Author: wazon
Subject: KRECWLENUZWGAI entry in registry - suspicious
Posted: 02 August 2013 at 5:11pm
Found this module.1904.4e69d030.6e1f0000.dll (dumped DLLs from raw memory dump using volatility.exe -> volatility.exe -f raw_memory_dump.raw --profile=Win7SP1x86 dlldump /D --dump-dir dllsdump_results/ ), which Comodo sees as TrojWare.Win32.FraudPack.P.
Edited by wazon - 18 hours 46 minutes ago at 5:14pm
Subject: KRECWLENUZWGAI entry in registry - suspicious
Posted: 02 August 2013 at 5:11pm
Found this module.1904.4e69d030.6e1f0000.dll (dumped DLLs from raw memory dump using volatility.exe -> volatility.exe -f raw_memory_dump.raw --profile=Win7SP1x86 dlldump /D --dump-dir dllsdump_results/ ), which Comodo sees as TrojWare.Win32.FraudPack.P.
But I'm aware that's not the end of research :]
Edited by wazon - 18 hours 46 minutes ago at 5:14pm
