlockingsBlockingsBlockings ESET Smart Security 4 0
Kaspersky Internet Security 2012 0
McAfee Internet Security 2011 0
Microsoft Security Essentials 2.1 0
Symantec Norton Internet Security 2012 0
Avira Antivir Personal Free Antivirus 1
G Data InternetSecurity 2012 1
AVG Anti-Virus Free Edition 2011 2
Trend Micro Titanium Internet Security 2011
2
Avast Free Antivirus 6.0 3
BitDefender Internet Security 2011 3
K7 TotalSecurity 11 4
PC Tools Internet Security 8 5
PC Anti-Virus Protection 2012 Page 13 of 106
5.2 Taking file prevalence into account
The prevalence of each file is significant. If a product misclassified a common file then the situation would be more
serious than if it failed to detect a less common one. That said, it is usually expected that anti-malware programs
should not misclassify any legitimate software.
The files selected for the false positive testing were organized into five groups: Very High Impact, High Impact,
Medium Impact, Low Impact and Very Low Impact. These categories were based on download numbers as
reported by sites including Download.com at the time of testing. The ranges for these categories are recorded in the
table below:
FALSE POSITIVE PREVALENCE CATEGORIES
Impact categoryImpact categoryImpact categoryImpact category PrevalencePrevalencePrevalencePrevalence (downloads in the previous week)(downloads in the previous week)(downloads in the previous week)(downloads in the previous week)
Very High Impact >20,000
High Impact 1,000 – 20,000
Medium Impact 100 – 999
Low Impact 25 – 99
Very Low Impact < 25
5.3 Modifying scores
The following set of score modifiers were used to create an impact-weighted accuracy score. Each time a product
allowed a new legitimate program to install and run it was awarded one point. It lost points (or fractions of a point)
if and when it generated a false positive. We used the following score modifiers:
FALSE POSITIVE PREVALENCE SCORE MODIFIERS
False positive actionFalse positive actionFalse positive actionFalse positive action Impact categoryImpact categoryImpact categoryImpact category Score modifierScore modifierScore modifierScore modifier
Blocked Very High Impact -5
High Impact -2
Medium Impact -1
Low Impact -0.5
Very Low Impact -0.1
Warning Very High Impact -2.5
High Impact -1
Medium Impact -0.5
Low Impact -0.25
Very Low Impact -0.05
PC Anti-Virus Protection 2012 Page 14 of 106
5.4 Distribution of impact categories
Products that scored highest were the most accurate when handling the legitimate applications used in the test. The
best score possible is 50, while the worst would be -250 (assuming that all applications were classified as Very High
Impact and were blocked). In fact the distribution of applications in the impact categories was not restricted only to
Very High Impact. The table below shows the true distribution:
FALSE POSITIVE CATEGORY FREQUENCY
Impact categoryImpact categoryImpact categoryImpact category Number of instancesNumber of instancesNumber of instancesNumber of instances
Very High Impact 7
High Impact 9
Medium Impact 16
Low Impact 8
Very Low Impact 10
PC Anti-Virus Protection 2012 Page 15 of 106
5.5 False positive ratings
Combining the impact categories with weighted scores produces the following false positive accuracy ratings.
When a product misclassified a popular program it faced a stronger penalty than if the file was more obscure.
FALSE POSITIVE RATINGS
ProductProductProductProduct Accuracy scoreAccuracy scoreAccuracy scoreAccuracy score
ESET Smart Security 4 50
Symantec Norton Internet Security 2012 50
Microsoft Security Essentials 2.1 50
G Data InternetSecurity 2012 49.5
McAfee Internet Security 2011 49.25
Avira Antivir Personal Free Antivirus 49
Trend Micro Titanium Internet Security 2011 48.5
BitDefender Internet Security 2011 48
Avast Free Antivirus 6.0 47
AVG Anti-Virus Free Edition 2011 47
Kaspersky Internet Security 2012 44.75
PC Tools Internet Security 8 41.9
0
5
10
15
20
25
30
35
40
45
50
False Positive Ratings
Total
PC Anti-Virus Protection 2012 Page 16 of 106
6. THE TESTS
6.1 The threats
Providing a realistic user experience was important in order to illustrate what really happens when a user encounters
a threat on the internet. For example, in these tests web-based malware was accessed by visiting an original, infected
website using a web browser, and not downloaded from a CD or internal test website.
All target systems were fully exposed to the threats. This means that any exploit code was allowed to run, as were
other malicious files, They were run and permitted to perform exactly as they were designed to, subject to checks
made by the installed security software. A minimum time period of five minutes was provided to allow the malware
an opportunity to act.
6.2 Test rounds
Tests were conducted in rounds. Each round recorded the exposure of every product to a specific threat. For
example, in ‘round one’ each of the products were exposed to the same malicious website.
At the end of each round the test systems were completely reset to remove any possible trace of malware before the
next test began.
Each ‘round’ exposed every product to one specific threat. The partial set of records for round five (highlighted above) shows a range of responses to a particular threat. In this example products from Avira, BitDefender, ESS and Kaspersky allowed the threat to compromise the systems, while the Microsoft product neutralized the threat. The remaining products blocked the threat early, defending against it.
6.3 Monitoring
Close logging of the target systems was necessary to gauge the relative successes of the malware and the anti-
malware software. This included recording activity such as network traffic, the creation of files and processes and
changes made to important files.
6.4 Levels of protection
The products displayed different levels of protection. Sometimes a product would prevent a threat from executing,
or at least making any significant changes to the target system. In other cases a threat might be able to perform some
tasks on the target, after which the security product would intervene and remove some or all of the malware. Finally,
a threat may be able to bypass the security product and carry out its malicious tasks unhindered. It may even be able
to disable the security software. Occasionally Windows' own protection system might handle a threat while the anti-
virus program ignored it. Another outcome is that the malware may crash for various reasons. The different levels
of protection provided by each product were recorded following analysis of the log files.
If malware failed to perform properly in a given incident, perhaps because of the very presence of the security
product, rather than any specific defending action that the product took, the product was given the benefit of the
doubt and a Defended result was recorded. If the test system was damaged, becoming hard to use following an
PC Anti-Virus Protection 2012 Page 17 of 106
attempted attack, this was counted as a compromise even if the active parts of the malware had eventually been
removed by the product.
6.5 Types of protection
All of the products tested provided two main types of protection: real-time and on-demand. Real-time protection
monitors the system constantly in an attempt to prevent a threat from gaining access. On-demand protection is
essentially a ‘virus scan’ that is run by the user at an arbitrary time.
The test results note each product’s behavior when a threat is introduced and afterwards. The real-time protection
mechanism was monitored throughout the test, while an on-demand scan was run towards the end of each test to
measure how safe the product determined the system to be. Manual scans were run only when a tester determined
that malware had made an interaction with the target system. In other words, if the security product claimed to
block the attack at the initial stage, and the monitoring logs supported this claim, the case was considered closed and
a Defended result was recorded.
PC Anti-Virus Protection 2012 Page 18 of 106
7. TEST DETAILS
7.1 The targets
To create a fair testing environment, each product was installed on a clean Windows XP Professional target system.
The operating system was updated with Windows XP Service Pack 3 (SP3), although no later patches or updates
were applied.
We test with Windows XP SP3 and Internet Explorer 7 due to the high prevalence of internet threats that rely on
this combination. The prevalence of these threats suggests that there are many systems with this level of patching
currently connected to the internet.
A selection of legitimate but old software was pre-installed on the target systems. These posed security risks, as they
contained known vulnerabilities. They included out of date versions of Adobe Flash Player and Adobe Reader.
A different security product was then installed on each system. Each product’s update mechanism was used to
download the latest version with the most recent definitions and other elements. Due to the dynamic nature of the
tests, which were carried out in real-time with live malicious websites, the products' update systems were allowed to
run automatically and were also run manually before each test round was carried out. The products were also
allowed to 'call home' should they be programmed to query databases in real-time. Some products might
automatically upgrade themselves during the test. At any given time of testing, the very latest version of each
program was used.
Each target system contained identical hardware, including an Intel Core 2 Duo processor, 1GB RAM, a 160GB
hard disk and a DVD-ROM drive. Each was connected to the internet via its own virtual network (VLAN) to avoid
malware cross-infecting other targets.
7.2 Threat selection
The malicious web links (URLs) used in the tests were picked from lists generated by Dennis Technology Labs’ own
malicious site detection system, which uses popular search engine keywords submitted to Google. It analyses sites
that are returned in the search results from a number of search engines and adds them to a database of malicious
websites. In all cases, a control system (Verification Target System - VTS) was used to confirm that the URLs linked
to actively malicious sites.
Malicious URLs and files are not shared with any vendors during the testing process.
7.3 Test stages
There were three main stages in each individual test:
1. Introduction
2. Observation
3. Remediation
During the Introduction stage, the target system was exposed to a threat. Before the threat was introduced, a snapshot
was taken of the system. This created a list of Registry entries and files on the hard disk. We used Regshot (see
Appendix D: Tools) to take and compare system snapshots. The threat was then introduced.
Immediately after the system’s exposure to the threat, the Observation stage is reached. During this time, which
typically lasted at least 10 minutes, the tester monitored the system both visually and using a range of third-party
tools. The tester reacted to pop-ups and other prompts according to the directives described below (see 7.6
Observation and intervention).
In the event that hostile activity to other internet users was observed, such as when spam was being sent by the
target, this stage was cut short. The Observation stage concluded with another system snapshot. This ‘exposed’
snapshot was compared to the original ‘clean’ snapshot and a report generated. The system was then rebooted.
PC Anti-Virus Protection 2012 Page 19 of 106
The Remediation stage is designed to test the products’ ability to clean an infected system. If it defended against the
threat in the Observation stage then we skipped this stage. An on-demand scan was run on the target, after which a
‘scanned’ snapshot was taken. This was compared to the original ‘clean’ snapshot and a report was generated. All log
files, including the snapshot reports and the product’s own log files, were recovered from the target. In some cases
the target became so damaged that log recovery was considered impractical. The target was then reset to a clean
state, ready for the next test.
7.4 Threat introduction
Malicious websites were visited in real-time using Internet Explorer. This risky behavior was conducted using live
internet connections. URLs were typed manually into Internet Explorer’s address bar.
Web-hosted malware often changes over time. Visiting the same site over a short period of time can expose systems
to what appear to be a range of threats (although it may be the same threat, slightly altered to avoid detection). Also,
many infected sites will only attack a particular IP address once, which makes it hard to test more than one product
against the same threat.
In order to improve the chances that each target system received the same experience from a malicious web server,
we used a web replay system. When the verification target systems visited a malicious site, the page’s content,
including malicious code, was downloaded, stored and loaded into the replay system. When each target system
subsequently visited the site, it received exactly the same content.
The network configurations were set to allow all products unfettered access to the internet throughout the test,
regardless of the web replay systems.
7.5 Secondary downloads
Established malware may attempt to download further files (secondary downloads), which are stored in a cache by a
proxy on the network and re-served to other targets in some circumstances. These circumstances include cases
where:
1. The download request is made using HTTP (e.g. http://badsite.example.com/...) and
2. The same filename is requested each time (e.g. badfile1.exe)
There are scenarios in which target systems receive different secondary downloads. These include cases where:
1. The download request is made using HTTPS or a non-web protocol such as FTP or
2. A different filename is requested each time (e.g. badfile2.exe; random357.exe)
PC Anti-Virus Protection 2012 Page 20 of 106
7.6 Observation and intervention
Throughout each test, the target system was observed both manually and in real-time. This enabled the tester to take
comprehensive notes about the system’s perceived behavior, as well as to compare visual alerts with the products’
log entries. At certain stages the tester was required to act as a regular user. To achieve consistency, the tester
followed a policy for handling certain situations, including dealing with pop-ups displayed by products or the
operating system, system crashes, invitations by malware to perform tasks and so on.
This user behavior policy included the following directives:
1. Act naively. Allow the threat a good chance to introduce itself to the target by clicking OK to malicious
prompts, for example.
2. Don’t be too stubborn in retrying blocked downloads. If a product warns against visiting a site, don’t take
further measures to visit that site.
3. Where malware is downloaded as a Zip file, or similar, extract it to the Desktop then attempt to run it. If
the archive is protected by a password, and that password is known to you (e.g. it was included in the body
of the original malicious email), use it.
4. Always click the default option. This applies to security product pop-ups, operating system prompts
(including Windows firewall) and malware invitations to act.
5. If there is no default option, wait. Give the prompt 20 seconds to choose a course of action automatically.
6. If no action is taken automatically, choose the first option. Where options are listed vertically, choose the
top one. Where options are listed horizontally, choose the left-hand one.
7.7 Remediation
When a target is exposed to malware, the threat may have a number of opportunities to infect the system. The
security product also has a number of chances to protect the target. The snapshots explained in 7.3 Test stages
provided information that was used to analyze a system’s final state at the end of a test.
Before, during and after each test, a ‘snapshot’ of the target system was taken to provide information about what
had changed during the exposure to malware. For example, comparing a snapshot taken before a malicious website
was visited to one taken after might highlight new entries in the Registry and new files on the hard disk. Snapshots
were also used to determine how effective a product was at removing a threat that had managed to establish itself on
the target system. This analysis gives an indication as to the levels of protection that a product has provided.
These levels of protection have been recorded using three main terms: defended, neutralized, and compromised. A
threat that was unable to gain a foothold on the target was defended against; one that was prevented from continuing
its activities was neutralized; while a successful threat was considered to have compromised the target.
A defended incident occurs where no malicious activity is observed with the naked eye or third-party monitoring
tools following the initial threat introduction. The snapshot report files are used to verify this happy state.
If a threat is observed to run actively on the system, but not beyond the point where an on-demand scan is run, it is
considered to have been neutralized. Comparing the snapshot reports should show that malicious files were created
and Registry entries were made after the introduction. However, as long as the ‘scanned’ snapshot report shows that
either the files have been removed or the Registry entries have been deleted, the threat has been neutralized.
The target is compromised if malware is observed to run after the on-demand scan. In some cases a product might
request a further scan to complete the removal. We considered secondary scans to be acceptable, but further scan
requests would be ignored. Even if no malware was observed, a compromise result was recorded if snapshot reports
showed the existence of new, presumably malicious files on the hard disk, in conjunction with Registry entries
designed to run at least one of these files when the system booted. An edited ‘hosts’ file or altered system file also
counted as a compromise.
7.8 Automatic monitoring
Logs were generated using third-party applications, as well as by the security products themselves. Manual
observation of the target system throughout its exposure to malware (and legitimate applications) provided more
PC Anti-Virus Protection 2012 Page 21 of 106
information about the security products’ behavior. Monitoring was performed directly on the target system and on
the network.
Client-side logging
A combination of Process Explorer, Process Monitor, TcpView and Wireshark were used to monitor the target
systems. Regshot was used between each testing stage to record a system snapshot. A number of Dennis
Technology Labs-created scripts were also used to provide additional system information. Each product was able to
generate some level of logging itself.
Process Explorer and TcpView were run throughout the tests, providing a visual cue to the tester about possible
malicious activity on the system. In addition, Wireshark’s real-time output, and the display from the web proxy (see
Network logging, below), indicated specific network activity such as secondary downloads.
Process Monitor also provided valuable information to help reconstruct malicious incidents. Both Process Monitor
and Wireshark were configured to save their logs automatically to a file. This reduced data loss when malware
caused a target to crash or reboot.
In-built Windows commands such as 'systeminfo' and 'sc query' were used in custom scripts to provide additional
snapshots of the running system's state.
Network logging
All target systems were connected to a live internet connection, which incorporated a transparent web proxy and a
network monitoring system. All traffic to and from the internet had to pass through this system. Further to that, all
web traffic had to pass through the proxy as well. This allowed the testers to capture files containing the complete
network traffic. It also provided a quick and easy view of web-based traffic, which was displayed to the testers in
real-time.
The network monitor was a dual-homed Linux system running as a transparent router, passing all web traffic
through a Squid proxy.
An HTTP replay system ensured that all target systems received the same malware as each other. It was configured
to allow access to the internet so that products could download updates and communicate with any available ‘in the
cloud’ servers.
PC Anti-Virus Protection 2012 Page 22 of 106
8. CONCLUSIONS
Where are the threats?
The threats used in this test were genuine, real-life threats that were infecting victims globally at the same time as we
tested the products. In almost every case the threat was launched from a legitimate website that had been
compromised by an attacker. The types of infected or malicious sites were varied, which demonstrates that effective
anti-virus software is essential for those who want to use the web using a Windows PC, whether they are looking for
pornography, music or a local taco restaurant.
The vast majority of the threats installed automatically when a user visited the infected webpage. This infection was
usually invisible to a casual observer and rarely did the malware make itself known, unless it was installing a fake
anti-virus program. These rogue applications pretend to detect viruses on the system and harass the user into paying
for a full license, which the program claims will allow it to remove the ‘infections’. In reality the only infection is the
fake anti-virus program itself.
Where does protection start?
