The first alert of D+ will be of explorer.exe to open rundll32.exe, then it depends from as you have configured rundll32… for this motive I put D+ in Paranoid Mode and configure rundll32.exe all on ask. Proactive Security configuration, Image execution is Aggressive, everything else are at defaults of Proactive Security.D+ rules (mentioned before) are created automatically for rundll32.exe.HOW to configure D+ in Safe mode to trigger alert before allowing rundll32.exe to process this kind of instructions? It looks like it is a malicious instruction. PLElVwkIV.dll is so called Trojan.Winlock.499 according to DrWeb classification.Īccording to this info Setup is a function which is taken from pLElVwkIV.dll. Under root directory there was Autorun.inf file: There was infected flash drive with superhidden folder RECYCLER under root directory and file inside this folder - pLElVwkIV.dll. protected files/folders (allow exception is “…system32*”).protected registry (1 allow exception - no details).“run executable” (allow exception is “%windir%*”).During this period a ruleset for rundll32.exe was automatically created by D+: everything is “allow” without block exceptions, except: Defense+ is in Safe mode since its installation.
0 kommentar(er)
