(imported topic written by jvdh11)
I have been tasked to update a report we have for our company that we currently run every morning to view virus activity from the previous 24 hours. Now my boss wants this expanded to include spyware/grayware. The report was originally created by a team member that is no longer with the company so i’m left trying to figure it out. I have attached the current report and highlighted the areas I believe need to be updated. The problem is I don’t know where to find the information I need for reference in order to update that info.
I have figured out how the report pulls the data. At the end of those highlighted areas it references fixlet 21 which is the analysis for virus/malware information. the spyware/grayware is fixlet 42, easy enough to update. Before that in the same line all the corresponding information pulled from that analysis is defined.
example,
Virus info "
14 May 2013 09:34:00 -0300, TROJ_SPNR.0CI312, 6, 1, 0, C:\Windows\assembly\GAC_64\Desktop.ini, NULL"
So I can tell the date obviously, then virus name, then the 6, 1, 0 are as mentioned defined in that code. then virus path
so with the spyware/grayware the output is slightly different
example,
29 Apr 2013 12:03:00 +1000, ADW_CROSSID, 1, 3, 201304291203104948730_ADW_CROSSID
The only difference between the two is the digits in the middle. so for the above example the 1, 3. there is one less digit. I need to find out what those numbers translate to just like the ones in the virus report. If I know this I can simply modify the virus report to reflect the updates numerical values.
I hope I explained this well enough. Thanks to anyone who’s able to help.