The best-performing products were Symantec’s Norton Internet Security 2012, G Data InternetSecurity 2012,
ESET Smart Security 4, Kaspersky Internet Security 2012 and Trend Micro Titanium Internet Security 2011. These
five had one notable similarity: they all blocked threats early in the attack process, which meant that there was less
opportunity for the malware to infect the systems. The three least effective products, those from McAfee, AVG and
K7 often tackled the threat only once the malware had started to infect the system.
Sorting the wheat from the chaff
The false positive results were quite low, which shows that most of the products are not tuned too aggressively to
detect and block malware at the expense of regular programs. Notably, Norton Internet Security, Microsoft Security
Essentials and ESET Smart Security produced no false positive results at all.
Anti-virus is important (but not a panacea)
This test shows that there is a significant difference in performance between popular anti-virus programs. Most
importantly it illustrates this difference using real threats that were attacking real computers at the time of testing.
The average protection level of the tested products is 87.5 per cent (see 3. Protection Scores), which is significant.
The presence of anti-virus software can be seen to decrease the chances of a malware infection even when the only
sites being visited are proven to be actively malicious. It's worth noting, however, that a 100 per cent success rate is
rare. Even those products that performed the best in this test are unlikely to be completely bullet-proof in every
given situation.
PC Anti-Virus Protection 2012 Page 23 of 106
APPENDIX A: TERMS
Compromised Malware continues to run on an infected system, even after an on-demand scan.
Defended Malware was prevented from running on, or making changes to, the target.
False Positive A legitimate application was incorrectly classified as being malicious.
Introduction Test stage where a target system is exposed to a threat.
Neutralized Malware was able to run on the target, but was then removed by the security product.
Observation Test stage during which malware may affect the target.
On-demand (protection) Manual ‘virus’ scan, run by the user at an arbitrary time.
Prompt
Questions asked by software, including malware, security products and the operating system. With security products, prompts usually appear in the form of pop-up windows. Some prompts don’t ask questions but provide alerts. When these appear and disappear without a user’s interaction, they are called ‘toasters’.
Real-time (protection) The ‘always-on’ protection offered by many security products.
Remediation Test stage that measures a product’s abilities to remove any installed threat.
Round Test series of multiple products, exposing each target to the same threat.
Snapshot Record of a target’s file system and Registry contents.
Target Test system exposed to threats in order to monitor the behavior of security products.
Threat A program or other measure designed to subvert a system.
Update Code provided by a vendor to keep its software up to date. This includes virus definitions, engine updates and operating system patches.
PC Anti-Virus Protection 2012 Page 24 of 106
APPENDIX B: LEGITIMATE SAMPLES IN
CID
EN
TIN
CID
EN
TIN
CID
EN
TIN
CID
EN
T
PRODUCTPRODUCTPRODUCTPRODUCT DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION OBTAINED VIAOBTAINED VIAOBTAINED VIAOBTAINED VIA PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATSSTATSSTATSSTATS (LAST WEEK)(LAST WEEK)(LAST WEEK)(LAST WEEK)
PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS STATS STATS STATS SOURCESOURCESOURCESOURCE
PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS DATESTATS DATESTATS DATESTATS DATE
PREVALENCE PREVALENCE PREVALENCE PREVALENCE RATINGRATINGRATINGRATING
1 SlimCleaner 1.6
SlimCleaner is a cloud-enhanced Windows cleaner that uses crowd-sourcing to optimize PC performance.
Download.com 7,565 Download.com 31/05/2011 High Impact
2 Soluto 1.2 Soluto's 'Anti-Frustration Software' detects PC users' frustrations, reveals their cause, learns which actions really eliminate them and improves user experience.
Download.com 34,407 Download.com 31/05/2011 Very High Impact
3 WinUtils Free Edition
a suite of tools designed to free up disk space and improve system performance.
Download.com 17,799 Download.com 31/05/2011 High Impact
4 Yoono Desktop
Access multiple social networking accounts all in one place with Yoono.
Download.com 63 Download.com 31/05/2011 Low Impact
5 Skype 5.3 Talk with friends and family for free over the Internet.
Download.com 89669 Download.com 31/05/2011 Medium Impact
6 Skype Translate
Skype Translate is tool that allows you to translate language real time during a text chat on Skype.
Download.com 356 Download.com 31/05/2011 Medium Impact
7 FaceSmooch Spice up your facebook chat with cool Smileys, Emoticons, Winks, Animations and many more.
Download.com 197 Download.com 31/05/2011 Medium Impact
8 Archivarius 3000
Archivarius 3000 is a simple program that allows users to search their computers, removable drives, and networks for documents.
Download.com 2 Download.com 31/05/2011 Very Low Impact
9 FontViewOK Portable
FontViewOK Portable creates a quick visual overview of all installed fonts.
Download.com 9 Download.com 31/05/2011 Very Low Impact
PC Anti-Virus Protection 2012 Page 25 of 106
INC
IDE
NT
INC
IDE
NT
INC
IDE
NT
INC
IDE
NT
PRODUCTPRODUCTPRODUCTPRODUCT DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION OBTAINED VIAOBTAINED VIAOBTAINED VIAOBTAINED VIA PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATSSTATSSTATSSTATS (LAST WEEK)(LAST WEEK)(LAST WEEK)(LAST WEEK)
PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS STATS STATS STATS SOURCESOURCESOURCESOURCE
PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS DATESTATS DATESTATS DATESTATS DATE
PREVALENCE PREVALENCE PREVALENCE PREVALENCE RATINGRATINGRATINGRATING
10 URLStringGrabber
URLStringGrabber is a small utility that scans all opened windows of Internet Explorer and grab the URLs stored in them, including clickable links, images, script files, CSS files, RSS feeds, and flash (.swf) files.
Download.com 4 Download.com 31/05/2011 Very Low Impact
11 Smart PDF Creator 6.5
Smart PDF Creator will easily convert files such as DOC, XLS, HTML, RTF ,TXT to PDF format.
Download.com 1 Download.com 31/05/2011 Very Low Impact
12 Free CD Ripper
Extract CD tracks to WAV, MP3, or OGG audio files.
Download.com 2,275 Download.com 31/05/2011 High Impact
13 GrieeX Movie Archive Program
GrieeX Movie Archive Program is a database that lets people keep track of the movies they own and import a variety of related information from the Internet, too.
Download.com 17 Download.com 31/05/2011 Very Low Impact
14 CNET TechTracker
Detect and download updates for all of your installed software.
Download.com 163,172 Download.com 31/05/2011 Very High Impact
15 UMPlayer UMPlayer is an advanced yet simple to use open-source cross-platform multimedia player that aims to fill all your needs…
Download.com 134,191 Download.com 31/05/2011 Very High Impact
16 Content-Rewrite
Content-Rewrite can rewrite any text article, and generate hundreds of unique content articles
Download.com 30 Download.com 06/07/2011 Low Impact
17 Google Chrome 11
Explore the Web using Google's super-fast browser.
Download.com 88122 Download.com 31/05/2011 Very High Impact
18 Netpas Distance
Netpas Distance offers sea travelers an opportunity to gauge the distance between any ports on Earth.
Download.com 445 Download.com 01/06/2011 Medium Impact
PC Anti-Virus Protection 2012 Page 26 of 106
INC
IDE
NT
INC
IDE
NT
INC
IDE
NT
INC
IDE
NT
PRODUCTPRODUCTPRODUCTPRODUCT DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION OBTAINED VIAOBTAINED VIAOBTAINED VIAOBTAINED VIA PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATSSTATSSTATSSTATS (LAST WEEK)(LAST WEEK)(LAST WEEK)(LAST WEEK)
PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS STATS STATS STATS SOURCESOURCESOURCESOURCE
PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS DATESTATS DATESTATS DATESTATS DATE
PREVALENCE PREVALENCE PREVALENCE PREVALENCE RATINGRATINGRATINGRATING
19 QIF Viewer A QIF Viewer, it can open up a file you downloaded from your financial institution or exported from Microsoft money or quicken or whatever.
Download.com 393 Download.com 02/06/2011 Medium Impact
20 Invoicer Creates and prints invoices. Download.com 203 Download.com 03/06/2011 Medium Impact
21 DKOSD - Caps-Lock Status
DKOSD shows an On Screen Display about the status of the Caps Lock on the keyboard.
Download.com 197 Download.com 04/06/2011 Medium Impact
22 CuteRank Free Edition
Check and track keyword rankings on multiple search engines.
Download.com 24 Download.com 06/07/2011 Low Impact
23 TortoiseSVN (32-bit)
TortoiseSVN is a really easy to use Revision control / version control / source control application for Windows.
Download.com 111 Download.com 04/06/2011 Medium Impact
24 Docx Converter
Convert Microsoft Word DOCX documents to various formats.
Download.com 57 Download.com 04/06/2011 Low Impact
25 VRS Recording System
Record up to 64 audio channels simultaneously.
Download.com 43 Download.com 04/06/2011 Low Impact
26 PowerISO Create, edit, and encrypt CD/DVD image files.
Download.com 91,062 Download.com 04/07/2011 Very High Impact
27 Glary Utilities Utilities to improve your system's performance and protect your privacy
Download.com 128,699 Download.com 04/07/2011 Very High Impact
28 OpenVPN (VPNUK)
VPNUK supports connections over OpenVPN.
Download.com 50 n/a 04/07/2011 Low Impact
29 MemTurbo Optimize memory and manage computer's cache.
Download.com 641 Download.com 04/07/2011 Medium Impact
30 Ghost Installer Free Edition
Create single-file self-extracting setups for your applications
Download.com 638 Download.com 04/07/2011 Medium Impact
31 PDF Plain Text Extractor
Convert from PDF to text, preserving layout, with support for multiple languages
Download.com 29 Download.com 04/07/2011 Low Impact
PC Anti-Virus Protection 2012 Page 27 of 106
INC
IDE
NT
INC
IDE
NT
INC
IDE
NT
INC
IDE
NT
PRODUCTPRODUCTPRODUCTPRODUCT DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION OBTAINED VIAOBTAINED VIAOBTAINED VIAOBTAINED VIA PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATSSTATSSTATSSTATS (LAST WEEK)(LAST WEEK)(LAST WEEK)(LAST WEEK)
PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS STATS STATS STATS SOURCESOURCESOURCESOURCE
PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS DATESTATS DATESTATS DATESTATS DATE
PREVALENCE PREVALENCE PREVALENCE PREVALENCE RATINGRATINGRATINGRATING
32 My Drivers Extract, back up, restore, and update all the device drivers on your PC.
Download.com 363 Download.com 04/07/2011 Medium Impact
33 WinDriver Ghost
Back up and restore hardware device drivers on your computer.
Download.com 107 Download.com 04/07/2011 Medium Impact
34 Ping-O-Meter
Try this highly visual version of an ICMP Ping program.
Download.com 3 Download.com 04/07/2011 Very Low Impact
35 Universal Extractor
UniExtract Installer (5.3 MB) - This is the recommended download.
Download.com 72 Download.com 04/07/2011 Low Impact
36 jsMSIx.exe A simple GUI program. (Compiled EXE file.) Runs on all Windows versions. No installation necessary. The easiest option. Unpack MSI
Download.com 10 n/a 04/07/2011 Very Low Impact
37 Simple "One-Click" MSI Unpacker
As above, but VBScript Download.com 10 n/a 04/07/2011 Very Low Impact
38 RoboForm Reduce multiple passwords to one single item.
Download.com 41375 Download.com 04/07/2011 Very High Impact
39 SopCast Broadcast and access videos and radio on the Internet.
Download.com 14156 Download.com 04/07/2011 High Impact
40 Easy-Hide-IP Hide your IP address and prevent Internet activity tracking.
Download.com 10389 Download.com 04/07/2011 High Impact
41 Free Internet Eraser
Protect your online privacy by cleaning up history and past activities.
Download.com 684 Download.com 04/07/2011 Medium Impact
42 CyberGhost VPN
Share an IP with a number of other users to ensure you cannot be identified.
Download.com 7975 Download.com 04/07/2011 High Impact
43 BearFlix Search and download videos. Download.com 636 Download.com 04/07/2011 Medium Impact
44 Online Armor Free
Monitor data transfer into and from PC and get secure online access for surfing and online transactions.
Download.com 2315 Download.com 04/07/2011 High Impact
PC Anti-Virus Protection 2012 Page 28 of 106
INC
IDE
NT
INC
IDE
NT
INC
IDE
NT
INC
IDE
NT
PRODUCTPRODUCTPRODUCTPRODUCT DESCRIPTIONDESCRIPTIONDESCRIPTIONDESCRIPTION OBTAINED VIAOBTAINED VIAOBTAINED VIAOBTAINED VIA PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATSSTATSSTATSSTATS (LAST WEEK)(LAST WEEK)(LAST WEEK)(LAST WEEK)
PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS STATS STATS STATS SOURCESOURCESOURCESOURCE
PREVALENCE PREVALENCE PREVALENCE PREVALENCE STATS DATESTATS DATESTATS DATESTATS DATE
PREVALENCE PREVALENCE PREVALENCE PREVALENCE RATINGRATINGRATINGRATING
45 Badongo Buddy
Upload large media files. Download.com 542 Download.com 04/07/2011 Medium Impact
46 WebFerret Query multiple search engines from your desktop at the same time.
Download.com 807 Download.com 04/07/2011 Medium Impact
47 ExtractNow Extract multiple archives with the ease of a single button.
Download.com 1268 Download.com 04/07/2011 High Impact
48 PCI32 View your system hardware information
Download.com 7 Download.com 04/07/2011 Very Low Impact
49 DU Meter Use your Internet bandwidth more efficiently with this real-time display of internet data transfer
Download.com 1110 Download.com 04/07/2011 High Impact
50 Magic Square Generator
Search for all magic squares of an order prescribed by the user (in a clever way).
Download.com 6 Download.com 04/07/2011 Very Low Impact
PC Anti-Virus Protection 2012 Page 29 of 106
APPENDIX C: THREAT REPORT
CodeCodeCodeCode ProducProducProducProductttt CodeCodeCodeCode ProductProductProductProduct CodeCodeCodeCode ProductProductProductProduct
AVA Avast! Free AntiVirus 6 GIS G Data InternetSecurity 2012 NIS Symantec Norton Internet Security 2012
AVG AVG Anti-Virus Free Edition 2011 K7 K7 Total Security 11 PCT PC Tools Internet Security 8
AVI Avira Antivir Personal Free Antivirus KIS Kaspersky Internet Security 2012 TIS Trend Micro Titanium Internet Security 2011
BDF BitDefender Internet Security 2011 MIS McAfee Internet Security 2011
ESS ESET Smart Security 4 MSE Microsoft Security Essentials 2.1
NOTE: The following table is a summary. The full report was provided to Symantec as an Excel spreadsheet, which includes any Notes that may be referred to in some Threat
Report entries.
In cases where the malware fails for any reason, the product is given the full benefit of the doubt and is classified as having Defended with full remediation.
