home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2007 November
/
PCWorld_2007-11_cd.bin
/
zabezpeceni
/
threatfire
/
tfinstall.exe
/
{app}
/
TFCRW.dll
/
string.txt
< prev
next >
Wrap
Text File
|
2007-09-20
|
4KB
|
102 lines
501 tries to <access|TriggerAccessFlags> a file
502 tries to <access|TriggerAccessFlags> <x|TriggerCount> files
503 tries to rename a file
504 creates files on <x|TriggerCount> different machines
505 deletes and recreates an existing file
506 creates and then executes a file
507 tries to copy itself
508 tries to write to the ini file <file|TriggerIniFiles>
509 tries to write to the registry
510 tries to call <the API Function|TriggerFunctions> in <the DLL|TriggerDllFiles>
511 tries to write to the address space of another running process
512 tries to create a thread in the address space of another running process
513 monitors key strokes
514 creates a COM object
515 tries to send a HTTP request
516 performs a HTTP download
517 creates <x|TriggerCount> network connections
518 listens for network connections
519 sends <x|TriggerCount> pings
520 downloads an email containing a suspicious link
521 named <file name|TriggerFiles>
522 in <the folder|TriggerFolders>
523 that looks like an executable
524 containing executable code
525 with a suspicious double extension
526 within <y|TriggerSeconds> seconds
527 from <file name|TriggerFiles>
528 to <file name|TriggerFiles2>
529 so it has a suspicious double extension
530 having <file name|TriggerFiles>
531 within <x|TriggerSeconds> seconds
532 to <the section|TriggerKeys>
533 to <the value|TriggerValues>
534 to <the key|TriggerKeys>
535 with <guid|TriggerGuids>
536 with a URL longer than <x|TriggerLength> bytes
537 with a header longer than <y|TriggerLength2> bytes
538 to <the domain or IP|TriggerDomains>
539 retrieving <the file|TriggerFiles>
540 retrieving a file of type <content type|TriggerMimeTypes>
541 from the <domain or IP|TriggerDomains>
542 on port <number|TriggerPorts>
543 to the same domain or IP
544 kill the source process
545 inform the local user
546 write event to the system log
547 send an administarative alert
548 prevent the file access
549 prevent the file rename
550 prevent the copy
551 prevent the file write
552 prevent the registry write
553 prevent the memory write
554 prevent the thread creation
555 prevent the object creation
556 block the request
557 disable the link
558 prevent the connection
559 prevent the listen
560 no options available
561 Error
562 read
563 write
564 delete
565 create
566 execute
567 INI Files (*.ini)*.ini
568 DLL Files (*.dll)*.dll
569 All Files (*.*)*.*
570 When
571 or
572 then
573 When any process\n
574 When any non-interactive process\n
575 When and email program or web browser\n
576 process list
577 Functions
578 You must click on the underlined items and configure them before continuing
579 and
580 the source process is in the system process list
581 the source process is in the trusted process list
582 the source process is <process list|ExcludedProcesses>
583 the target file is <file name|ExcludedFiles>
584 the target file is in <the folder|ExcludedFolders>
585 the target files are <file names|ExcludedFiles>
586 the target files are in <the folder|ExcludedFolders>
587 the target file is originally named <file name|ExcludedFiles>
588 the target file is renamed to <file name|ExcludedFiles>
589 the target ini file is <file name|ExcludedFiles>
590 the target ini section is <section name|ExcludedKeys>
591 the target value is <value name|ExcludedValues>
592 the target registry key is <registry key|ExcludedKeys>
593 the downloaded file is <file name|ExcludedFiles>
594 the downloaded file type is <content type|ExcludedMimeTypes>
595 the port is <number|ExcludedPorts>
596 except when
597 delete the file
598 Registry Keys
599 Registry Values
600 Domains or IP Addresses
601 Ports
