http://www.iana.org/abuse/answers (((GENERAL))) addresses # jordan >192.168.0.100<------------>192.168.0.1 # “n 192.168.1.1”< -------------->127.0.0.1 # # Use “?” to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=192.168.1.1? showDetails=true&showARIN=false&ext=netref2 NetRange: 192.168.0.0 - 192.168.255.255 CIDR: 192.168.0.0/16 NetName: PRIVATE-ADDRESS-CBLK-RFC1918-IANA-RESERVED NetHandle: NET-192-168-0-0-1 Parent: NET192 (NET-192-0-0-0-0) NetType: IANA Special Use OriginAS: Organization: Internet Assigned Numbers Authority (IANA) RegDate: 1994-03-15 Updated: 2013-08-30 Comment: These addresses are in use by many millions of independently operated networks, which might be as small as a single computer connected to a home gateway, and are automatically configured in hundreds of millions of devices. They are only intended for use within a private context and traffic that needs to cross the Internet will need to use a different, unique address. Comment: Comment: These addresses can be used by anyone without any need to coordinate with IANA or an Internet registry. The traffic from these addresses does not come from ICANN or IANA. We are not the source of activity you may see on logs or in e-mail records. Please refer to http://www.iana.org/abuse/answers Comment: Comment: These addresses were assigned by the IETF, the organization that develops Internet protocols, in the Best Current Practice document, RFC 1918 which can be found at: Comment: http://datatracker.ietf.org/doc/rfc1918 Ref: http://whois.arin.net/rest/net/NET-192-168-0-0-1 OrgName: Internet Assigned Numbers Authority OrgId: IANA Address: 12025 Waterfront Drive Address: Suite 300 City: Los Angeles StateProv: CA PostalCode: 90292 Country: US =================================================== kernel.dll This site contains sample code for a number of user-mode and kernel.dll ================================================== Winlogon.exe ==== Explorer.exe === Svchost.exe ----->(Virus Trojan) ================================================== C:\WINDOWS\system32\winlogon.exe Win32 Virus file -------------> (((winlogon.exe))) Get Winlogon Trojan Info Access (4) [How to remove]---------------> (((winlogon.exe))) ----->system32 in windows XP ---- windows 7 — windows 8 --------------- bois ind HHD ----- ind RAM MB CPU <------------> running 50% to 30% CPU - TechSpot Forums windows nt & windows 95 (((winlogon.exe))) System requirements:–>any system running Windows windows XP / windows 7 / windows 8 ==================== Windows 95/98/ME/NT4/2000–(System root) —>windows XP ---- windows 7 — The Windows API treats key names as null–keys that are visible to the operating system, yet (only) partially visible to Registry tools like Regedit.------ F8 —HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\RECOVERYMANAGER\MSSQL Server\uptime_time_utc Windows API Data mismatch between Windows API and raw hive data. The Reghide sample code at Sysinternals demonstrates this technique, which is used by both malware and root to hide Registry data. You can use the Sysinternals RegDel Null tool to delete keys that contain embedded null characters. windows 8<--------->Media – null----> Windows Server > WORK GROUP = web org Security--------->Automatically scan and exit when done — Don’t scan the Registry windows OS2--------fat12--------fat16----->System windows Don’t ms Dos 6.22 in windows Don’t fat32—fat 64 webinar covers viruses spyware and windows ------>Malware Viruses and windows----------->( www.xxxxxxxx.org )–and other Viruses malware tricks Folder files to System Volume Information the copy Local Disk —of System Windows Server Media(Windows NT 4) -----> Hacker -----> Registry and file system API discrepancies that may indicate the presence of a user-mode-- >screen Windows This is a screenshot of System//Root Revealer detecting the presence of the popular (Hacker) Defender System//Root The Registry key discrepancies show that the Registry keys storing Hacker Defender’s device driver and service settings are not visible to the Windows API, but are present in the raw scan of the Registry hive data. Similarly the HackerDefender-associated files are not visible to Windows API directory scans but are present in the scan of the raw file system data web-------www.xxxxxxxx.org Winlogon.exe / Explorer.exe / Svchost.exe Virus Trojan ==================================================== Find more about viruses that create <winlogon.exe> Uploaded on Apr 11, 2011 Winlogon.exe running 50% to 30% CPU - TechSpot Forums Winlogon.exe trojan - excitador.com No web results for: Winlogon Trojan Suggestions: Make sure all words are spelled correctly. Try different keywords. Try more general keywords. Try fewer keywords. Winlogon.exe / Explorer.exe / Svchost.exe Virus Trojan From scan to scan, the results vary in the following ways: * The number of infections in Svchost.exe varies from 6 to 2. * The numeric value in the Parens changes. * The memory value changes. For example these are the values observed for Explorer.exe: ================================================= | C:\WINDOWS\ explorer.exe (2372):\memory_ 017b0000 |Trojan horse PSW .Agent .AUET |Infected | C:\WINDOWS\explorer.exe(1300):—>\memory_ 01790000 |Trojan horse PSW.Agent.AUET |Infected | C:\WINDOWS\explorer.exe(1200):—>\memory_ 017f0000 |Trojan horse PSW.Agent.AUET |Infected | C:\WINDOWS\explorer.exe(2692):—>\memory_ 01750000 |Trojan horse PSW.Agent.AUET |Infected | C:\WINDOWS\explorer.exe(608):—>\memory_ 017b0000 |Trojan horse PSW.Agent.AUET |Infected | C:\WINDOWS\explorer.exe(1576):—>\memory_ 017d0000 |Trojan horse PSW.Agent.AUET |Infected | C:\WINDOWS\explorer.exe(864):—>\memory_ 017b0000 |Trojan horse PSW.Agent.AUET |Infected Attached are sections from the Scan history, as best I could extract it. The recommended scan was performed: sfc /scannow The Event Log shows it activating and completing, without any corrective entries in between. ======================================== Running Processes: ------------------ C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\windows\system32\ctfmon.exe C:\windows\system32\svchost.exe ------------------------------------------- Mohammed Mohammed Ahmed Al-Lathqani
Mohammed Ahmed Al-Lathqani
3 weeks ago
CLOSE THIS NOTIFICATION
Please start a new topic in V&W: https://forum.avast.com/index.php?action=post;board=4.0