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
1 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site
n/a n/a n/a 1 1
1 AVG none none none Removed and healed: 1
Moved to Virus Vault
Corrupted executable file
1 1
1 AVI none none none A virus or unwanted program was found!
Moved to quarantine
eicar.txt 1 1
1 BDF Toaster Denied Trojan.Downloader.Java.C n/a n/a n/a 1 1 1 ESS Toaster Terminated -
Quarantined TrojanDownloader.Agent.NCJ trojan n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 30 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
1 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Downloader.Java.C (Engine A). File: jar_cache58882.tmp. Default option: "Disinfect (if not possible: quarantine)". When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: "Yes".
na na na 1 1
1 K7 none none (see note)
none none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
1 KIS toaster (2x)
Denied (2x) Denied: Trojan-Downloader.Java.OpenConnection.dh (2x)
na na na 1 1
1 MIS none none (see note)
none report Quarantined Viruses, Trojans, and Cookies Quarantined: Downloader-BCS
1
1 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader: Java/OpenConnection.MY. Recommended action: Remove.
na na na 1 1
1 NIS none none none n/a n/a n/a 1 1 1 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
1 PCT none none none n/a n/a n/a 1 1 2 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. n/a n/a n/a 1 1
2 AVG Pop up Quarantine (Action was unsuccessful)
Threat Detected! (Default: Move to Vault) Removed and healed: 1
Moved to Virus Vault
Corrupted executable file
1 1
2 AVI none none none n/a n/a n/a 1 1 2 BDF Toaster Denied BitDefender has blocked a virus! Virus Name:
Gen.Trojan.Heur.PT.rOqpbioDPhmG n/a n/a n/a 1 1
2 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 2 GDA none none (see
note) none na na na 1 1
2 K7 toaster Access denied
High Security Risk Found! Trojan Downloader (0028b20a1)
na na na 1 1
PC Anti-Virus Protection 2012 Page 31 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
2 KIS (1) browser; (2) toaster; (3) toaster
(1) Access denied; (2) Denied; (2) Denied;
(1) Access Denied. The request URL cannot be provided. URL: http:// 69 DOT 64 DOT 49 DOT 35 / videos-pedofilia-1039-oastir-fazendo-sexo-oral-com-adolescent-AVI DOT exe; (2) Denied: http:// 69 DOT 64 DOT 49 DOT 35 / videos-pedofilia-1039-oastir-fazendo-sexo-oral-com-adolescent-AVI DOT exe (analysis using the database of suspicious URLs). (3) Denied: http:// 69 DOT 64 DOT 49 DOT 35 / favicon DOT ico (analysis using the database of suspicious URLs).
na na na 1 1
2 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic Trojan.x!fzr (Trojan)
na na na 1 1
2 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader: Win32/Banload. Recommended action: Remove.
na na na 1 1
2 NIS Toaster Removed AVI[1].exe is not safe and has been removed. n/a n/a n/a 1 1 2 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
2 PCT 1)Toaster 2) Toaster
1) Block 2) Quarantined
Medium Risk Level Threat Blocked, Internet Security has blocked the medium risk threat Trojan-PWS.Bancos!rem.
n/a n/a n/a 1 1
3 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site.
n/a n/a n/a 1 1
3 AVG Pop up Quarantine (Action was unsuccessful)
Threat Detected! (Default: Move to Vault) Trojan horse Agent_r.AKC
n/a n/a n/a 1 1
3 AVI none none none n/a n/a n/a 1 1 3 BDF Toaster Denied BitDefender has blocked multiple viruses! The infected
objects have been treated. Your PC is protected! Virus Name: Trojan.Generic.KD.2861… (File access was blocked) and Gen:Variant.Kazy.30647 (File access was blocked)
n/a n/a n/a 1 1
3 ESS 1)Toaster, 2)Warning on the browser
1)Denied, 2)Blocked
1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 32 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
3 GDA pop-up (2x)
Disinfected (2x)
(1) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30647 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Win32:Cycbot-HC [Trj] (Engine B). File: wireshark.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
3 K7 toaster Access denied
High Security Risk Found! Riskware (0015e4f01) na na na 1 1
3 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// gandon DOT cx DOT cc / d DOT php?f=72&e=0; (2) Denied: Backdoor.Win32.Gbot.mej
na na na 1 1
3 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: W32/Waledda.dam (Trojan)
na na na 1 1
3 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Backdoor:Win32/Cybot.B. Recommended action: Remove.
na na na 1 1
3 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
3 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
3 PCT 1)Toaster 2) Toaster
1) Block 2) Quarantined
Medium Risk Level Threat Blocked, Internet Security has blocked the medium risk threat Backdoor.Trojan
n/a n/a n/a 1 1
4 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site.
n/a n/a n/a 1 1
4 AVG none none none Removed and healed: 1
Moved to Virus Vault
Corrupted executable file
1
4 AVI Toaster Removed Guard: Malware found. A virus or unwanted program was found. Access to this file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 33 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
4 BDF Toaster Denied BitDefender has blocked a virus! Virus Name: Trojan.Generic.62258666 Access to this file has been denied.
n/a n/a n/a 1 1
4 ESS Toaster Terminated - Quarantined
Threat: BAT/Qhost.NMO trojan. Connection terminated - quarantined
n/a n/a n/a 1 1
4 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.6258666 (Engine A). File: comprovante[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
4 K7 toaster Access denied
High Security Risk Found! Riskware (3949ecb40) na na na 1 1
4 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// 208 DOT 115 DOT 203 DOT 77 / Comprovante DOT php; (2) Denied: http:// 208 DOT 115 DOT 203 DOT 77 / Comprovante DOT php (analysis using the database of phishing URLs)
na na na 1 1
4 MIS (1) pop-up; (2) dialogue box
Removed (see note)
(1) Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Tool-Wget. Default option: Remove. (2) McAfee was unable to remove this program. Please try removing it using Add or Remove Programs in Windows.
na na na 1 1
4 MSE pop-up Removed (after required reboot)
Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Trojan:Win32/Comame. Recommended action: Remove.
na na na 1 1
4 NIS Toaster Removed Comprovante[1].exe is not safe and has been removed. n/a n/a n/a 1 1 4 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
4 PCT 1)Toaster 2) Toaster
1) Block 2) Quarantined
High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat Trojan.Gen
n/a n/a n/a 1 1
5 AVA Toaster Blocked Malware blocked. Avast! File System Shield has blocked a threat. No further action is required. Infection: Win32:Malware-gen. The threat was detected and blocked when the file was created or modified.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 34 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
5 AVG Pop up Removed Threat detected. Threat name: Generic PUP.x / Category: PUA - Potentially Unwanted Application. (default: Move to Vault)
n/a n/a n/a 1 1
5 AVI none none none A virus or unwanted program was found!
Moved to quarantine
eicar.txt 1
5 BDF none none none Solved issues: 2 Deleted MPR[1].exe and Cookie.DoubleClick
1
5 ESS none none none Number of threats found: 0
n/a n/a 1
5 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Application.Generic.37931 (Engine A). File: MPR[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
5 K7 toaster Removed High Security Risk Found! Hacktool (000615521) na na na 1 1 5 KIS pop-up Allowed
access to password storage.
Application Control. MPR[1].EXE from "Low Restricted" group is trying to get access to protected passwords storage. Default option: Make trusted. Move appliction to the "Trusted" group.
none none (see note) none 1
5 MIS pop-up Removed (see note)
Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Generic PUP.x. Default option: Remove.
na na na 1 1
5 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Ldpinch.gen. Recommended action: Remove.
na na na 1 1
5 NIS Pop up Detected Threat Detected, This threat has been detected. We recommend that you remove this threat. MPR[1].exe
n/a n/a n/a 1 1
5 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 35 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
5 PCT 1)Toaster 2) Toaster
1) Block 2) Removed
High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat SecurityRisk.MultipassRecover.
n/a n/a n/a 1 1
6 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site.
n/a n/a n/a 1
6 AVG Pop up Quarantined Threat detected. Threat name: Suspicious.DLoader / Category: Unknown. (default: Move to Vault)
n/a n/a n/a 1
6 AVI none none none A virus or unwanted program was found!
Move to quarantine Detection: TR/Dropper.Gen
1
6 BDF Toaster Denied BitDefender has blocked a virus! Virus Name: Gen.Trojan.Heur.DP.jKO@aW1sl3gO Access to this file has been denied.
n/a n/a n/a 1 1
6 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 6 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected
file. Virus: Gen:Trojan.Heur.DP.jK0@aW1sJ3gO (Engine A). File: download13072011[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
6 K7 (1-4) pop-up; (5) toaster
Removed (1) Application is accessing the Internet. The program download13072011[1].exe is connection to a network. Developer Name: Winrar. Default option: Allow; (2) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always; (3) Application is accessing the Internet. The program iexplore.exe is connection to a network. Developer Name: Not Available. Default option: Allow; (4) New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always; (5) High Security Alert. Riskware (37db41910)
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1 1
6 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// pulicidade DOT land DOT ru / download13072011.exe; (2) Detected: HEUR:Trojan-Downloader.Win32.Generic
na na na 1 1
PC Anti-Virus Protection 2012 Page 36 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
6 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
6 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Trojan:Win32/Comisproc. Recommended action: Remove.
na na na 1 1
6 NIS Toaster Removed download1307201[1].exe is not safe and has been removed.
n/a n/a n/a 1 1
6 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
6 PCT Toaster Blocked High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat HeurEngine.ZeroDayThreat.
n/a n/a n/a 1 1
7 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
7 AVG Pop up Quarantined Threat detected. Threat name: Win32/TrojanDownloader.VB.PHC. Category: Trojan. Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)
Removed and healed: 1
Moved to Virus Vault
Corrupted executable file
1
7 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Spy.38912.77' was found in file DSC25293.jpg[1].exe. Access to this file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
7 BDF Toaster Denied BitDefender has blocked a virus! Virus Name: Gen.Trojan.Heur.cq0@bTbnbLki Access to this file has been denied.
n/a n/a n/a 1 1
7 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 7 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected
file. Virus: Gen.Trojan.Heur.cq0@bTbnbLki (Engine A). File: DSC25293.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
PC Anti-Virus Protection 2012 Page 37 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
7 K7 toaster Access denied
High Security Risk Found! Trojan (0028f1c91) na na na 1 1
7 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// azdl DOT org / libraries /simplepie DOT Idn /DSC25293 DOT jpg DOT exe; (2) Denied: Trojan.Win32.VBKrypt.eghz
na na na 1 1
7 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.evx!q (Trojan)
na na na 1 1
7 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Trojan:Win32/Sisproc. Recommended action: Remove.
na na na 1 1
7 NIS Toaster Removed DSC25293.jpg[1].exe is not safe and has been removed. n/a n/a n/a 1 1 7 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
7 PCT 1)Toaster 2) Toaster
Blocked High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat Trojan.Gen
n/a n/a n/a 1 1
8 AVA Toaster Blocked Trojan Horse Blocked. Avast! File System Shield has blocked a threat. No further action is required. Infection: VBS:Agent-DZ
Scan complete, THREAT DETECTED!
Move to chest VBS:Agent-DZ [Trj] 1 1
8 AVG 1)Warning on the browser, 2)Pop up
Blocked 1)Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection. 2)Threat was blocked! Threat name: Exploit JavaScript Obfuscation (type 1627)
n/a n/a n/a 1 1
8 AVI none none none n/a n/a n/a 1 1 8 BDF 1)Toaster,
2)Toaster, 3)Toaster
Blocked 1)BitDefender has blocked a virus! Virus Name: Trojan.Downloader.INUE Access to this file has been denied. 2)BitDefender has blocked multiple viruses! Virus name: Trojan.Downloader.VBS File access was blocked. Virus name: Trojan.Downloader.INUE File access was blocked. The infected objects have been treated. Your PC is protected! 3)BitDefender has blocked a virus! Virus name: Trojan.Downloader.VBS.DZ Access to this file has been denied.
n/a n/a n/a 1 1
8 ESS Toaster Terminated - Quarantined
Threat: Java/TrojanDownloader.Agent.NBB trojan. Connection terminated - quarantined
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 38 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
8 GDA pop-up (3x)
(1) Disinfected; (2) Blocked; (3) default option not chosen to be able to obtain Wireshark logs
Virus alert. An attempt was made to access an infected file. Virus: Trojan.Downloader.JNUE (Engine A). File: subway[1].htm. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Trojan.Java.Downloader.G (Engine A). File: jar_cache45566.tmp. Default option: Block file access; (3) Virus alert. An attempt was made to access an infected file. Virus: VBS:Agent-DZ [Trj] (Engine B}. File: net.cap. Default option: Disinfect (if not possible: quarantine).
na na na 1 1
8 K7 toaster (3x)
(1) Removed; (2) Access denied; (3) Removed
(1) High Security Risk Found! Exploit (6802f3540); (2) High Security Risk Found! Trojan (781652440); High Security Risk Removed! Exploit (6802f3540)
na na na 1 1
8 KIS toaster (2x)
Denied (2x) Denied: Trojan-Downloader.Java.Agent.jv (2x) na na na 1 1
8 MIS none none (see note)
none report Quarantined Viruses, Trojans, and Cookies Quarantined: Downloader-BCS
1
8 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Java/Agent.E. Recommended action: Remove.
na na na 1 1
8 NIS Toaster Removed SONAR has removed security risk update… Your computer is secure.
n/a n/a n/a 1 1
8 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
8 PCT Toaster Blocked High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat Trojan.Gen
n/a n/a n/a 1 1
9 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
9 AVG Pop up Quarantine (Action was unsuccessful)
Threat detected! Threat name: Trojan horse Generic23.WSS Detected on open (default: Move to Vault)
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 39 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
9 AVI Toaster Removed Guard: Malware found - A virus or unwanted program 'TR/Crypt.XPACK.Gen' was found in file contacts[1].exe Access to this file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
9 BDF Toaster Denied BitDefender has blocked a virus! Virus Name: Gen.Variant.Kazy.21497 Access to this file has been denied.
n/a n/a n/a 1 1
9 ESS Toaster Terminated - Quarantined
Threat: a variant of Win32/Kryptik.MUW trojan. Connection terminated - quarantined
n/a n/a n/a 1 1
9 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.21497 (Engine A). File: contacts[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
9 K7 toaster Access denied
High Security Risk Found! Trojan (68334a840) na na na 1 1
9 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// 109 DOT 230 DOT 246 DOT 198 / d DOT php?e=7&f=32; (2) Denied: Trojan-Downloader.Win32.Tiny.crb
na na na 1 1
9 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!0247309E6298 (Trojan)
na na na 1 1
9 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Drstwax.A. Recommended action: Remove.
na na na 1 1
9 NIS 1)Toaster 2) Toaster
Blocked 1) Norton blocked an attack by: Web Attack: Seosploit Request. 2) Norton blocked an attack by: Web Attack: Blackhole Toolkit Activity 3.
n/a n/a n/a 1 1
9 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
9 PCT Toaster Yes Contact[1].exe is trying to access the Internet. Option clicked Yes.
none none none 1
10 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 40 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
10 AVG 1)Warning on the browser, 2)Pop up
Blocked 1)Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection. 2)Threat was blocked! Threat name: Exploit Blackhole Exploit Kit (type 2029)
n/a n/a n/a 1 1
10 AVI 1)Toaster, 2)Toaster, 3)Toaster
Detected 1)Guard: Malware found. A virus or unwanted program 'EXP/Pidief.hem' was found in file 5a065[1].pdf. Access to this file was denied. Please select a further action: (default: Remove), 2)Guard: Malware found. AntiVir Guard detected 3 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove), 3)Guard: Malware found. A virus or unwanted program 'TR/Crypt.XPACK.Gen' was found in file jar_cache16022.tmp. Access to this file was denied. Please select further action: (default: Remove)
A virus or unwanted program was found!
Move to quarantine HTML/rug.A.3 1
10 BDF 1)Toaster, 2)Toaster
1)Blocked, 2)Terminated
1)BitDefender has blocked multiple viruses! The infected objects have been treated. Your PC is protected! Virus Name: Trojan.Generic.KD.2891… (File access was blocked) and Trojan.Generic.KD.2891... (File access was blocked), 2)An .exe program was terminated because it was deemed to be harmful.
Solved issues: 2 Deleted Trojan.Generic.KD.289143 (in jar_cache39951.tmp) and Cookie.DoubleClick
1
10 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 41 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
10 GDA pop-up (4x)
(1) Blocked; (2-4) Disinfected
(1) Virus alert. An attempt was made to access an infected file. Virus: Java:AGent-OC [Expl] (Engine B). File: jar_cache28166.tmp. Default option: Block file access.; (2) Virus alert. An attempt was made to access an infected file. Virus: JS:Pdfka-gen [Expl] (Engine B). File: a8f15[1].pdf. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (3) Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.289143 (Engine A). File: contacts[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (4) Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.289143 (Engine A). File: contacts[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
10 K7 pop-up Allowed access to the Internet (see note)
Application is accessing the Internet. The program 0.747759393045344.exe is preparing to act as server on the network. Developer name: iF System. Default option: Allow
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
10 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// jerlitincho DOT no-ip DOT biz / forum DOT php?tp=b2dd1dcd5d; (2) Denied: http: jerlitincho DOT no-ip DOT biz / forum DOT php?tp=b2dd1dcd5d and http:// jerlitincho DOT no-ip DOT biz / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
10 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
PC Anti-Virus Protection 2012 Page 42 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
10 MSE pop-up (2x)
(1) Removed; (2) Removed (after required reboot)
(1) Security Essentials detected 3 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Exploit:JS/Blacole.A, TrojanDownloader:Win32/Ufraie.A; Exploit:Win32/Pdfjsc.US. Recommended action: Remove.; (2) Security Essentials detected 2 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Ufraie.A; Exploit:Win32/Pdfjsc.US. Recommended action: Remove.
na na na 1 1
10 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
10 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
10 PCT 1)Pop up 2) Pop Up
1) Yes 2) Quarantine
1) Gandhi Hodgkin is trying to modify or control another application. Do you Trust this Application? 2) Suspicious Activity Detected. A program is deleting itself. Gandhi Hodgkin.
n/a n/a n/a 1 1
11 AVA Toaster Blocked Malware blocked. Avast! File System Shield has blocked a threat. No further action is required.
n/a n/a n/a 1 1
11 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse Downloader.Agent2.AQJU Detected on open (default: Move to Vault)
Removed and healed: 1
Moved to Virus Vault
Corrupted executable file
1
11 AVI none none none n/a n/a n/a 1 1 11 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name:
Trojan.Generic.6294802 Access to this file has been denied.
n/a n/a n/a 1 1
11 ESS Toaster Terminated - Quarantined
Threat: a variant of Win32/Giku.I trojan. Connection terminated - quarantined
n/a n/a n/a 1 1
11 GDA (1) pop-up; (2) toaster
Disinfected (after required reboot)
(1) Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.6294802 (Engine A). File: comprov_13072011[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes. (2) Unable to place file in quarantine because access is blocked. The file will be deleted next time the system restarts.
