Pulled some fresh samples from a machine on 16 July 2014.
MBAM detected the following:
Code: Select all
Even after removing these and cleaning up autoruns, the malware would return. I assume its rootkit-ed, but I cant find the rootkit driver file..I'm not that skilled so I only used GMER, but it finds nothing.
The ZeuS samples spawned an Adobe Flash update install which was legit as far as I can see.. sooo, I guess thanks for that..?
Also, my VirtualBox Win7 install has "GuestAdditions" and no anti-VM patching. I would have thought the malware looked for that and wont run..
Anyway, samples are attached.
You do not have the required permissions to view the files attached to this post.