Attachments
			
						 (295.87 KiB) Downloaded 65 times
		
		
								
						 Last edited by EP_X0FF on Fri Apr 05, 2013 4:31 am, edited 5 times in total.
						 Reason: Thread description added						 
						
																
            A forum for reverse engineering, OS internals and malware analysis
\\.\SyserAutoruns through HKCU\Software\Microsoft\Windows\CurrentVersion\Run
\\.\SyserDbgMsg
\\.\SyserBoot
\\.\SICE
\\.\NTICE
VBoxService.exe
SbieDll.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Systemspawns winlogon copy with injected code.
DisableTaskMgr
DisableRegistryTools
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
DisableCMD
netsh.exe
firewall set opmode disable