na na na 1 1
PC Anti-Virus Protection 2012 Page 43 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
11 K7 toaster Access denied
High Security Risk Found! Trojan-Downloader (00290e341)
na na na 1 1
11 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// 83 DOT 92 DOT 252 DOT 198 / images / comprov_13072011 DOT exe; (2) Denied: Trojan-Downloader.Win32.Agent.ssfd
na na na 1 1
11 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.bfr!ch (Trojan)
na na na 1 1
11 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Trojan:Win32/Giku.A. Recommended action: Remove.
na na na 1 1
11 NIS Toaster Removed Comprovante[1].exe is not safe and has been removed. n/a n/a n/a 1 1 11 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
11 PCT 1)Pop up 2) Pop Up
1) Yes 2) Quarantine
1)comprovante[1].exe is trying to access the internet. 2) Suspicious Activity Detected. A program is deleting itself. Comprovante[1].exe
n/a n/a n/a 1 1
12 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
12 AVG Pop up Quarantine (Action was unsuccessful)
Threat detected! Threat name: Trojan horse PSW.Generic8.CORW Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
12 AVI Toaster Removed Guard: Malware found - A virus or unwanted program 'TR/Crypt.CFI.Gen' was found in file readme[1].exe Access to this file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
12 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Gen:Variant.Kazy.26500 Access to this file has been denied.
n/a n/a n/a 1 1
12 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 44 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
12 GDA pop-up (2x)
Disinfected (1) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.26500 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Win32:Zbot-NEH (Engine B)A). File: net.cap. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
12 K7 pop-up (7x)
Blocked (7x) (see note)
(1) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always; (2) System monitor alert! Iexplorer Zone Settings have been modified. The following entries have changed: Unknown(1609). Default option: Block; (3) System monitor alert! Iexplorer Zone Settings have been modified. The following entries have changed: Access data sources across domains(1406), Unknown(1609). Default option: Block (5x)
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
12 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// americanmobile DOT ca / k DOT php?f=20&amp;amp;amp;amp;amp;e; (2) Denied: http:http:// americanmobile DOT ca / k DOT php?f=20&amp;amp;amp;amp;amp;e; and http:// americanmobile DOT ca / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
12 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected:PWS.Zbot.gen.qi (Trojan)
na na na 1 1
12 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Zbot.gen!AF. Recommended action: Remove.
na na na 1 1
12 NIS Toaster Removed readme[1].exe is not safe and has been removed. n/a n/a n/a 1 1 12 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 45 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
12 PCT 1)Pop up 2) Dialogue box on the icon tray 3) Toaster
1)Block 2) Write Delayed 3) Removed
1)High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat RogueAntiSpyware.UltraDegragFraud!gen1. 2) Windows Delayed Write Failed. Windows was not able to save all data for the file C:\Documents and Settings ….\Temporary Internet Files\Content.IE5\readme[1].exe. The data has been lost. This may be caused by a failure of your computer hardware. 3) IntelliGuard Detections Cleaned. 1 detected infections were successfully removed
n/a n/a n/a 1 1
13 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
13 AVG Pop up Quarantine (Action was unsuccessful)
Threat detected! Trojan horse PSW.Generic8.COHU Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
13 AVI none none none n/a n/a n/a 1 1 13 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name:
Variant.Kazy.30791 Access to this file has been denied. n/a n/a n/a 1 1
13 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
13 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30791 (Engine A). File: about[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
13 K7 toaster Access denied
High Security Risk Found! Riskware (0015e4f01) na na na 1 1
13 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// hhjkfgjhdfgdg DOT cx DOT cc / d DOT php?f=36&amp;e=2; (2) Denied: Trojan-Spy.Win32.Zbot.bwym
na na na 1 1
13 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.PWS.bfr!c (Trojan)
na na na 1 1
13 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Zbot.gen!AF. Recommended action: Remove.
na na na 1 1
PC Anti-Virus Protection 2012 Page 46 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
13 NIS Toaster Removed about[1].exe is not safe and has been removed. n/a n/a n/a 1 1 13 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
13 PCT 1)Pop up 2) Dialogue box on the icon tray 3) Toaster
1)Block 2) Write Delayed 3) Removed
1)High Risk Level Threat Blocked, Internet Security has blocked the medium risk threat. 2) Windows Delayed Write Failed. Windows was not able to save all data for the file C:\Documents and Settings ….\Temporary Internet Files\Content.IE5\about[1].exe. The data has been lost. This may be caused by a failure of your computer hardware. 3) IntelliGuard Detections Cleaned. 1 detected infections were successfully removed
n/a n/a n/a 1 1
14 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
14 AVG Pop up Removed Threat detected. Threat name: Win32/Injector.HTF Category: Trojan. Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)
Removed and healed: 1
Moved to Virus Vault
Corrupted executable file
1
14 AVI Toaster Removed Guard: Malware found - A virus or unwanted program 'TR/VBKrypt.egbh' was found in file about[1].exe Access to this file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
14 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Trojan.Generic.KD.288527 Access to this file has been denied.
n/a n/a n/a 1 1
14 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
14 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.288527 (Engine A). File: about[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
14 K7 toaster Access denied
High Security Risk Found! Trojan (00290e331) na na na 1 1
PC Anti-Virus Protection 2012 Page 47 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
14 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// vawboman71 DOT co DOT be / k DOT php?f=61&amp;amp;amp;e=4; (2) Denied: http:// vawboman71 DOT co DOT be / k DOT php?f=61&amp;amp;amp;e=4 and http:// vawboman71 DOT co DOT be / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
14 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.dx!zzd (Trojan)
na na na 1 1
14 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Dofoil.D. Recommended action: Remove.
na na na 1 1
14 NIS Toaster Removed about[1].exe is not safe and has been removed. n/a n/a n/a 1 1 14 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
14 PCT Toaster Quarantine Download Guard detected a threat in ABOOUT[1].EXE. This file has been automatically quarantined for your protection.
n/a n/a n/a 1 1
15 AVA Toaster Blocked Dropper blocked. Avast! File System Shield has blocked a threat. No further action is required.
n/a n/a n/a 1 1
15 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse PSW.Generic8.CMWC Detected on open. (default: Move to Vault)
Removed and healed: 1
Moved to Virus Vault
Corrupted executable file
1
15 AVI none none none n/a n/a n/a 1 1 15 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name:
Variant.Kazy.30045 Access to this file has been denied. Solved issues: 2 Moved to
quarantine Gen:Variant.Kazy.30045 (moved to quarantine) and Cookie.DoubleClick (deleted)
1
15 ESS 1)Warning on the browser, 2)Toaster
1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 48 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
15 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30045 (Engine A). File: Patch_Aplet_flash_2.55[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
15 K7 pop-up (2x)
(1) Allowed access to the Internet; (2) Blocked (see note)
(1) Application is accessing the Internet. The program mservice32_t.exe is preparing to act as server on the network. Developer name: Not Available. Default option: Allow; (2) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always;
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
15 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// sciagaj DOT to / pobierz /1017; (2) Denied: Trojan-PSW.Win32.Delf.qpj
na na na 1 1
15 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.qrp!q (Trojan)
na na na 1 1
15 MSE none none (see note)
none none none (see note) Scan completed on 160503 items. No threats were detected on your computer during this scan.
1
15 NIS Toaster Removed Patch_Aplet_flash2.55[1].exe is not safe and has been removed.
n/a n/a n/a 1 1
15 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
15 PCT 1)Pop up 2) Pop Up 3) Pop up
1)Allow 2)Allow 3) Quarantine
1)PATCH_APLET_FLASH_2 is trying to modify or control another application. 2) SERVER_ET is trying to modify or control another application. 3) Suspicious Activity Detected. Behaviour Guard detected suspicious activity in MSERVICE32_T.EXE. This program is attempting to register itself in your Windows startup.
n/a n/a n/a 1 1
16 AVA Pop up Open in sandbox
You are opening an application that may be potentially unsafe. We strongly recommend opening this application in the virtual environment of the avast! Sandbox to avoid any risk to your computer.
No threat found n/a n/a 1
PC Anti-Virus Protection 2012 Page 49 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
16 AVG Pop up Quarantine Threat detected. Category: Trojan. Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)
n/a n/a n/a 1 1
16 AVI Pop up Removed Guard: Malware found - A virus or unwanted program 'TR/Crypt.CFI.Gen' was found in file Planilha_visualizar_Documento-DOC[1].scr Access to this file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
16 BDF Toaster Blocked BitDefender has blocked multiple viruses! The infected objects have been treated. Your PC is protected! Virus Name: Gen.Trojan.Downloader.j… (File access was blocked) and Gen:Trojan.Heur.amW@... (File access was blocked)
n/a n/a n/a 1 1
16 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
16 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Trojan.Heur.anW@rjqAGOoGf (Engine A). File: Planilha_visualiza_Documento-DOC[1].scr. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
16 K7 toaster Quarantined Suspicious program (ID30003) found. Need to restart computer.
na na na 1 1
16 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// www DOT ergotables DOT com / , / new / , / pnc03944 / Planilha_visualizar_Documento-DOC DOT scr; (2) Denied: HEUR:Trojan-Downlaoder.Win32.Generic
na na na 1 1
16 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
PC Anti-Virus Protection 2012 Page 50 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
16 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Banload.XH. Recommended action: Remove.
na na na 1 1
16 NIS Toaster Removed Planilha_visualizar_Documento_DOC[1].scr is not safe and has been removed.
n/a n/a n/a 1 1
16 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
16 PCT Toaster Detected and Stopped
Behaviour Guard. Threat Name: Heur Engine.MaliciousPacker.
n/a n/a n/a 1 1
17 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
17 AVG 1)Pop up, 2)Pop up
1)Detected, 2)Detected and Healed
1)Threat detected, 2)Multiple threat detection: Trojan horse Generic23.BOPB (Result: Infected), Virus found JS/Generic (Result: Infected)
Infection: 1, removed and healed; Warning: 1, removed and healed
Moved to Virus Vault
Virus found JS/Generic and Corrupted executable file [the latter is not relevant]
1
17 AVI 1)Toaster, 2)Toaster, 3)Toaster
Removed 1)Guard: Malware found - A virus or unwanted program 'TR/Crypt.XPACK.Gen5' was found. Access to this file was denied. Please select a further action: (default: Remove), 2)Guard: Malware found - AntiVir Guard detected 2 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove), 3)Guard: Malware found - A virus or unwanted program 'TR/Crypt.XPACK.Gen5' was found in file jar_cache15217.tmp. Access to this file was denied. Please select a further action: (default: Remove)
A virus or unwanted program was found!
Move to quarantine HTML/rug.A.3, Eicar-Test-Signature, JAVA/Exdoer.ED
1
17 BDF Toaster Blocked BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Kazy.31040 (File access was blocked), Virus Name: Gen:Varian.Kazy.31040 (File access was blocked). The infected objects have been treated. Your PC is protected!
Solved issues: 2 Deleted Gen:Variant.Kazy.31040 and Cookie.DoubleClick
1
17 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 51 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
17 GDA pop-up (3x)
Disinfected (3x)
(1) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: 0.22766812357144284.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: calc[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes; (3) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: exe.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes
na na na 1 1
17 K7 toaster (4x)
Removed (4x) High Security Risk Found! Riskware (0015e4f01) (4x) na na na 1 1
17 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// sdi2u3i2h DOT com / index DOT php?tp=001e4bb7b4d7333d; (2) Denied: http:// sdi2u3i2h DOT com / index DOT php?tp=001e4bb7b4d7333d and http:// sdi2u3i2h DOT com / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
17 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
PC Anti-Virus Protection 2012 Page 52 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
17 MSE pop-up (2x)
(1) Removed; (2) Removed (after required reboot)
(1) Security Essentials detected 3 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Exploit:JS/Blacole.A, TrojanDownloader:HTML/Adodb.gen!A; PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.; (2) Security Essentials detected 2 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.
na na na 1 1
17 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
17 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
17 PCT Pop up Allow Services and Controller app was temporarily allowed since it locked the screen and messages could not be displayed. Do you trust this application?
none none none 1
18 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
18 AVG 1)Pop up, 2)Pop up
1)Detected, 2)Detected and Healed
1)Trojan horse detected, 2)Multiple threat detection: Trojan horse Generic23.BOPB (Result: Infected), Virus found JS/Generic (Result: Infected) [default: Remove all unhealed]
Infection: 1, removed and healed; Warning: 1, removed and healed
Moved to Virus Vault
Virus found JS/Generic and Corrupted executable file [the latter is not relevant]
1
18 AVI 1)Toaster, 2)Toaster
Removed 1)Guard: Malware found - A virus or unwanted program 'TR/Crypt.XPACK.Gen5' was found. Access to this file was denied. Please select a further action: (default: Remove), 2)Guard: Malware found - AntiVir Guard detected 5 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove)
A virus or unwanted program was found!
Move to quarantine (moved 3 out of 7 detections)
Moved to quarantine: HTML/rug.A.3, Eicar-Test-Signature, JAVA/Exdoer.ED, Detected: JAVA/Exdoer.EC, JAVA/Exdoer.EB, EXP/2010-0840.I, JAVA/Exdoer.ckl
1
PC Anti-Virus Protection 2012 Page 53 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
18 BDF Warning on the browser
Blocked BitDefender 2011. This web page has been blocked by BitDefender Antivirus Real-time Protection! The web page blocked by BitDefender included objects that were wither infected or likely to be infected with a virus. Your system has NOT been infected.
n/a n/a n/a 1 1
18 ESS 1)Toaster, 2)Toaster
1)Terminated - quarantined, 2)Deleted
1)Threat: JS/Exploit.Pdfka.PAE.Gen trojan Connection terminated - quarantined 2)Threat: A variant of Win32/Kryptik.QKM trojan Cleaned by deleting
Number of infected objects: 0
n/a n/a 1
PC Anti-Virus Protection 2012 Page 54 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
18 GDA pop-up (6x)
Disinfected (6x)
(1) Virus alert. An attempt was made to access an infected file. Virus:JS:Pdfka-BAH [Expl] (Engine B). File:10bb9[1].pdf. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: 0.3066005932720315.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes. (3) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes. (4) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: iexplore.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (5) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: exe.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (6) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: file.dll. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
(1) pop-up; (2) report
(1) Disinfected; (2) Disinfected (see note)
(1) Virus alert. An attempt was made to access an infected file. Virus: JS:ScriptDC-inf[Trj] (EngineB). File: index.dat. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) File/object: ProcessMonitorLog.PML (JS:ScripDC-inf [Trj] (Engine B)); index.dat (JS:ScriptDC-inf [Trj] (Engine B)); jar_cache50224.tmp (Gen:Variant.Kazy.31040 (Engine A))
1 1
18 K7 toaster (5x)
Removed (3x); Access Denied (2x)
High Security Risk Found! Riskware (0015e4f01) (5x) none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
PC Anti-Virus Protection 2012 Page 55 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
18 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// hdjwuy2gvn DOT com / index DOT php?tp=001e4bb7b4d7333d; (2) Denied: HEUR:Trojan.Script.Generic
na na na 1 1
18 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
18 MSE pop-up Removed Security Essentials detected 4 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Exploit:JS/Blacole.A, TrojanDownloader:HTML/Adodb.gen!A; PWS:Win32/Sinowal.gen!Y; Exploit:Win32/Pdfjsc.RF. Recommended action: Remove.
na na na 1 1
18 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
18 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
18 PCT Pop up Allow Services and Controller app was temporarily allowed since it locked the screen and messages could not be displayed. Do you trust this application?
Pop up Removed There are 1 threat and 3 infections in your computer. HeurEngine.Suspicious.High
1
19 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
19 AVG Pop up Quarantine Threat detected! Threat name: Virus found JS/Generic Detected on open. (default: Move to Vault)
Infection: 1, removed and healed; Warning: 1, removed and healed
Moved to Virus Vault
Virus found JS/Generic and Corrupted executable file [the latter is not relevant]
1
PC Anti-Virus Protection 2012 Page 56 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
19 AVI 1)Toaster, 2)Toaster
Removed 1)Guard: Malware found - AntiVir Guard detected 2 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove), 2)AntiVir Guard detected 2 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove)
A virus or unwanted program was found!
Move to quarantine (moved 3 out of 7 detections)
Moved to quarantine: HTML/rug.A.3, Eicar-Test-Signature, JAVA/Exdoer.ED, Detected: JAVA/Exdoer.EC, JAVA/Exdoer.EB, EXP/2010-0840.I, JAVA/Exdoer.ckl
1
19 BDF 1)Toaster, 2)Toaster
1)Blocked, 2)Deleted
1)BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Kazy.31040 (File access was blocked), Virus Name: Gen:Varian.Kazy.31040 (File access was blocked). The infected objects have been treated. Your PC is protected!, 2)BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Kazy.31040 (File access was blocked), Virus Name: Gen:Varian.Kazy.31040 (File access was deleted). To remove this file and complete the cleaning process, you must reboot your system. The infected objects have been treated. Your PC is protected!
