--------------------------------------------------------------------------------
2012-06-16T05:05:23.903Z Trace session started - MpWppTracing-06152012-210523-00000003-ffffffff.bin
2012-06-16T05:05:23.903Z Service is asked to be reenabled.
2012-06-16T05:05:23.918Z Task(-EnableService) launched**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 0
Trusted image state = 0 USN = 0
2012-06-16T05:05:23.965Z Loading engine...
2012-06-16T05:05:23.965Z loaded!
2012-06-16T05:05:23.981Z NisUpdate from SignatureDropLocation returns S_OK
2012-06-16T05:05:23.981Z NisUpdate from SignatureDefaultLocation returns S_OK
2012-06-16T05:05:23.981Z Cache Disabled: 0
2012-06-16T05:05:23.981Z Verifying license file...
2012-06-16T05:05:23.996Z verified!
2012-06-16T05:05:23.996Z Product supports installmode: 0
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2012-06-16T05:05:33.746Z Verifying engine and signature files (source: 0) ...
2012-06-16T05:05:34.043Z verified!
2012-06-16T05:05:39.316Z Initializing SQM in engine...
2012-06-16T05:05:39.316Z SQM initialized in the engine successfully
Signature updated on 06-15-2012 21:05:39
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 1.1.8403.0
AS Signature Version: 1.127.2110.0
AV Signature Version: 1.127.2110.0
************************************************************
2012-06-16T05:19:51.888Z Task(SpyNetService -RestrictPrivileges -AccessKey B41301BE-9C78-0CC8-8904-5FCCD6E7B8D2) launched
2012-06-16T05:20:20.842Z DETECTIONEVENT Trojan:Win64/Sirefef.Y containerfile
:\Windows\system32\services.exe;file
:\Windows\system32\services.exe->731;
2012-06-16T05:20:20.842Z DETECTION_ADD Trojan:Win64/Sirefef.Y containerfile
:\Windows\system32\services.exe
2012-06-16T05:20:20.842Z DETECTION_ADD Trojan:Win64/Sirefef.Y file
:\Windows\system32\services.exe->731
Begin Quick Scan
Scan ID:{799EB158-AE43-4701-B791-4361C86C2655}
Scan Source:2
Start Time:06-15-2012 21:05:39
End Time:06-15-2012 21:20:20
Result Count:1
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path
:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path
:\Windows\system32\services.exe
Extended Info:0
End Scan
************************************************************
Begin Resource Scan
Scan ID:{117B0B44-AFF6-4BB3-B870-4EE1EB45AA9B}
Scan Source:6
Start Time:06-15-2012 21:23:07
End Time:06-15-2012 21:23:15
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Windows\system32\services.exe
Explicit resource to scan
Resource Schema:file
Resource Path
:\Windows\system32\services.exe->731
Result Count:1
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path
:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path
:\Windows\system32\services.exe
Extended Info:0
End Scan
************************************************************
Beginning threat actions
Start time:06-15-2012 21:23:16
Threat Name:Trojan:Win64/Sirefef.Y
Threat ID:2147655285
Action:remove
File to act on SHA1:F9509DA95286D5BC9DC8E393868D3A2B80A03F93
!ERROR
Resource action complete:Removal
Schema:file
Path:\\?\D:\Windows\system32\services.exe->731
Threat ID:2147655285
Resource refcount:1
Result:1260
!ERROR
Finished threat ID:2147655285
Threat result:1260
Threat status flags:1
Finished threat actions
End time:06-15-2012 21:23:16
Result:0
2012-06-16T05:23:16.873Z Task(SpyNetService -RestrictPrivileges -AccessKey 6D539E56-3755-E8E4-575E-5AB8EAB1BB84) launched
--------------------------------------------------------------------------------
2012-06-16T05:31:54.948Z Trace session started - MpWppTracing-06152012-213154-00000003-ffffffff.bin
2012-06-16T05:31:54.948Z Service is asked to be reenabled.
2012-06-16T05:31:54.948Z Task(-EnableService) launched**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 0
Trusted image state = 0 USN = 0
2012-06-16T05:31:54.979Z Loading engine...
2012-06-16T05:31:54.979Z loaded!
2012-06-16T05:31:54.979Z NisUpdate from SignatureDropLocation returns S_OK
2012-06-16T05:31:54.979Z NisUpdate from SignatureDefaultLocation returns S_OK
2012-06-16T05:31:54.979Z Cache Disabled: 0
2012-06-16T05:31:54.979Z Verifying license file...
2012-06-16T05:31:54.995Z verified!
2012-06-16T05:31:54.995Z Product supports installmode: 0
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2012-06-16T05:32:05.041Z Verifying engine and signature files (source: 0) ...
2012-06-16T05:32:05.353Z verified!
2012-06-16T05:32:10.782Z Initializing SQM in engine...
