收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 又一个金山安全
12下一页
返回列表 发新帖
查看: 2953|回复: 13
收起左侧

[病毒样本] 又一个金山安全

[复制链接]
绅博周幸
发表于 2011-9-20 02:50:04 | 显示全部楼层 |阅读模式
mipko.ru/files/mipko_time_sheriff_setup_203.exe
回复

举报

dalianjhc1986
发表于 2011-9-20 03:03:39 | 显示全部楼层
http://samples.nod32.com.sg/inde ... 15dcc73298f33547b47
回复

举报

saga3721
发表于 2011-9-20 03:39:35 | 显示全部楼层
红伞杀“SPR/Tool.KGBKeylogger.268 [riskware]”
回复

举报

Mr.Tong
发表于 2011-9-20 05:01:29 | 显示全部楼层
360未知
回复

举报

andoyi
头像被屏蔽
发表于 2011-9-20 05:40:10 | 显示全部楼层
没敢实机测试
回复

举报

留侯
发表于 2011-9-20 09:34:34 | 显示全部楼层
文件加了壳,大蜘蛛:
mipko_time_sheriff_setup_203.exe - 压缩文件 BINARYRES
mipko_time_sheriff_setup_203.exe/data002 - 压缩文件 INNO SETUP
mipko_time_sheriff_setup_203.exe/data002/Script2.bin - 压缩文件 BINARYRES
mipko_time_sheriff_setup_203.exe/data002/0.file 已打包,方式: ASPROTECT
mipko_time_sheriff_setup_203.exe/data002/0.file 已打包,方式: FLY-CODE
mipko_time_sheriff_setup_203.exe/data002/0.file 已打包,方式: ZLIB
mipko_time_sheriff_setup_203.exe/data002/0.file - 压缩文件 BINARYRES
mipko_time_sheriff_setup_203.exe/data002/1.file 已打包,方式: ASPROTECT
mipko_time_sheriff_setup_203.exe/data002/1.file 已打包,方式: FLY-CODE
mipko_time_sheriff_setup_203.exe/data002/1.file 已打包,方式: ZLIB
mipko_time_sheriff_setup_203.exe/data002/1.file - 压缩文件 BINARYRES
mipko_time_sheriff_setup_203.exe/data002/4.file 是风险程序 Program.MPK
mipko_time_sheriff_setup_203.exe/data002/30.file - 压缩文件 NSIS
mipko_time_sheriff_setup_203.exe/data002/30.file/DriverSigning.exe 已打包,方式: FLY-CODE
回复

举报

Palkia
发表于 2011-9-20 09:57:37 | 显示全部楼层
俄语。。。我觉得是正常程序。
回复

举报

jayavira
发表于 2011-9-20 10:01:51 | 显示全部楼层
elg显示病毒,等级为10

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

星晨
发表于 2011-9-20 10:21:11 | 显示全部楼层
BitDefender to
回复

举报

hddu
发表于 2011-9-20 14:08:39 | 显示全部楼层
2011-09-20 14:05:02    运行应用程序      操作:允许
进程路径:F:\virus\mipko_time_sheriff_setup_203.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
命令行:/SL5="$A024A,4585419,140800,F:\virus\mipko_time_sheriff_setup_203.exe"
触发规则:所有程序规则->其它程序设置->*\Temp\*


2011-09-20 14:05:19    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*


2011-09-20 14:05:20    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Documents and Settings\All Users\Application Data\TS
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\Application Data\*


2011-09-20 14:05:23    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-MVDTL.tmp\MPK_FLT.exe
命令行:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT
触发规则:应用程序规则->TEMP临时目录->*\Temp\*->*\Temp\*.exe


2011-09-20 14:05:23    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-MVDTL.tmp\MPK_FLT.exe
文件路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\DriverSigning.exe
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\Application Data\*.exe


2011-09-20 14:05:23    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-MVDTL.tmp\MPK_FLT.exe
文件路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\Application Data\*.exe


2011-09-20 14:05:23    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-MVDTL.tmp\MPK_FLT.exe
文件路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\ndisrd.sys
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\Application Data\*.sys


2011-09-20 14:05:23    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-MVDTL.tmp\MPK_FLT.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj6.tmp\ns7.tmp
命令行:"C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\DriverSigning.exe" /verbose /off
触发规则:所有程序规则->其它程序设置->*\Temp\*


2011-09-20 14:05:24    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj6.tmp\ns7.tmp
文件路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\DriverSigning.exe
命令行:/verbose /off
触发规则:应用程序规则->自动创建规则->?:\*


2011-09-20 14:05:24    修改注册表内容      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\DriverSigning.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing
注册表名称:Policy
触发规则:所有程序规则->其他重要项->*\Software\Microsoft\Driver Signing