No threats were found. No further action is necessary.
n/a n/a 1
19 ESS 1)Warning on the browser, 2)Toaster, 3)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked. 3)Address has been blocked.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 57 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
19 GDA pop-up (4x)
Disinfected (4x)
(1-2) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: readme.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.(2x); (3) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: file.dll. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes; (4) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: exe.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes
none none (see note) none 1 1
19 K7 none none (see note)
none none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
19 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// 4uiokwnbe DOT com / index DOT php?tp=001e4bb7b4d7333d; (2) Denied: http:// 4uiokwnbe DOT com / index DOT php?tp=001e4bb7b4d7333d and http:// 4uiokwnbe DOT com / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
19 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
PC Anti-Virus Protection 2012 Page 58 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
19 MSE pop-up Removed Security Essentials detected 2 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:HTML/Adodb.gen!A; PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.
na na na 1 1
19 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
19 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
19 PCT Pop up Allow Services and Controller app was temporarily allowed since it locked the screen and messages could not be displayed. Do you trust this application?
none none none 1
20 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
20 AVG Pop up Quarantine Threat detected! Threat name: Virus found JS/Generic Detected on open. (default: Move to Vault)
Infection: 1, removed and healed; Warning: 1, removed and healed
Moved to Virus Vault
Virus found JS/Generic and Corrupted executable file [the latter is not relevant]
1
20 AVI 1)Toaster, 2)Toaster
Removed 1)Guard: Malware found - AntiVir Guard detected 2 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove), 2)AntiVir Guard detected 2 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove)
A virus or unwanted program was found!
Move to quarantine (moved 3 out of 7 detections)
Moved to quarantine: HTML/rug.A.3, Eicar-Test-Signature, JAVA/Exdoer.ED, Detected: JAVA/Exdoer.EC, JAVA/Exdoer.EB, EXP/2010-0840.I, JAVA/Exdoer.ckl
1
PC Anti-Virus Protection 2012 Page 59 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
20 BDF 1)Toaster, 2)Toaster, 3)Toaster
Blocked 1)BitDefender has blocked multiple viruses! 2)BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Kazy.31040 (File access was blocked), Virus Name: Gen:Varian.Kazy.31040 (File access was blocked). The infected objects have been treated. Your PC is protected!, 3)BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Kazy.31040 (File access was blocked), Virus Name: Gen:Varian.Kazy.31040 (File access was deleted). To remove this file and complete the cleaning process, you must reboot your system. The infected objects have been treated. Your PC is protected!
No threats were found. No further action is necessary.
n/a n/a 1
20 ESS 1)Warning on the browser, 2)Toaster, 3)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked. 3)Address has been blocked.
n/a n/a n/a 1 1
20 GDA pop-up (4x)
Disinfected (4x)
(1) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: info[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.(2x); (2) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes; (3) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: file.dll. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes; (4) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.31040 (Engine A). File: exe.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes
none none (see note) none 1 1
PC Anti-Virus Protection 2012 Page 60 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
20 K7 none none (see note)
none none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
20 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http://kdjeluhebn DOT com / index DOT php?tp=001e4bb7b4d7333d; (2) Denied: http://kdjeluhebn DOT com / index DOT php?tp=001e4bb7b4d7333d and http://kdjeluhebn DOT com / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
20 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
20 MSE pop-up (2x)
Removed (2x) (1) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:HTML/Adodb.gen!A. Recommended action: Remove.; (2) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.
report Removed Exploit: Java/CVE-2010-0840.EW
1
20 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
20 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
20 PCT Pop up Allow Services and Controller app was temporarily allowed since it locked the screen and messages could not be displayed. Do you trust this application?
none none none 1
21 AVA Toaster Blocked Malware blocked. Avast! File System Shield has blocked a threat.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 61 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
21 AVG 1)Pop up, 2)Pop up
Quarantine 1)Threat detected! Threat name: Win32:Malware-gen, Category: Malware, Description: This is a known piece of Malware (malicious software). It is recommended that you quarantine this threat. 2)Threat detected! Trojan horse Generic23.BJGC Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
21 AVI none none none n/a n/a n/a 1 1 21 BDF Toaster Blocked BitDefender has blocked a virus! Virus name:
Gen:Trojan.Crypt.Delf.F.GGW@a4NSXwkG Location: Cobranca_boleto[1].exe Access to this file has been denied.
Solved issues: 1 Deleted Cookie.DoubleClick
1
21 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 21 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected
file. Virus: Gen:Trojan.Crypt.Delf.F.GGW@a4NSXwkG (Engine A). File: Cobranca_boleto[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
21 K7 pop-up (2x)
(1) Allowed access to the Internet; (2) Blocked (see note)
(1) Application is accessing the Internet. The program Cobranca_boleto[1].exe is connection to a network. Developer name: Not Available. Default option: Allow; (2) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always.
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
21 KIS toaster (3x)
Deleted (1) Detected: Trojan.Win32.Scar.ehai; (2) Backed up: Trojan.Win32.Scar.eha ; (3) Will be deleted on reboot: Trojan.Win32.Scar.ehai
na na na 1 1
21 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic BackDoor!djb (Trojan)
na na na 1 1
21 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Backdoor:Win32/Sodager.B. Recommended action: Remove.
na na na 1 1
21 NIS Toaster Removed cobranca_boleto[1].exe is not safe and has been removed.
n/a n/a n/a 1 1
21 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 62 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
21 PCT 1)Pop up 2) Pop Up
1) Yes 2) Blocked
1) Cobranca_boleto[1] is trying to access the internet. Do you trust this application. 2) Internet Security has blocked access to the bad website.
n/a n/a n/a 1 1
22 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
22 AVG Pop up Quarantine Threat detected. Threat name: RAR.Qhost.c Category: Trojan. Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)
Warning: 1, Removed and healed
Moved to Virus Vault
Corrupted executable file
1
22 AVI none none none n/a n/a n/a 1 1 22 BDF Toaster Blocked BitDefender has blocked a virus! Virus name:
Trojan.Qhost.LYG Location: postal_amor.avi[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
22 ESS Toaster Terminated - Quarantined
Threat: Win32/Qhost trojan Connection terminated - quarantined
n/a n/a n/a 1 1
22 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Qhost.LYG (Engine A). File: postal_amor.avi[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
22 K7 toaster Access denied
High Security Risk Found! Trojan (00020d971) na na na 1 1
22 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// 64 DOT 95 DOT 243 DOT 111 / descarga DOT php; (2) Denied: http:// 64 DOT 95 DOT 243 DOT 111 / descarga DOT php and http:// 64 DOT 95 DOT 243 DOT 111 / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
22 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
22 MSE none none (see note)
none none none (see note) Scan completed on 155866 items. No threats were detected on your computer during this scan.
1
PC Anti-Virus Protection 2012 Page 63 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
22 NIS Toaster Safe postal_amor.avi[1].exe is safe none none none 1 22 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
22 PCT Pop up Quarantine Behaviour Guard. Threat Name: POSTAL_AMOR.AVI[1].exe
n/a n/a n/a 1 1
23 AVA none none none No threat found n/a n/a 1 23 AVG none none none Warning: 1,
Removed and healed
Moved to Virus Vault
Corrupted executable file
1
23 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Spy.Gen4' was found in file VLCSetup[1].exe Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
23 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Gen:Variant.Adware.Hotbar1 Location: VLCSetup[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
23 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 23 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected
file. Virus: Gen:Variant.Adware.Hotbar.1 (Engine A). File: VLCSetup[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
23 K7 toaster Access denied
High Security Risk Found! Adware (00234eb41) na na na 1 1
23 KIS none none (see note)
none none none none 1
23 MIS toaster Removed Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Adware-HotBar.d. Default option: Remove.
na na na 1 1
23 MSE pop-up Removed (after required reboot)
Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Adware:Win32/Hotbar. Alert level: Medium. Default option: Remove
na na na 1 1
23 NIS Toaster Removed vlcsetup[1].exe is not safe and has been removed. n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 64 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
23 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
23 PCT none none none Pop up Removed There are 1 threat and 3 infections in your computer.VLCSetup[1].exe
1
24 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
24 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse Generic23.BKUI Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
24 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Kazy.30791.2' was found in file readme[1].exe Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
24 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Gen:Variant.Kazy.30791 Location: readme[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
24 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
24 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:VariantKazy.30791 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
24 K7 toaster Access denied
High Security Risk Found! Spyware (00290e351) na na na 1 1
24 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// kdbhhhgsdjsb DOT cx DOT cc / k DOT php?f=116%26e=1; (2) Denied: http:// kdbhhhgsdjsb DOT cx DOT cc / k DOT php?f=116%26e=1 and http:// kdbhhhgsdjsb DOT cx DOT cc / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
24 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!42B87CD69202 (Trojan)
na na na 1 1
PC Anti-Virus Protection 2012 Page 65 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
24 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32.Zbot.gen!AF. Recommended action: Remove.
na na na 1 1
24 NIS Toaster Removed readme[1].exe is not safe and has been removed. n/a n/a n/a 1 1 24 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
24 PCT 1)Pop up 2) Toaster
1)Block 2)Removed
1)Internet Security has blocked the high risk threat Trojan.Gen 2)IntelliGuard was enabled and 1 detected infections were successfully removed.
n/a n/a n/a 1 1
25 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
25 AVG Pop up Removed Threat detected. Threat name: TR/Crypt.XPACK.Gen3 Category: Unknown. Description: This is a potentially unwanted application. These are programs that computer users wish to be made aware of. These programs include applications that have an impact on security, privacy, resource consumption, or are associated with other security risks. These programs can show a pattern of installation without user permission or notice on a system or be deemed to be separate and different from the application installed. (default: Move to Vault)
n/a n/a n/a 1
25 AVI none none none n/a n/a n/a 1 1 25 BDF Toaster Blocked BitDefender has blocked a virus! Virus name:
Trojan.Generic.KD.294205 Location: info[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
25 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
25 GDA (1) pop-up; (2) dialogue box
Disinfected (after required reboot)
(1) Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.294205 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes. (2) Unable to place file in quarantine because access is blocked. The file will be deleted next time the system restarts!
na na na 1 1
PC Anti-Virus Protection 2012 Page 66 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
25 K7 toaster Access denied
High Security Risk Found! Trojan (0001140e1) na na na 1 1
25 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// check DOT couponandfreebiemom DOT com / d DOT php?f=21&e=5; (2) Denied: http:// check DOT couponandfreebiemom DOT com / d DOT php?f=21&e=5 and http:// check DOT couponandfreebiemom DOT com / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
25 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!F305D1C09F08 (Trojan)
na na na 1 1
25 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Rogue:Win32/FakeRean. Recommended action: Remove.
na na na 1 1
25 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
25 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
25 PCT Toaster Quarantine Behaviour Guard detected suspicious activity in INFO[1].exe
n/a n/a n/a 1 1
26 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
26 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse Generic4_c.QSF Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
26 AVI none none none n/a n/a n/a 1 1 26 BDF Toaster Blocked BitDefender has blocked a virus! Virus name:
Gen:Variant.Adware.Torpump.1 Location: keygen_official[1].exe Access to this file has been denied.
Solved issues: 1 Deleted Cookie.DoubleClick
1
26 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 67 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
26 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Adware.Torpump.1 (Engine A). File: hotel_imperium_keygen_official[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
26 K7 toaster Access denied
High Security Risk Found! Riskware (0015e4f21) na na na 1 1
26 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// 100gigabitdownload DOT com / getwinpump<...>; (2) Denied: http:// 100gigabitdownload DOT com / getwinpump?q=hotel%20imperium%20keygen%20official and http:// 100gigabitdownload DOT com / favicon DOT ico (analysis using the database of phishing URLs)
na na na 1 1
26 MIS pop-up Allowed access to the Internet (see note)
Program Wants Internet Access. McAfee detected a program on your PC that is trying to accept incoming connections from the Internet. Protect your PC by only allowing Internet access for programs you trus. Program: pumpa.exe. Default option: Allow always.
none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
26 MSE none none (see note)
none none none (see note) Scan completed on 161641 items. No threats were detected on your computer during this scan.
1
26 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
26 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
26 PCT 1)Pop up 2) Pop Up
Yes 1)Hotel_imperium_keygen_official is trying to access the internet. 2) WinPump is trying to access the internet.
none none none 1
27 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
27 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse SHeur3.CIUF Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
27 AVI none none none n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 68 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
27 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Trojan.Generic.6276009 Location: javatmp11055.com Access to this file has been denied.
n/a n/a n/a 1 1
27 ESS Toaster Terminated - Quarantined
Threat: Java/TrojanDownloader.Agent.NBN trojan Connection terminated -quarantined
n/a n/a n/a 1 1
27 GDA pop-up Blocked Virus alert. An attempt was made to access an infected file. Virus: Java.Trojan.Downloader.OpenConnection.C (Engine A). File: jar_cache56703.tmp. Default option: Block file access
na na na 1 1
27 K7 none none (see note)
none none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
27 KIS toaster (2x)
Denied (2x) Denied: Trojan-Downloader.Java.Agent.au (2x) na na na 1 1
27 MIS toaster (more than 10x)
Removed (more than 10x) see note
Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!FE89D25ABBBA (Trojan) (more than 10x)
report Quarantined Viruses, Trojans, and Cookies Quarantined: Artemis!FE89D25ABBBA; Downloader-BCS
1 1
27 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Java/OpenConnection.AO. Recommended action: Remove.
na na na 1 1
27 NIS none none none n/a n/a n/a 1 1 27 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
27 PCT Pop up Blocked Internet Security has blocked the high risk threat Trojan.ADH.
n/a n/a n/a 1 1
28 AVA none none none No threat found n/a n/a 1 28 AVG none none none Warning: 1,
Removed and healed
Moved to Virus Vault
Corrupted executable file
1
28 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Spy.Gen4' was found in file VLCSetup[1].exe Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 69 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
28 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Gen:Variant.Adware.Hotbar1 Location: VLCSetup[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
28 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 28 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected
file. Virus:Gen:Varaint.Adware.Hotbar.1 (Engine A). File: VLCSetup[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
28 K7 toaster Access denied
High Security Risk Found! Adware (00234eb41) na na na 1 1
28 KIS none none (see note)
none none none none 1
28 MIS toaster Removed Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Adware-HotBar.d. Default option: Remove.
na na na 1 1
28 MSE none none (see note)
none none none (see note) Scan completed on 179388 items. No threats were detected on your computer during this scan.
1
28 NIS Toaster Removed VLCSectup[1].exe is not safe and has been removed. n/a n/a n/a 1 1 28 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
28 PCT none none none Pop up Removed There are 1 threat and 3 infections in your computer.VLCSetup[1].exe
1
29 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
29 AVG none none none Warning: 1, Removed and healed
Moved to Virus Vault
Corrupted executable file
1
PC Anti-Virus Protection 2012 Page 70 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
29 AVI 1)Toaster, 2)Toaster
Removed 1)Guard: Malware found. A virus or unwanted program 'WORM/Rebhip.A.3410' was found in file JavaLoad[1].exe Access to file was denied. Please select a further action: (default: Remove), 2)Guard: Malware found. A virus or unwanted program 'WORM/Rebhip.A.3410' was found in file jar_cache2670.tmp Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
29 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Trojan.DownLoader.Java.C Location: jar_cache37809.tmp Access to this file has been denied.
n/a n/a n/a 1 1
29 ESS Toaster Terminated - Quarantined
Threat: Java/TrojanDownloader.Agent.NCJ trojan Connection terminated -quarantined
n/a n/a n/a 1 1
29 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Downloader.Java.C (Engine A). File: jar_cache64469.tmp. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
29 K7 toaster (2x)
Removed (2x) High Security Risk Found! Trojan (00029332e1) (2x) na na na 1 1
29 KIS toaster (2x)
Denied (2x) Denied: Trojan-Downloader.Java.Agent.dh (2x) na na na 1 1
29 MIS none none (see note)
none report Quarantined Viruses, Trojans, and Cookies Quarantined: Downloader-BCS
1
29 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Java/OpenConnection.MY. Recommended action: Remove.
na na na 1 1
29 NIS Toaster Removed JavaLoad[1].exe is not safe and has been removed. n/a n/a n/a 1 1 29 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
29 PCT none none none none none none 1 30 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 71 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
30 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse Downloader.VB.OSV Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
30 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Dldr.Zbot.G' was found in file contacts[1].exe Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
30 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Trojan.Generic.KD.292675 Location: contacts[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
30 ESS 1)Warning on the browser, 2)Toaster, 3)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked. 3)Address has been blocked.
n/a n/a n/a 1 1
30 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.292675 (Engine A). File: contact[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
30 K7 toaster Access denied
High Security Risk Found! Riskware (0015e4f01) na na na 1 1
30 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// securepaid DOT biz / verified / d DOT php?f=21&e=3; (2) Denied: Trojan-Dropper.Win32.Dapato.frn
na na na 1 1
PC Anti-Virus Protection 2012 Page 72 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
30 MIS toaster (6x)
(1-2) Removed; (3) Buffer Overflow Prevented; (4-6) Removed
(1) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FakeAlert.XPSpy (Trojan); (2) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!3B80803DBAE4 (Trojan); (3) Buffer Overflow Prevented. McAfee prevented a program from causing a buffer overflow on your PC (svchost.exe). Hackers can use buffer overflows to secretly run malicious programs, steal personal information, or hijack your PC. (4) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!3B80803DBAE4 (Trojan); (5) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!968246F56184 (Trojan); (6) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!8C42CF4C13F0 (Trojan)
(1) report; (2) toaster; (3) pop-up
(1) none (see note); (2) Buffer Overflow Prevented; (3) Removed (after required reboot)
(1) McAfee did not detect any issues on your PC. No further action is required.; (2) Buffer Overflow Prevented. McAfee prevented a program from causing a buffer overflow on your PC (svchost.exe). Hackers can use buffer overflows to secretly run malicious programs, steal personal information, or hijack your PC. (3) Trojan Detected. McAfee detected an infected file on your PC. Restart yoru PC so we can fix it. Detected: FakeAlert-FAB!3b80803DBAE4 (Trojan).