2012-06-16T05:32:10.782Z SQM initialized in the engine successfully
Signature updated on 06-15-2012 21:32:10
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 1.1.8403.0
AS Signature Version: 1.127.2110.0
AV Signature Version: 1.127.2110.0
************************************************************
2012-06-16T08:17:40.043Z Task(SpyNetService -RestrictPrivileges -AccessKey 46F38A1C-1ABE-43D3-7CAC-8455A966EAA1) launched
2012-06-16T08:18:08.857Z DETECTIONEVENT Trojan:Win64/Sirefef.Y containerfile
:\Windows\system32\services.exe;containerfile
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000;file
:\Windows\system32\services.exe->731;file
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731;
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y containerfile
:\Windows\system32\services.exe
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y containerfile
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y file
:\Windows\system32\services.exe->731
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y file
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
2012-06-16T08:18:08.872Z DETECTIONEVENT Exploit:Java/CVE-2011-3544.gen!A containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809;containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba;containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9;containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class;
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTIONEVENT Exploit:Java/CVE-2011-3544.E containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class;
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.E containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.E file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
2012-06-16T08:18:08.872Z DETECTIONEVENT Exploit:Java/CVE-2010-0840.NS containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c;containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889;containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class;
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
2012-06-16T08:18:08.872Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection.OU containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248;containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386;containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class;
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
2012-06-16T08:18:08.903Z DETECTIONEVENT Exploit:Java/CVE-2011-3544.L containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e;containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4;containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class;
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
2012-06-16T08:18:08.903Z DETECTIONEVENT Exploit:Java/CVE-2010-0840.NZ containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class;
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
2012-06-16T08:18:08.903Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection.OS containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386;containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class;file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class;
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS containerfile
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS file
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Begin Full Scan
Scan ID:{5C9ACFA3-FD64-4259-9DFE-3CEF2EAEFCAF}
Scan Source:2
Start Time:06-15-2012 21:32:17
End Time:06-16-2012 00:18:08
Result Count:10
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Extended Info:40388481833002
Resource Schema:file
Resource Path
:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Windows\system32\services.exe
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.gen!A
ID:2147654402
Severity:5
Number of Resources:8
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.E
ID:2147652149
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Extended Info:18144559980572
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:0
Unknown File
Identifier:8434420172026019838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path
:\Users\Joanna\Documents\Random\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
Extended Info:5864262463416
Unknown File
Identifier:2032954425894502398
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:5864554302986
Threat Name:Exploit:Java/CVE-2010-0840.NS
ID:2147652622
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OU
ID:2147649594
Severity:5
Number of Resources:9
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Extended Info:18143587116110
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.L
ID:2147652623
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Extended Info:18144749453986
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
Extended Info:0
Threat Name:Exploit:Java/CVE-2010-0840.NZ
ID:2147653114
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Extended Info:18144863684845
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Extended Info:18145099024128
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Extended Info:18142143267630
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OS
ID:2147649428
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
End Scan
************************************************************
Begin Resource Scan
Scan ID:{700460E1-70F5-410B-9774-B51A85A1FC8E}
Scan Source:7
Start Time:06-16-2012 00:18:08
End Time:06-16-2012 00:19:07
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path
:\Users\Joanna\Documents\Random\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
Result Count:3
Threat Name:Exploit:Java/CVE-2011-3544.E
ID:2147652149
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Extended Info:18144559980572
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:0
Unknown File
Identifier:8434420172026019838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path
:\Users\Joanna\Documents\Random\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
Extended Info:5864262463416
Unknown File
Identifier:2032954425894502398
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:5864554302986
End Scan
************************************************************
2012-06-16T15:22:02.439Z Task(SpyNetService -RestrictPrivileges -AccessKey 6099EAB7-010C-A77D-43DF-2EF0AF5E9FE0) launched
Begin Resource Scan
Scan ID:{693F90B7-DD3B-4E0F-894E-D798F1664412}
Scan Source:6
Start Time:06-16-2012 07:21:50
End Time:06-16-2012 07:22:31
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Windows\system32\services.exe
Explicit resource to scan
Resource Schema:containerfile
Resource Path
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Explicit resource to scan
