Windows Security Tutorials - Herong's Tutorial Examples - Version 3.00, by Dr. Herong Yang
A couple of weeks ago, my computer got infected by a Trojan after visiting a .cn Website. Since I have McAfee VirusScan running on my Windows XP system. So I reviewed the McAfee OnAccessScanLog.txt log file as the first step to find out how this Trojan infected by computer.
... 10/26/2008 5:58:21 PM Deleted hyang C:\Program Files\Internet Explorer \IEXPLORE.EXE C:\Documents and Settings\hyang\Local Settings \Temporary Internet Files\Content.IE5\UVQLMT01\ilink.htm \000000a0.js JS/Downloader.gen (Trojan) 10/26/2008 6:58:24 PM Script execution blocked hyang IEXPLORE.EXE (http://x.x.cn/swf/fx.htm) Script executed by IEXPLORE.EXE JS/Downloader.gen (Trojan) 10/26/2008 6:01:07 PM Deleted hyang C:\WINDOWS\system32\heb.exe C:\WINDOWS\SYSTEM32\PCAXYOQRXA.EXE PWS-Mmorpg.gen (Trojan) ...
There are only two scenarios for what happened: (1). McAfee VirusScan did not really delete the Trojan downloader and did not really block the execution of the Trojan downloader; (2). The malicious Web page from .cn contains multiple Trojan downloaders. Some of them were too new for McAfee VirusScan to detect and delete. I have no way to confirm which scenario was really happened.
Last update: 2006.
Table of Contents