1
30 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Zbot.G. Recommended action: Remove.
na na na 1 1
30 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
30 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 73 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
30 PCT 1)Pop up 2) Toaster
Yes 1)Wahlen Werther is trying to access the internet. Do you trust this application? 2) IntelliGuard was enabled and 1 detected infections were successfully removed.
n/a n/a n/a 1 1
31 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
31 AVG 1)Warning on the browser, 2)Pop up
Blocked 1)Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection. 2)Threat was blocked! File name: 7.htm Threat name: Exploit Exploitive IFrame Collection (type 1506)
n/a n/a n/a 1 1
31 AVI none none none n/a n/a n/a 1 1 31 BDF Toaster Blocked BitDefender has blocked a virus! Virus name:
Gen:Variant.Kazy.22992 Location: p[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
31 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 31 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected
file. Virus: JS:CVE-2010-0806-AP [Expl] (Engine B). File: ieee[1].jpg. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
31 K7 toaster (3x)
(1) Access denied; (2-3) Removed (2x)
(1) High Security Risk Found! Exploit (4fef863b0); (2) High Security Risk Found! Trojan (8b0117490); (3) High Security Risk Found! Exploit (4fef863b0)
na na na 1 1
31 KIS toaster (3x)
Denied (3x) Denied: HEUR:Exploit.Script.Generic (3x) na na na 1 1
31 MIS (1) toaster; (2) toaster; (3) pop-up
Removed (3x) (see note)
(1) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!ACB5F39F2C4E (Trojan); (2) Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Generic PUP.x. Default option: Remove.; (3) Trojan Detected. McAfee detected an infected file on your PC. Restart your PC so we can fix it. Detected: AdClicker-BJ (Trojan)
na na (see note) na 1
PC Anti-Virus Protection 2012 Page 74 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
31 MSE pop-up Removed (see note)
Security Essentials detected 2 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Exploit:JS/Mult.DE and TrojanDownloader:Win32/Small.gen!AO. Recommended action: Remove.
na na na 1 1
31 NIS none none none n/a n/a n/a 1 1 31 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
31 PCT 1)Pop up 2) Toaster
Quarantine 1)Behaviour Guard detected suspicious activity in P.exe, 2) Internet Security has blocked an application iexplorer.exe attempting to close a file.
n/a n/a n/a 1 1
32 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
No threat found n/a n/a 1
32 AVG Pop up Quarantine Threat detected. Threat name: OneStepSearcher.AG Category: Adware Description: This is a potentially unwanted application. These are programs that computer users wish to be made aware of. (default: Move to Vault)
Warning: 1, Removed and healed
Moved to Virus Vault
Corrupted executable file
1
32 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Boigy.AD.2' was found in file resulturl.dll Access to file was denied. Please select a further action: (default: Remove)
A virus or unwanted program was found!
Move to quarantine Moved to quarantine: Eicar-Test-Signature
1
32 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Trojan.Generic.6334305 Location: resulturl[1].exe Access to this file has been denied.
Your attention is required to clean 1 threat(s) affecting 1 object(s).
Ignore Trojan.Generic.6334305
1
32 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1 32 GDA pop-up Blocked Virus alert. An attempt was made to access an infected
file. Virus:Trojan.Generic.6334305 (Engine A). File: resulturl-setup[1].exe. Default option: Block file access
na na na 1 1
32 K7 pop-up (2x)
(1) Allowed access to the Internet; (2) Unable to delete
(1) Application is accessing the Internet. The program resulturl178.exe is preparing to act as server on the network. Developer name: Not Available. Default option: Allow; (2) High Security Risk Found. Adware (0006f6b21)
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
32 KIS toaster Denied (see note)
Denied: not-a-virus:Adware.Win32.Zwangi.heur none none (see note) none 1
PC Anti-Virus Protection 2012 Page 75 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
32 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
32 MSE none none (see note)
none none none (see note) Scan completed on 156032 items. No threats were detected on your computer during this scan.
1
32 NIS Toaster Removed resulturl-setup[1].exe is not safe and has been removed. n/a n/a n/a 1 1 32 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
32 PCT 1)Pop Up 2) Pop Up
1)yes 2)Block 1)RESULTURL_SETUP[1].exe is trying to modify or control another application. 2) Internet Security has blocked access to the bad website: upgrade.resultbrowse.com
Pop up Removed There are 1 threat and 3 infections in your computer.resulturl_setup.exe
1
33 AVA none none none No threat found n/a n/a 1 33 AVG Pop up Quarantine Threat detected. Threat name: Unknown. Description:
Not available. (default: Move to Vault) Warning: 1, Removed and healed
Moved to Virus Vault
Corrupted executable file
1
33 AVI none none none n/a n/a n/a 1 1 33 BDF Toaster Blocked BitDefender has blocked a virus! Virus name:
Trojan.Generic.KD.295620 Location: album[1].cmd Access to this file has been denied.
n/a n/a n/a 1 1
33 ESS Toaster Terminated - Quarantined
Threat: probably a variant of Win32/TrojanDownloader.VB.PHI trojan Connection terminated - quarantined
n/a n/a n/a 1 1
33 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KD.295620 (Engine A). File: album[1].cmd. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
PC Anti-Virus Protection 2012 Page 76 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
33 K7 pop-up (2x)
(1) Allowed access to the Internet; (2) Unable to delete
(1) Application is accessing the Internet. The program album[1].cmd is preparing to act as server on the network. Developer name: Microsoft. Default option: Allow; (1) Application is accessing the Internet. The programwinlive.exe is connection to the network. Developer name: Not Available. Default option: Allow; (3) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always.
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
33 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// dl DOT dropbox DOT com / u / 35838372 / album DOT cmd? / index DOT html; (2) Denied: HEUR:Trojan-Downlaoder.Win32.Generic
na na na 1 1
33 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
33 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:Win32/Banker.G. Recommended action: Remove.
na na na 1 1
33 NIS Toaster Removed album[1].cmd is not safe and has been removed. n/a n/a n/a 1 1 33 TIS none none none none none none 1 33 PCT Pop up Quarantine Behaviour Guard detected suspicious activity in winds,
album[1].cmd n/a n/a n/a 1 1
34 AVA 1)Toaster, 2)Toaster
1)Blocked, 2)Quarantine
1)Malware blocked. Avast! File System Shield has blocked a threat. No further action is required. Infection: HTML:Iframe-inf 2)Malware blocked. Avast! Script Shield has blocked a threat. No further action is required. Infection: HTML:Iframe-inf Action: Moved to chest
n/a n/a n/a 1 1
34 AVG 1)Warning on the browser, 2)Pop up
Blocked 1)Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection. 2)Threat was blocked! File name: index.php Threat name: Exploit Blackhole Exploit Kit (type 2029)
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 77 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
34 AVI 1)Toaster, 2)Toaster
Removed 1)Guard: Malware found. A virus or unwanted program 'JS/Blacole.A' was found in file index[1].htm Access to file was denied. Please select a further action: (default: Remove) 2)Guard: Malware found. AntiVir Guard detected 3 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1
34 BDF Toaster Blocked BitDefender has blocked multiple viruses! Virus Name: ExploitJS.Agent.BG (File access was blocked), Virus Name: Gen:Variant.Kazy.31516 (File access was blocked). The infected objects have been treated. Your PC is protected!
n/a n/a n/a 1 1
34 ESS Toaster Terminated - Quarantined
Threat: HTML/Iframe.B.Gen virus Connection terminated - quarantined
n/a n/a n/a 1 1
34 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus:HTML:Iframe-inf (Engine B). File: ccard[1].htm. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
34 K7 toaster Quarantined (after required reboot)
High Security Risk Found! Suspicious Program (ID30005). Marked for deletion after restart.
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
34 KIS toaster Denied Denied: Trojan-Downloader.JS.Agent.qdq na na na 1 1
PC Anti-Virus Protection 2012 Page 78 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
34 MIS none none (see note)
none (1-3) toaster; (4) report
(1) Removed; (2) Blocked; (3) Removed; (4) Removed
(1) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FAkeAlert!qrb (Trojan); (2) Risky Connection Blocked. McAfee has blocked your PC from making a potentially risky connection. IP Address: 95.211.22.217. Program: Generic Host Process for Win32 Services.; (3) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FAkeAlert!qrb (Trojan); (4) Viruses, Trojans, and Cookies Removed: TDSS e!rootkit, Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
PC Anti-Virus Protection 2012 Page 79 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
34 MSE pop-up Removed (after required reboot)
Security Essentials detected 3 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Exploit:JS/Blacole.A, Trojan:Win32/FakeSysdef, Exploit:Win32/PDfjsc.RF. Recommended action: Remove.
na na na 1 1
34 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
34 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
34 PCT none none none n/a n/a n/a 1 1 35 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has
blocked a harmful site. Infection: URL:Mal n/a n/a n/a 1 1
35 AVG 1)Pop up, 2)Pop up
Quarantine 1)Threat detected! Threat name: Trojan horse BackDoor.Generic14.HFL Detected on open. (default: Move to Vault) 2)Threat detected. Threat name: "Win32/Kryptic.PTH Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)
Warning: 1, Removed and healed
Moved to Virus Vault
Corrupted executable file
1
35 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'BDS/Paprs.cyd' was found in file readme[1].exe Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
35 BDF Toaster Blocked BitDefender has blocked multiple viruses! Virus Name: Trojan.Generic.KD.2847... (File access was blocked), Virus Name: Gen:Variant.Kazy.26919 (File access was blocked). The infected objects have been treated. Your PC is protected!
n/a n/a n/a 1 1
35 ESS 1)Warning on the browser, 2)Toaster, 3)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked. 3)Address has been blocked.
n/a n/a n/a 1 1
35 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.26919 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
PC Anti-Virus Protection 2012 Page 80 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
35 K7 toaster Access denied
High Security Risk Found! Backdoor (0028b0291) na na na 1 1
35 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// isof DOT susubbs DOT com / d DOT php?f=45&amp;amp;amp;amp;amp;e=6; (2) Denied: http:// isof DOT susubbs DOT com / d DOT php?f=45&amp;amp;amp;amp;amp;e=6 and http:// isof DOT susubbs DOT com / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
35 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected:Generic.dx!zym (Trojan)
na na na 1 1
35 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanSpy:Win32/Ursnif.gen!J. Recommended action: Remove.
na na na 1 1
35 NIS Toaster Removed readme[1].exe is not safe and has been removed. n/a n/a n/a 1 1 35 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
35 PCT 1)Pop up 2) Toaster 3) Toaster
1) Block 2) Quarantined 3) Removed
1)Internet Security has blocked the high risk threatBackdoor.trojan , 2)Download Guard detected a threat in README[1].EXE, this file has been automatically quarantined for your protection. 3)IntelliGuard was enabled and 1 detected infections were successfully removed.
n/a n/a n/a 1 1
36 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
36 AVG Toaster Quarantine 1)Threat detected! Threat name: Trojan horse Generic_r.GX Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
36 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Dropper.Gen' was found in file 216028[1].exe Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
36 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Trojan.Generic.KD.294159 Location: 216028[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 81 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
36 ESS 1)Warning on the browser, 2)Toaster, 3)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked. 3)Address has been blocked.
n/a n/a n/a 1 1
36 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Genric.KD.294159 (Engine A). File: 216028[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
36 K7 toaster Blocked (see note)
System monitor alert. New AppInitDll Entry Found! A new program () has been added as a registry entry to load automatically when you logon. Normally other than userinit.exe no other program should be present here. Advise: Not available. Please proceed with caution! Default option: Block Always.
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
36 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// dastall DOT dyndns-wiki DOT com / maklr / d4 DOT php; (2) Denied: http:// dastall DOT dyndns-wiki DOT com / maklr / d4 DOT php and http:// dastall DOT dyndns-wiki DOT com / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
36 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.qrp!k (Trojan)
na na na 1 1
36 MSE pop-up Removed (see note)
Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . TrojanDownloader:Win32/Vundo.HIY Recommended action: Remove.
report Removed TrojanDownloader:Win32/Vundo.HIY
1
36 NIS Toaster Removed 216028[1].exe is not safe and has been removed. n/a n/a n/a 1 1 36 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
36 PCT none none none none none none 1 37 AVA Toaster Blocked Dropper blocked. The threat was detected when the file
was created or modified. n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 82 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
37 AVG 1)Pop up, 2)Pop up
Quarantine 1)Threat detected. Threat name: TR/Dldr.Delphi.Gen Category: Unknown Description: This is a potentially unwanted application. These are programs that computer users wish to be made aware of. (default: Move to Vault) 2)Threat detected! Threat name: Trojan horse Generic4_c.AKEZ Detected on open (default: Move to Vault)
Warning: 1, Removed and healed
Moved to Virus Vault
Corrupted executable file
1
37 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Dldr.Delphi.Gen' was found in file imagem[1].com Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
37 BDF Toaster Blocked BitDefender has blocked a virus! Virus name: Gen:Trojan.Heur.PT.cGW@bC4ztaoG Location: imagem[1].com Access to this file has been denied.
n/a n/a n/a 1 1
37 ESS Toaster Terminated - Quarantined
Threat: a variant of Win32/TrojanDownloader.Banload.PKX trojan Connection terminated - quarantined
n/a n/a n/a 1 1
37 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Trojan.Heur.PT.cGW@bC4ztaoG (Engine A). File: imagem[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
37 K7 toaster Access denied
High Security Risk Found! Trojan-Downloader (85360ede0)
na na na 1 1
37 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// dl DOT dropbox DOT com / u / 35882506 / imagem DOT com?comprovante DOT bap / index DOT html; (2) Denied: HEUR:Trojan-Downlaoder.Win32.Generic
na na na 1 1
37 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: PWS-Banker!qyf (Trojan)
na na na 1 1
37 MSE pop-up Removed (see note)
Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Trojan:WinNT/Bancos.G. Recommended action: Remove.
none none (see note) Scan completed on 175778 items. No threats were detected on your computer during this scan.
1
37 NIS Toaster Removed imagem[1].com is not safe and has been removed. n/a n/a n/a 1 1 37 TIS Toaster Removed Some security threats have been removed for your
safety. none none none 1
PC Anti-Virus Protection 2012 Page 83 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
37 PCT 1)Pop up 2) Toaster 3) Toaster
1) Yes 2) Block 3) Removed
1)Imagem[1] is trying to access the internet. 2) Internet Security has blocked the high risk threat HeurEngine.MaliciousPacker. 3) IntelliGuard was enabled and 1 detected infections were successfully removed.
n/a n/a n/a 1 1
38 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
38 AVG Pop up Quarantine Threat detected! File name: info[1].exe Threat name: Trojan horse FakeAlert.AFB Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
38 AVI none none none n/a n/a n/a 1 1 38 BDF Toaster Blocked BitDefender has blocked a virus! Virus name:
Trojan.Generic.KDV.293602 Location: info[1].exe Access to this file has been denied.
Resolved items: 1. No threats require your attention.
Deleted Cookie.DoubleClick
1
38 ESS 1)Warning on the browser, 2)Toaster, 3)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked. 3)Address has been blocked.
n/a n/a n/a 1 1
38 GDA pop-up Disinfected (after required reboot)
Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.KDV.293602 (Engine A). File: info[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; Unable to place file in quarantine because access is blocked. The file will be deleted next time the system restarts!
na na na 1 1
38 K7 toaster Quarantined (after required reboot) (see note)
High Security Risk Found! Suspicious Program (ID30003). Marked for deletion after restart.
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
38 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// x400 DOT bz DOT cm / d DOT php?f=19&e=0; (2) Denied: http:// x400 DOT bz DOT cm / d DOT php?f=19&e=0 andhttp:// x400 DOT bz DOT cm / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
38 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FakeAlert-Rena.p (Trojan)
na na na 1 1
PC Anti-Virus Protection 2012 Page 84 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
38 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Rogue:Win32/FakeRean. Recommended action: Remove.
na na na 1 1
38 NIS Toaster Removed Info[1].exe is not safe and has been removed. n/a n/a n/a 1 1 38 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
38 PCT Pop up Quarantine Behaviour Guard detected suspicious activity in winds, INFO[1].exe
n/a n/a n/a 1 1
39 AVA Toaster Blocked Trojan horse blocked. HTML:Downloader-AC [Trj] n/a n/a n/a 1 1 39 AVG none none none n/a n/a n/a 1 1 39 AVI none none none n/a n/a n/a 1 1 39 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name:
Trojan.Generic.KD.296178 Location: javafire58115.exe Access to this file has bee denied.
n/a n/a n/a 1 1
39 ESS Toaster Terminated - Quarantined
Threat: Java/TrojanDownloader.Agent.NCC trojan Connection terminated - quarantined
n/a n/a n/a 1 1
39 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: HTML:Downloader-AC [Trj] (Engine B). File: izle-Teen-Wolf-1-Sezon-6-Bolum[1].htm. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
39 K7 pop-up Allowed access to the Internet (see note)
Application is accessing the Internet. The program javafire25800.exe is connection to a network. Developer name: Microsoft. Default option: Allow.