Resource Schema:file
Resource Path
:\Windows\system32\services.exe->731
Explicit resource to scan
Resource Schema:file
Resource Path
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Result Count:9
Threat Name:Exploit:Java/CVE-2011-3544.gen!A
ID:2147654402
Severity:5
Number of Resources:8
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.E
ID:2147652149
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Extended Info:18144559980572
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:0
Unknown File
Identifier:2032954425894502398
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:5864554302986
Threat Name:Exploit:Java/CVE-2010-0840.NS
ID:2147652622
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.L
ID:2147652623
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Extended Info:18144749453986
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OU
ID:2147649594
Severity:5
Number of Resources:9
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Extended Info:18143587116110
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
Extended Info:0
Threat Name:Exploit:Java/CVE-2010-0840.NZ
ID:2147653114
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Extended Info:18144863684845
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Extended Info:18145099024128
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Extended Info:18142143267630
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OS
ID:2147649428
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:file
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Extended Info:40388481833002
Resource Schema:file
Resource Path
:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
Extended Info:0
Resource Schema:containerfile
Resource Path
:\Windows\system32\services.exe
Extended Info:0
End Scan
************************************************************
Beginning threat actions
Start time:06-16-2012 07:22:36
Threat Name:Exploit:Java/CVE-2011-3544.gen!A
Threat ID:2147654402
Action:remove
Threat Name:Exploit:Java/CVE-2011-3544.E
Threat ID:2147652149
Action:remove
Threat Name:Unknown
Threat ID:2032954425894502398
Action:unknown
Threat Name:Exploit:Java/CVE-2010-0840.NS
Threat ID:2147652622
Action:remove
Threat Name:Exploit:Java/CVE-2011-3544.L
Threat ID:2147652623
Action:remove
Threat Name:TrojanDownloader:Java/OpenConnection.OU
Threat ID:2147649594
Action:remove
Threat Name:Exploit:Java/CVE-2010-0840.NZ
Threat ID:2147653114
Action:remove
Threat Name:TrojanDownloader:Java/OpenConnection.OS
Threat ID:2147649428
Action:remove
Threat Name:Trojan:Win64/Sirefef.Y
Threat ID:2147655285
Action:remove
File to act on SHA1:F9509DA95286D5BC9DC8E393868D3A2B80A03F93
File cleaned/removed successfully
File Name
:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Resource action complete:Removal
Schema:file
Path:\\?\D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Threat ID:2147655285
Resource refcount:1
Result:0
File to act on SHA1:F9509DA95286D5BC9DC8E393868D3A2B80A03F93
!ERROR
Resource action complete:Removal
Schema:file
Path:\\?\D:\Windows\system32\services.exe->731
Threat ID:2147655285
Resource refcount:1
Result:1260
File to act on SHA1:1E156D55A7840CFFBD157DB248544323A62ABDCC
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Threat ID:2147652623
Resource refcount:1
Result:0
File to act on SHA1:57C06ABCCFD997B016B5526BC91ACB12B5BD8952
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Threat ID:2147652622
Resource refcount:1
Result:0
File to act on SHA1:57C06ABCCFD997B016B5526BC91ACB12B5BD8952
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Threat ID:2147652622
Resource refcount:1
Result:0
File to act on SHA1:09FE9BADC5CCF2E21A61A60C5E1B2AD4ADFC9E80
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:314DD209521DF8D3F8220F3379AE0C6484CA915C
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Threat ID:2147649428
Resource refcount:1
Result:0
File to act on SHA1:BBABD90DE83C4639710B20410128866F1D423AF9
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1
7C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
File to act on SHA1:2E173E7B52C95406AFAF5804BA74AAC59468E4C5
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:5D4AA3D5B30D011B86F7EE168EEF3A6F0EC4B190
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Threat ID:2147649428
Resource refcount:1
Result:0
File to act on SHA1:83D4F763B8E6A32CD643F65A7B66DE81E8244876
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:1E156D55A7840CFFBD157DB248544323A62ABDCC
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Threat ID:2147652623
Resource refcount:1
Result:0
File to act on SHA1
7C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
File to act on SHA1:5D1100F12C08098CD7706A63868D9911B79F56A4
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Threat ID:2147653114
Resource refcount:1
Result:0
File to act on SHA1:991DE0DA8D6FF59FC1B1ED7E55682BFD6EB91BC1
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Threat ID:2147653114
Resource refcount:1
Result:0
File to act on SHA1:3756A406E1447F91CD32E75831D8C2F8E7936EA3
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Threat ID:2147653114
Resource refcount:1
Result:0
File to act on SHA1:BAC9E81EBF4EFD6BB66C8C3424A3FF93D2A1DA7B
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:1378B55C3DD4B63D2EB6B77C70FA0D51C8032324
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:1E156D55A7840CFFBD157DB248544323A62ABDCC
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Threat ID:2147652623
Resource refcount:1
Result:0
File to act on SHA1
7C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
File to act on SHA1:57C06ABCCFD997B016B5526BC91ACB12B5BD8952
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Threat ID:2147652622
Resource refcount:1
Result:0
File to act on SHA1:BD391319787A0CB31E9DB4B8E9E89A77532EB1AF
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Threat ID:2147652149
Resource refcount:1
Result:0
File to act on SHA1
7C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name
:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
!ERROR
Finished threat ID:2147655285
Threat result:1260
Threat status flags:1
Finished threat ID:2147649428
Threat result:0
Threat status flags:0
Finished threat ID:2147653114
Threat result:0
Threat status flags:0
Finished threat ID:2147649594
Threat result:0
Threat status flags:0
Finished threat ID:2147652623
Threat result:0
Threat status flags:0
Finished threat ID:2147652622
Threat result:0
Threat status flags:0
Finished threat ID:2032954425894502398
Threat result:0
Threat status flags:0
Finished threat ID:2147652149
Threat result:0
Threat status flags:0
Finished threat ID:2147654402
Threat result:0
Threat status flags:0
Finished threat actions
End time:06-16-2012 07:22:40
Result:0