GeSWall Stops Trojan.KillXP

05/30/06 Posted by geswall

Trojan.KillXP stops and deletes Internet Connection Firewall, Windows Automatic Update, System Restore and some other services. GeSWall stops this attack by preventing an access to Service Control Manager.

GeSWall access control log entries:
xpkiller.exe DENY access to SERVICE OBJECT\SharedAccess (SystemObject)
xpkiller.exe READONLY access to SC_MANAGER OBJECT\ServicesActive (SystemObject)
xpkiller.exe DENY access to SERVICE OBJECT\ALG (SystemObject)
xpkiller.exe DENY access to SERVICE OBJECT\wuauserv (SystemObject)
xpkiller.exe DENY access to SERVICE OBJECT\srservice (SystemObject)

Note: Trojan.KillXP poses no threat when run on behalf of non-administrative user account

Posted in GeSWall's Security Tests

GeSWall Blocks Trojan.KillDisk

05/25/06 Posted by geswall

Link: http://wilderssecurity.com/showpost.php?p=755854&postcount=23

Trojun.KillDisk is a dangerous trojan that damages badly the disk content. GeSWall’s access control policy stops it by denying low-level write an access to the disk.

GeSWall access control log entries:
Test.exe REDIRECT access to \Device\Harddisk0\DR0 (File)

Note: Trojan.KillDisk poses no threat when run on behalf of non-administrative user account

Posted in GeSWall's Security Tests

<< 1 2 3 4 5 6 7