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
39 KIS none none (see note)
none na na na 1 1
39 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!1B528CF64850 (Trojan)
na na na 1 1
39 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . TrojanDownloader:Java/OpenConnection.C. Recommended action: Remove.
na na na 1 1
PC Anti-Virus Protection 2012 Page 85 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
39 NIS Toaster Removed javafire37568.exe is not safe and has been removed. n/a n/a n/a 1 1 39 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
39 PCT Pop up Blocked Internet Security has blocked the high risk threat Trojan.ByteVerify
n/a n/a n/a 1 1
40 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
40 AVG Toaster Blocked Threat detected. File name: WUE.EXE Threat name: "Win32/Kryptic.QPO Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault)
n/a n/a n/a 1
40 AVI none none none A virus or unwanted program was found!
Move to quarantine Moved to quarantine: Eicar-Test-Signature
1
40 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Gen:Variant.FakeAlert.88 Location: readme[1].exe Access to this file has been denied.
Resolved items: 1. No threats require your attention.
Deleted Cookie.DoubleClick
1
40 ESS 1)Warning on the browser, 2)Toaster, 3)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked. 3)Address has been blocked.
n/a n/a n/a 1 1
40 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus:Gen:Vriant.FakeAlert.88 (Engine A). File: readme[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; Unable to place file in quarantine because access is blocked. The file will be deleted next time the system restarts!
na na na 1 1
40 K7 toaster Quarantined (after required reboot) (see note)
High Security Risk Found! Suspicious Program (ID30003). Marked for deletion after restart.
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
PC Anti-Virus Protection 2012 Page 86 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
40 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// games DOT localtraficattorneus DOT com / d DOT php?f=19&e=2; (2) Denied: http:// games DOT localtraficattorneus DOT com / d DOT php?f=19&e=2 and http:// games DOT localtraficattorneus DOT com / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
40 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FakeAlert-Rena.p (Trojan)
na na na 1 1
40 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Rogue:Win32/FakeRean. Recommended action: Remove.
na na na 1 1
40 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
40 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
40 PCT Pop up Blocked Behaviour Guard detected suspicious activity in winds,README[1].exe
n/a n/a n/a 1 1
41 AVA Toaster Blocked Trojan horse blocked. Win32:Small-JPG n/a n/a n/a 1 1 41 AVG Pop up Quarantine Threat detected! File name: load[1].exe Threat name:
Trojan horse Flooder.O Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
41 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'WORM/Rbot.Gen' was found in file load[1].exe Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
41 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Trojan.Generic.5959985 Location: load[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
41 ESS Toaster Blocked Threat: Win32/Agent.NGC trojan Connection terminated - quarantined
n/a n/a n/a 1 1
41 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.5959985 (Engine A). File: load[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
PC Anti-Virus Protection 2012 Page 87 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
41 K7 toaster Access denied
High Security Risk Found! Trojan-Downloader (00014ede1)
na na na 1 1
41 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// ad DOT inewsweek DOT cn / docs / DOT q / load DOT php; (2) Denied: URL: http:// ad DOT inewsweek DOT cn / docs / DOT q / load DOT php (analysis using the base of suspicious URLs)
na na na 1 1
41 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: FDoS-BEnergy (Trojan)
na na na 1 1
41 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Backdoor:Win32/Phdet.gen!A. Recommended action: Remove.
na na na 1 1
41 NIS Toaster Removed load[1].exe is not safe and has been removed. n/a n/a n/a 1 1 41 TIS Pop up Restart You must restart the computer to finish removing a
security threat in the file named below. Load[1].exe n/a n/a n/a 1 1
41 PCT 1)Pop up 2)Toaster
Blocked 1)Internet Security has blocked the high risk threat Downloader.Generic. 2) IntelliGuard was enabled and 1 detected infections were successfully removed.
n/a n/a n/a 1 1
42 AVA Toaster Blocked Malware blocked. Avast! File System Shield has blocked a threat. Infection: Win32:Malware-gen
n/a n/a n/a 1 1
42 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse Downloader.Generic11.BIXL Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
42 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'TR/Downloader.Gen' was found in file FlashUpdate[1].exe Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
42 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Trojan.Generic.6342238 Location: FlashUpdate[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
42 ESS Toaster Terminated - Quarantined
Threat: Win32/ProxyChanger.T trojan Connection terminated - quarantined
n/a n/a n/a 1 1
42 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Generic.6342238 (Engine A). File: FlashUpdate[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
PC Anti-Virus Protection 2012 Page 88 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
42 K7 toaster (2x)
(1) Access denied; (2) Removed
(1) High Security Risk Found! Trojan (ce03e6000); (2) High Security Risk Found! Riskware (b7a972fl0)
na na na 1 1
42 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// host11 dot 186-109-81 DOT telecom DOT net DOT ar / PortalZafiro / Lib /FlashUpdate DOT exe; (2) Denied: Trojan-Downloader.Win32.Delf.hfrh
na na na 1 1
42 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!2A0A224BED00 (Trojan)
na na na 1 1
42 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . TrojanSpy:Win32/Bancos.ACM. Recommended action: Remove.
na na na 1 1
42 NIS Toaster Removed FlashUpdate[1].exe is not safe and has been removed. n/a n/a n/a 1 1 42 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
42 PCT 1)Pop up 2)Toaster 3) Toaster
1)yes 2)Quarantine 3)Blocked
1)Flashupdate[1].exe is trying to access the internet. 2)Behaviour Guard detected suspicious activity in Flashupdate[1].exe. 3) Internet security has blocked an application attempting to close a file.
n/a n/a n/a 1 1
43 AVA Toaster Blocked Spyware blocked. Threat detected! Move to Chest Threat: Win32:Spyware-gen[Spy]
1
43 AVG Pop up Quarantine Threat detected. Threat name: "Win32/TrojanDownloader.Banload.QBI Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you […] (default: Move to Vault)
Warning: 1, Removed and healed
Moved to Virus Vault
Corrupted executable file
1
43 AVI none none none 4 viruses and/or unwanted programs were found | Detections: 4, Moved: 3
Move to quarantine Moved to quarantine: Eicar-Test-Signature, TR/Spy.Banocs.ZL.28 (in modulo[1].txt), TR/Spy.Bancos.ZL.28 (in iexplorer.txt)
1
PC Anti-Virus Protection 2012 Page 89 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
43 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Trojan.Crypt.Delf.AG Location: Adobe-Acrobate01634[1].com Access to this file has been denied.
n/a n/a n/a 1 1
43 ESS Toaster Terminated - Quarantined
Threat: a variant of Win32/TrojanDownloader.Banload.QBI trojan Connection terminated - quarantined
n/a n/a n/a 1 1
43 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Crypt.Delf.AG (Engine A). File:Adobe-Acrobate01634[1].com. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
43 K7 (1) pop-up; (2) toaster; (3) pop-up; (4) toaster
(1) Allowed access to the Internet; (2) Removed; (3) Allowed access to the Internet; (4) Removed (see note)
(1) Application is accessing the Internet. The program Adobe-Acrobate01634[1].com is connection to a network. Developer name: Not Available. Default option: Allow; (2) High Security Risk Found! Riskware (0015e4f01); (3) Application is accessing the Internet. The program msmsgs.exe is connection to a network. Developer name: Not Available. Default option: Allow; (4) High Security Risk Found! Riskware (8ea0f2f10)
none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
43 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// dress2impress DOT nl / templates / adobe-acrobat DOT php?open; (2) Denied: HEUR:Troja-Downlaoder.Win32.Generic
na na na 1 1
43 MIS toaster Removed Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic Downlaoder.x!fod (Trojan)
na na na 1 1
43 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . TrojanDownloader:Win32/Banload.QI. Recommended action: Remove.
na na na 1 1
43 NIS Toaster Removed adobe-acrobat01634[1].com is not safe and has been removed.
n/a n/a n/a 1 1
43 TIS none none none n/a n/a n/a 1 1 43 PCT Pop up Quarantine Behaviour Guard detected suspicious activity in ADOBE-
ACROBATE01634[1].COM n/a n/a n/a 1 1
44 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 90 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
44 AVG Pop up Quarantine Threat detected! Threat name: Virus found JS/Generic Detected on open. (default: Move to Vault)
Warning: 1, Infections: 1
Moved to Virus Vault
Virus found JS/Generic
1
44 AVI Toaster Removed Guard: Malware found. A virus or unwanted program 'JS/Blacole.A' was found. Access to file was denied. Please select a further action: (default: Remove)
3 viruses and/or unwanted programs were found | Detections: 4, Moved: 3
Move to quarantine HTML/rug.A.3 HTML script virus, EXP/2010-0840.AC exploit, Eicar-Test-Signature
1
44 BDF Toaster Blocked BitDefender has blocked multiple viruses! Virus Name: Gen:Variant.Downloader... File access was blocked. Virus Name: Gen:Variant.Downloader... File access was blocked.
Solved issues: 2. No threats require your attention.
Deleted Gen:Variant.Downloader.127 and Cookie.DoubleClick
1
44 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
44 GDA pop-up (2x)
(1) Blocked; (2) Disinfected
(1) Virus alert. An attempt was made to access an infected file. Virus: Java:Agent-PM [Expl] (Engine B). File: jar_cache6623.tmp. Default option: Block file access; (2) Virus alert. An attempt was made to access an infected file. Virus: VBS:Agent-KP [Trj] (Engine B). File:l.vbs. Default option: Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
44 K7 none none (see note)
none none none (see note) Scan Completed. No Viruses, spyware or other risks were found.
1
44 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// uhgswbufds DOT com / index DOT php?tp=001e4bb7b4d7333d; (2) Denied: http:// uhgswbufds DOT com / index DOT php?tp=001e4bb7b4d7333d and http:// uhgswbufds DOT com / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
PC Anti-Virus Protection 2012 Page 91 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
44 MIS none none (see note)
none none none (see note) Viruses, Trojans, and Cookies Removed: Cookie-Insightexpres, Cookie-Doubleclick, Cookie-Atdmt
1
44 MSE pop-up (2x)
Removed (2x) (1) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: TrojanDownloader:HTML/Adodb.gen!A. Recommended action: Remove.; (2) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.; (2) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: PWS:Win32/Sinowal.gen!Y. Recommended action: Remove.
na na na 1 1
44 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
44 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
44 PCT Toaster Yes Services and Controller app is trying to gain kernel access. Event type: Registry Set Drivers Image Path. Do you allow this application to perform this operation?
n/a n/a n/a 1 1
45 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
45 AVG Warning on the browser
Blocked Danger: Search-Shield has detected active threats on this page and has blocked access for your protection.
n/a n/a n/a 1 1
45 AVI none none none n/a n/a n/a 1 1 45 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name:
Trojan.Downloader.Istbar.ZG Location: istsvc_updater[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
45 ESS Toaster Blocked Address has been blocked. n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 92 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
45 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Trojan.Downloader.Istbar.ZG (Engine A). File: istsvc_updater[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
45 K7 toaster Access denied
High Security Risk Found! Trojan-Downloader (282294dd0)
na na na 1 1
45 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// cache DOT ysbweb DOT com / ist / softwares / istupdates / istsvc_updater DOT exe; (2) Denied: http:// cache DOT ysbweb DOT com / ist / softwares / istupdates / istsvc_updater DOT exe (analysis using the database of suspicious URLs)
na na na 1 1
45 MIS (1) pop-up; (2) dialogue box
Removed (see note)
(1) Potentially Unwanted Program Blocked. McAfee prevented a potentially unwanted program from running. Protect your PC by only allowing programs you trust. Potentially unwanted programs can compromise your privacy or security. They can include spyware, adware, and dialers, and can be downloaded with the programs you want. Name: Artemis!1346575A86C3. Default option: Remove. (2) McAfee was unable to remove this program. Please try removing it using Add or Remove Programs in Windows.
na na na 1 1
45 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . BrowserModifier:Win32/ISTbar.F. Recommended action: Remove.
na na na 1 1
45 NIS Toaster Removed istsvc_updater[1].exe is not safe and has been removed. n/a n/a n/a 1 1 45 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
45 PCT 1)Pop up 2)Toaster 3) Toaster
1)Block 2)Quarantine 3)Removed
1)Internet Security has blocked high risk threat Trojan.ISTbar. 2)Download Guard detected a threat in ISTSC_UPDATER[1].EXE This file has been automatically quarantined for your protection. 3) IntelliGuard was enabled and 1 detected infections were successfully removed.
n/a n/a n/a 1 1
46 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 93 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
46 AVG Pop up Quarantine Threat detected. Threat name: Trojan.Agent Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat.
Warning: 1, Removed and healed
Moved to Virus Vault
Corrupted executable file
1
46 AVI none none none 3 viruses and/or unwanted programs were found
Delete (see notes) BOO/TDss.M in the Master boot sector HD0 (deleted) and BOO/TDss.M in the Boot sector 'C:\', Eicar-Test-Signature
1
46 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name: Gen:Variant.FaceAlert.47 Location: contacts[1].exe Access to this file has been denied.
n/a n/a n/a 1 1
46 ESS Toaster Blocked Threat: a variant of Win32/Kryptik.QSP trojan. Connection terminated - quarantined
n/a n/a n/a 1 1
46 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Varinat.FakeAlert.47 (Engine A). File: contacts[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
PC Anti-Virus Protection 2012 Page 94 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
46 K7 pop-up (5x)
(1) Allowed access to the Internet; (2) Blocked; (3) Blocked; (4) Allowed; (5) Allowed (see note)
(1) Application is accessing the Internet. The program 277008f2.exe is connection to a network. Developer name: Not Available. Default option: Allow; (2) System monitor alert. New AutoStart Entry Found! A new program has been added to run atuomatically whenever Windows boots up. Default option: Block Always.; (3) System monitor alert. Host File has been modified. The system Hosts File has been modified. The canges can redirect the websites to any other harmful sites. (4) Application is accessing the Internet. The program dwm.exe is connection to a network. Developer name: Not Available. Default option: Allow; (5) Application is accessing the Internet. The program csrss.exe is connection to a network. Developer name: Not Available. Default option: Allow
(1) pop-up; (2) pop-up; (3) pop-up; (4) toaster
(1) Allowed; (2) Blocked
1) Application is accessing the Internet. The program conhost.exe is connection to a network. Developer name: Not Available. Default option: Allow; (2) System monitor alert. New AutoStart Entry Found! A new program has been added to to load along with the Operating System. Default option: Block Always; (3) System monitor alert. Host File has been modified. The system Hosts File has been modified. The canges can redirect the websites to any other harmful sites. Default option: Block Always; (4) High Security Risk Found! Riskware (eaa3b7fa0)
1
46 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// fowrsir DOT co DOT tv / k DOT php?f=19&e=4; (2) Denied: HEUR:Trojan.Win32.Generic
na na na 1 1
PC Anti-Virus Protection 2012 Page 95 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
46 MIS pop-up Removed (see note)
Virus Detected. McAfee detected an infected file on your PC. Restart your PC so we can fix it. Detected: W32/Pinkslipbot.gen.x (Virus)
(1) toaster; (2) toaster; (3) report
(1) Blocked; (2) Blocked; (3)
(1) Risky Connection blocked. McAfee has blocked your PC from making a potentially risky connection. IP Address: 188.229.90.136. Program: SYSTEM. Risky connections leave you susceptible to phishing and malware attacks. You can change your Net Guard setting for this program in the Internet Connections for Programs drawer in Firewall. (2) Risky Connection blocked. McAfee has blocked your PC from making a potentially risky connection. IP Address: 194.11.16.143. Program: Generic Host Process for Win32 Services. Risky connections leave you susceptible to phishing and malware attacks. You can change your Net Guard setting for this program in the Internet Connections for Programs drawer in Firewall. (3) Your computer is at risk. 1 remaining issue.
1
PC Anti-Virus Protection 2012 Page 96 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
46 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Backdoor:Win32/Cybot.B. Recommended action: Remove.
report Removed Trojan:DOS/Alureon.A. To finish removing malware and other potentially unwanted software, restart the computer.
1
46 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
46 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
46 PCT 1)Pop up 2)Toaster 4)Toaster 3) Toaster
1)Yes 2)Quarantine 3)Stopped
1CONTACTS[1].exe is trying to modify or control another application. Do you trust this application? 2)This program is attempting to change your security settings and privacy level by modifying which website are trusted by Internet explorer. Risk : Very High file name : 277008F2.EXE. 3)HEUREENGIN.ZERODAYTHREAT Behaviour Guard has detected and stopped malicious activity from a known threat.4) IntelliGuard was enabled and 1 detected infections were successfully removed.
