|
|
|
Forum Newbie
Group: Forum Members
Last Login: 2/6/2016 6:14:25 PM
Posts: 1,
Visits: 0
|
|
With auditing enabled the following entry appears with Event ID 4691 when machine is infected with Dynamer!ac Trojan:
<14>Feb 5 20:50:40 telstar-X.alternubis.com MSWinEventLog 1 Security 88182 Fri Feb 5 20:50:40 2016 4691 Microsoft-Windows-Security-Auditing N/A N/A Success Audit telstar-X.alternubis.com Other Object Access Events Indirect access to an object was requested. Subject: Security ID: S-1-5-21-2816896582-3717673338-702387886-2189 Account Name: bishop Account Domain: ALTERNUBIS Logon ID: 0x425E4 Object: Object Type: ALPC Port Object Name: \Sessions\2\Windows\ApiPort Process Information: Process ID: 0x159c Access Request Information: Accesses: Communicate using port Access Mask: 0x1 343434396
The process ID listed here was associated to Microsoft Word.
|
|
|
|
|
Supreme Being
Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 220,
Visits: 0
|
|
| Many different types of security events can be generated due to a malware infection. This may be an instance of that.
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 8/19/2015 12:10:30 AM
Posts: 1,
Visits: 0
|
|
Hi Derek Thomas,
As you mentioned "
Many different types of security events can be generated due to a malware infection. Can you please list the event which can generate during malware infection.
"
|
|
|
|
|
Supreme Being
Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 220,
Visits: 0
|
|
| Malware can create new services, new scheduled tasks, modify certain registry entries, and anything that a user can generate. It is all based on the type of malware.
|
|
|
|