Pop up Removed There are 4 threats and 15 infections in your computer. All infections successfully removed.
1
47 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
47 AVG none none none No infection found during this scan.
none none 1
47 AVI none none none n/a n/a n/a 1 1 47 BDF 1)Toaster,
2)Toaster, 3)Toaster
1)Blocked, 2)Terminated, 3)Changes reverted
1)BitDefender has blocked a virus! Virus Name: Trojan.Generic.KD.299758 Location: calc[1].exe Access to this file has been denied. 2)calc[1].exe was terminated because it was deemed harmful. 3)BitDefender has reverted the changes on your PC. A reboot is required to complete the operation.
Solved issues: 1. No threats require your attention.
Deleted Cookie.DoubleClick
1
47 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 97 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
47 GDA (1) pop-up; (2) pop-up; (3) dialogue box
(1) Quarantined; (2) Quarantined; (3) Warning
(1) Behavior monitoring. Unknown threat. Info[1].exe looks like a malicious program. G Data recommends removing the program. Publisher: Unknown publisher. Started by: info[1].exe. Default option: Stop program and move to quarantine. ; (2) Behavior monitoring. Unknown threat. b6232f3a55a.exe looks like a malicious program. G Data recommends removing the program. Publisher: Unknown publisher. Started by: b6232f3a55a.exe. Default option: Stop program and move to quarantine. ; (3) Unknown malware found in your browser (Fingerprint: [155af454]) Malicious routines have been disabled. It is strongly recommended not to enter any passwords in this browser and not to perform any senstive actions such as online banking until the unidentified malware has been completely removed.
(1) pop-up; (2) report
(1) Quarantined; (2) none
(1) Behavior monitoring. Unknown threat. b6232f3a55a.exe looks like a malicious program. G Data recommends removing the program. Publisher: Unknown publisher. Started by: b6232f3a55a.exe. Default option: Stop program and move to quarantine.; (2) none
1 1
47 K7 (1) pop-up; (2) toaster; (3) pop-up; (4) toaster
(1) Allowed access to the Internet; (2) Removed; (3) Allowed access to the Internet; (4) Removed (see note)
(1) Application is accessing the Internet. The program winlogon.exe is connection to a network. Developer name: Not Available. Default option: Allow; (2) System Monitor Aler! Iexplore Zone Settings have been modified. The following entries have changed: Unknown(1609). Default option: Block; (3) System Monitor Aler! Iexplore Zone Settings have been modified. The following entries have changed: Access data sources across domains(1406); Unknown(1609). Default option: Block.#
(1) pop-up (4x); (2) report
(1) Blocked (4x); (2) none (see note)
(1) System Monitor Aler! IExplore Zone Settings have been modified. The following entries have changed: Access data sources across domains(1406); Unknown(1609). Default option: Block. (4x); (2) Scan Completed. No Viruses, spyware or other risks were found.
1
47 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// joilok DOT in / d DOT php?f=21&; (2) Denied: http:// joilok DOT in / d DOT php?f=21& and http:// joilok DOT in / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
PC Anti-Virus Protection 2012 Page 98 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
47 MIS none none (see note)
none report none (see note) McAfee did not detect any issues on your PC. No further action is required.
1
47 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . VirTool:Win32/VBInject.gen!GR. Recommended action: Remove.
na na na 1 1
47 NIS Toaster Removed Info[1].exe is not safe and has been removed. n/a n/a n/a 1 1 47 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this
website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
47 PCT 1)Pop up 2)Pop up
1) Yes 2)Quarantine
1) Firefox Software Updater is trying to modify or control another application. Do you trust this application? 2) Behaviour Guard detected suspicious activity in Firefox Software Updater. B6232F3A8AA.EXE
n/a n/a n/a 1 1
48 AVA Toaster Blocked Malware blocked. Win32:Malware-gen n/a n/a n/a 1 1 48 AVG none none none n/a n/a n/a 1 1 48 AVI Toaster Removed Guard: Malware found. A virus or unwanted program
'TR/Minggy.2.100' was found in file HackXuVinagame_2011[1].exe. Access to file was denied. Please select a further action: (default: Remove)
n/a n/a n/a 1 1
48 BDF 1)Toaster, 2)Toaster
1)Blocked, 2)Deleted
1)BitDefender has blocked a virus! Virus Name: Gen:Variant.Minggy.2 Location: HackXuVinagame_2011[1].exe Access to this file has been denied. 2)BitDefender has blocked a virus! Virus Name: Gen:Variant.Minggy.2 Location: HackXuVinagame_2011[1].exe BitDefender has deleted the following item because it could not be disinfected.
Solved issues: 1. No threats require your attention.
Deleted Cookie.DoubleClick
1
48 ESS Pop up Warning Warning. Potential threat found. Threat: a variant of Win32/Packed.MoleboxVS.A potentially unwanted application Comment: Threat was detected upon access to web by the application: iexplore.exe. Please submit this object to ESET for analysis. (default: Disconnect)
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 99 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
48 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Minggy.2 (Engine A). File: HackXuVinagame_2011[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
48 K7 toaster Access denied
High Security Risk Found! Trojan (c7cdc4080) na na na 1 1
48 KIS toaster Deleted (after required reboot)
Will be deleted on reboot: Trojan-PSW.Win32.Autoit.m na na na 1 1
48 MIS (1) toaster; (2) dialogue box
Removed (2x) (1) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!ED1E48F2F10E (Trojan); (2) McAfee detected an infected file on your PC. Restart your PC so we can fix it.
na na na 1 1
48 MSE none none (see note)
none none none (see note) Scan completed on 175245 items. No threats were detected on your computer during this scan.
1
48 NIS Toaster Removed hackxuvinagame_2011[1].exe is not safe and has been removed.
n/a n/a n/a 1 1
48 TIS none none none none none none 1 48 PCT 1) Pop up
2) Toaster 1)Blocked 2)Removed
1)Internet Security has blocked the high risk threat Trojan.Dropper 2) IntelliGuard was enabled and 1 detected infections were successfully removed.
n/a n/a n/a 1 1
49 AVA Toaster Blocked Malicious URL blocked. Avast! Network Shield has blocked a harmful site. Infection: URL:Mal
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 100 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
49 AVG 1)Toaster, 2)Toaster, 3)Toaster, 4)Toaster, 5)Toaster
1)Quarantine, 2)Remove, 3)Quarantine, 4)Quarantine, 5)Reboot
1)Threat detected. Threat name: Win32.Carberp.ani Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault), 2)Multiple threat detected: Trojan horse PSW.Generic9.AUC (default: Remove all unhealed) [Note: Action was unsuccessful], 3)Threat detected. Threat name: Win32.Carberp.ani Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault), 4)Threat detected. Threat name: Win32.Carberp.ani Category: Trojan Description: This is a known Trojan/Backdoor. It is recommended that you quarantine this threat. (default: Move to Vault), 5)Threat removal requires computer restart.
Infections: 1, Warnings: 1
Moved to Virus Vault
Trojan horse PSW.Generic9.AUC (infection) and Corrupted executable file (warning)
1
49 AVI 1)Toaster, 2)Toaster, 3)Toaster
Removed 1)Guard: Malware found. A virus or unwanted program 'TR/Crypt.CFI.Gen' was found. Access to file was denied. Please select a further action: (default: Remove), 2)Guard: Malware found. AntiVir Guard detected 3 viruses or unwanted programs. Access was denied. Please select a further action: (default: Remove), 3)Guard: Malware found. A virus or unwanted program 'TR/Crypt.CFI.Gen' was found in file jar_cache58446.tmp. Access to file was denied. Please select a further action: (default: Remove)
8 viruses and/or unwanted programs were found
Moved to quarantine
HTML/rugA.3, Eicar-Test-Signature, JAVA/Exdoer.EJ
1
49 BDF Toaster Blocked BitDefender has blocked multiple viruses! Virus name: Gen:Variant.Kazy.30838 (File access was blocked), Virus Name: Gen:Varian.Kazy.30838 (File access was blocked). The infected objects have been treated. Your PC is protected!
Solved issues: 1. No threats require your attention.
Deleted Cookie.DoubleClick
1
49 ESS 1)Warning on the browser, 2)Toaster
Blocked 1)Access denied! Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous content. 2)Address has been blocked.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 101 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
49 GDA pop-up (4x)
Disinfected (4x)
(1) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30838 (Engine A). File: 0.2389620865515687.exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (2) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30838 (Engine A). File: about[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (3) Virus alert. An attempt was made to access an infected file. Virus: VBS:Agent-KP [Trj] (Engine B). File: l.vbs. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.; (4) Virus alert. An attempt was made to access an infected file. Virus: Gen:Variant.Kazy.30838 (Engine A). File: about[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
PC Anti-Virus Protection 2012 Page 102 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
49 K7 none none (see note)
none (1) pop-up; (2) pop-up; (3) report
(1) Blocked; (2) Blocked; (3); none (see note)
(1) System Monitor Aler! IExplore Zone Settings have been modified. The following entries have changed: Unknown(1809). Default option: Block.; (2) System monitor alert. New Program Found in User StartUp Folder! A new program Gtessz has been added to your StartUp folder to run whenever Windows boots up. Advise: Not Available. Please proceed with caution!. Default option: Block Always; (3) Scan Completed. No Viruses, spyware or other risks were found.
1
49 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http://de DOT c9 DOT b4 DOT a1 DOT top DOT list DOT ipq DOT co / index DOT php?tp=53fa02ad1bfc685a; (2) Denied: http://de DOT c9 DOT b4 DOT a1 DOT top DOT list DOT ipq DOT co / index DOT php?tp=53fa02ad1bfc685a andhttp://de DOT c9 DOT b4 DOT a1 DOT top DOT list DOT ipq DOT co / favicon DOT ico (analysis using the database of suspicious URLs)
na na na 1 1
49 MIS toaster (3x)
Removed (3x) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Artemis!D429D3F95E83 (Trojan) (3x)
na na na 1 1
PC Anti-Virus Protection 2012 Page 103 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
49 MSE pop-up (2x)
(1) Removed (after required reboot); (2) Removed
(1) Security Essentials detected 2 potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Trojan:Win32/Carberp.gen!A and Exploit:JS/Blacole.A. Recommended action: Remove. To complete clean-up, you need to restart your computer. Do you want to restart now? Default option: Yes.; (2) Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: . Trojan:Win32/Carberp.gen!A. Recommended action: Remove.
na na na 1 1
49 NIS Toaster Blocked Norton blocked an attack by:Web Attack : Zombie Toolkit Website
n/a n/a n/a 1 1
49 TIS none none none n/a n/a n/a 1 1 49 PCT 1) Pop up
2) Toaster 1)Blocked 2)Removed
1)Internet Security has blocked the high risk threat Trojan.Gen 2) IntelliGuard was enabled and 1 detected infections were successfully removed.
n/a n/a n/a 1 1
50 AVA none none none n/a n/a n/a 1 1 50 AVG Pop up Quarantine Threat detected! Threat name: Trojan horse
Generic23.BZMQ Detected on open. (default: Move to Vault)
n/a n/a n/a 1 1
50 AVI none none none n/a n/a n/a 1 1 50 BDF Toaster Blocked BitDefender has blocked a virus! Virus Name:
Generic.Banker.Delf.AE29F565 Access to this file has been denied.
Solved issues: 1. No threats require your attention.
Deleted Cookie.DoubleClick
1
50 ESS Toaster Terminated - Quarantined
Threat: Win32/Spy.Banker.WJQ trojan Connection terminated - quarantined
n/a n/a n/a 1 1
50 GDA pop-up Disinfected Virus alert. An attempt was made to access an infected file. Virus: Generic.Banker.Delf.AE29F565 (Engine A). File: 10368policia-inglesa-divullga-fotos-do-corpo-da-cantora-amy-winehouse-WVA[1].exe. Default option: Disinfect (if not possible: quarantine). When you disinfect a file, data loss may occur thereby rendering the file unusable. Are you sure you want to disinfect the file? Default option: Yes.
na na na 1 1
50 K7 toaster Access denied
High Security Risk Found! Trojan (10ea3e230) na na na 1 1
PC Anti-Virus Protection 2012 Page 104 of 106
Incid
ent
Incid
ent
Incid
ent
Incid
ent
Pro
duct
Pro
duct
Pro
duct
Pro
duct
Ale
rtA
lert
Ale
rtA
lert
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(intr
o)
(intr
o)
(intr
o)
(intr
o)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(i
ntr
o)
(intr
o)
(intr
o)
(intr
o)
Ale
rtA
lert
Ale
rtA
lert
(m
anual)
(manual)
(manual)
(manual)
Eff
ect
Eff
ect
Eff
ect
Eff
ect
(manual)
(manual)
(manual)
(manual)
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
Thre
at R
eport
(m
anual)
(manual)
(manual)
(manual)
Com
ple
te
Com
ple
te
Com
ple
te
Com
ple
te
Rem
eR
em
eR
em
eR
em
edia
tion
dia
tion
dia
tion
dia
tion
Defe
nded
Defe
nded
Defe
nded
Defe
nded
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Neutr
aliz
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
Com
pro
mis
ed
50 KIS (1) browser; (2) toaster
(1) Access Denied; (2) Denied
(1) Access Denied. The request URL cannot be provided. URL: http:// winehouse DOT dyndns DOT tv / pop-arte / noticia / 2011 / 07 / 103684policia-inglesa-divulga-fotos-do-corpo-da-cantora-amy-winhouse-WVA.exe; (2) Denied: Trojan.Win32.Hosts2.gen
na na na 1 1
50 MIS toaster (2x)
Removed (2x) Trojan Removed. McAfee detected and automatically removed a Trojan from your PC. No further action is needed. Detected: Generic.bfr!cj (Trojan) (2x)
na na na 1 1
50 MSE pop-up Removed Security Essentials detected 1 potential threat that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Detected items: Trojan:Win32/Comrerop. Recommended action: Remove.
na na na 1 1
50 NIS Toaster Removed 103684policia-inglesea-divulga-fotos-do-corpo-da-contora-amy-winehouse-wva[1].exe is not safe and has been removed.
n/a n/a n/a 1 1
50 TIS Browser Blocked Dangerous Page, Trend Micro confirmed that this website can transmit malicious software or has been involved in online scams or fraud.
n/a n/a n/a 1 1
50 PCT 1)Pop up 2)Toaster 3)Toaster
1) Block 2) Quarantined 3) Removed
1)Internet Security has blocked the medium risk threat: Trojan-PWS.Bancos!rem. 2) Download Guard detected threat in 103684POLICIA-INGLESA-DIVULGA-FOTOS-DO-CORPO-DA-CONTORA-AMY-WINEHOUSE-WVA[1].exe this file has been automatically quarantined for your protection. 3)IntelliGuard was enabled and 1 detected infections were successfully removed.
n/a n/a n/a 1 1
PC Anti-Virus Protection 2012 Page 105 of 106
APPENDIX D: TOOLS
Ebtables
http://ebtables.sourceforge.net
The ebtables program is a filtering tool for a bridging firewall. It can be used to force network traffic transparently
through the Squid proxy.
Fiddler2
www.fiddlertool.com
A web traffic (HTTP/S) debugger used to capture sessions when visiting an infected site using a verification target
system (VTS).
HTTPREPLAY
www.microsoft.com
A SOCKTRC plug-in enabling the analysis and replaying of HTTP traffic.
Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Process Explorer shows information about which handles and DLLs processes have opened or loaded. It also
provides a clear and real-time indication when new processes start and old ones stop.
Process Monitor
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Process Monitor is a monitoring tool that shows real-time file system, Registry and process/thread activity.
Regshot
http://sourceforge.net/projects/regshot
Regshot is an open-source Registry comparison utility that takes a snapshot of the Registry and compares it with a
second one.
Squid
www.squid-cache.org
Squid is a caching web proxy that supports HTTP, HTTPS, FTP and other protocols.
Tcpdump
www.tcpdump.org
Tcpdump is a packet capture utility that can create a copy of network traffic, including binaries.
TcpView
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
TcpView displays network connections to and from the system in real-time.
Windows Command-Line Tools
Those used included 'systeminfo' and 'sc query'. The systeminfo command "enables an administrator to query for
basic system configuration information". The sc command is "used for communicating with the NT Service
Controller and services.
Wireshark
www.wireshark.org
Wireshark is a network protocol analyzer capable of storing network traffic, including binaries, for later analysis.
PC Anti-Virus Protection 2012 Page 106 of 106
APPENDIX E: TERMS OF THE TEST
This test was sponsored by Symantec.
The test rounds were conducted between 14/07/2011 and 26/07/2011 using the most up to date versions of the
software available on any given day.
All products were able to communicate with their back-end systems over the internet.
The products selected for this test were chosen by Symantec.
Samples were located and verified by Dennis Technology Labs.
Products were exposed to threats within 24 hours of the same threats being verified. In practice there was only a
delay of up to three to four hours.
Details of the samples, including their URLs and code, were provided to Symantec only after the test was complete.