2011-09-20 14:05:24    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-MVDTL.tmp\MPK_FLT.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj6.tmp\ns8.tmp
命令行:"C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe" -v -l ndisrd.inf -m ndisrd_m.inf -c s -i nt_ndisrd
触发规则:所有程序规则->其它程序设置->*\Temp\*


2011-09-20 14:05:24    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj6.tmp\ns8.tmp
文件路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
命令行:-v -l ndisrd.inf -m ndisrd_m.inf -c s -i nt_ndisrd
触发规则:应用程序规则->自动创建规则->?:\*


2011-09-20 14:05:33    修改文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\setupapi.log
触发规则:所有程序规则->WINDOWS允许设置->%windir%\*.log


2011-09-20 14:05:33    修改文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\setupapi.log
触发规则:所有程序规则->WINDOWS允许设置->%windir%\*.log


2011-09-20 14:05:33    修改文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\setupapi.log
触发规则:所有程序规则->WINDOWS允许设置->%windir%\*.log


2011-09-20 14:05:35    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\LastGood
触发规则:所有程序规则->WINDOWS全局设置->%windir%\*


2011-09-20 14:05:35    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\LastGood\INF
触发规则:所有程序规则->WINDOWS允许设置->%windir%\LastGood\*


2011-09-20 14:05:35    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\LastGood\INF\oem1.inf
触发规则:所有程序规则->WINDOWS允许设置->%windir%\LastGood\*


2011-09-20 14:05:35    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\LastGood\INF\oem1.inf
触发规则:所有程序规则->WINDOWS允许设置->%windir%\LastGood\*


2011-09-20 14:05:35    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\LastGood\INF\oem1.PNF
触发规则:所有程序规则->WINDOWS允许设置->%windir%\LastGood\*


2011-09-20 14:05:35    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\LastGood\INF\oem1.PNF
触发规则:所有程序规则->WINDOWS允许设置->%windir%\LastGood\*


2011-09-20 14:05:36    修改文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\setupapi.log
触发规则:所有程序规则->WINDOWS允许设置->%windir%\*.log


2011-09-20 14:05:36    修改文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\setupapi.log
触发规则:所有程序规则->WINDOWS允许设置->%windir%\*.log


2011-09-20 14:05:37    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\LastGood\INF\oem2.inf
触发规则:所有程序规则->WINDOWS允许设置->%windir%\LastGood\*


2011-09-20 14:05:37    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\LastGood\INF\oem2.inf
触发规则:所有程序规则->WINDOWS允许设置->%windir%\LastGood\*


2011-09-20 14:05:37    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\LastGood\INF\oem2.PNF
触发规则:所有程序规则->WINDOWS允许设置->%windir%\LastGood\*


2011-09-20 14:05:37    创建文件      操作:允许
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\LastGood\INF\oem2.PNF
触发规则:所有程序规则->WINDOWS允许设置->%windir%\LastGood\*


2011-09-20 14:05:46    修改文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\setupapi.log
触发规则:所有程序规则->WINDOWS允许设置->%windir%\*.log


2011-09-20 14:05:46    修改文件      操作:阻止
进程路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\snetcfg.exe
文件路径:C:\WINDOWS\setupapi.log
触发规则:所有程序规则->WINDOWS允许设置->%windir%\*.log


2011-09-20 14:05:48    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-MVDTL.tmp\MPK_FLT.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj6.tmp\nsF.tmp
命令行:"C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\DriverSigning.exe" /verbose /on
触发规则:所有程序规则->其它程序设置->*\Temp\*


2011-09-20 14:05:48    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj6.tmp\nsF.tmp
文件路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\instimtmp\DriverSigning.exe
命令行:/verbose /on
触发规则:应用程序规则->自动创建规则->?:\*


2011-09-20 14:05:49    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-MVDTL.tmp\MPK_FLT.exe
文件路径:C:\Documents and Settings\All Users\Application Data\TS\DRVFLT\fltun.exe
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\Application Data\*.exe


2011-09-20 14:05:51    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\unins000.exe
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.exe


2011-09-20 14:05:53    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\unins000.exe
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.exe


2011-09-20 14:05:56    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\MPKTS.exe
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.exe


2011-09-20 14:05:57    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\MPKTS.exe
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.exe


2011-09-20 14:06:00    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\MPKTSView.exe
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.exe


2011-09-20 14:06:01    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\MPKTSView.exe
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.exe


2011-09-20 14:06:02    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\MPKTS.dll
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.dll


2011-09-20 14:06:02    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\MPKTS.dll
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.dll


2011-09-20 14:06:02    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\MPKTS64.dll
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.dll


2011-09-20 14:06:02    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\MPKTS64.dll
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.dll


2011-09-20 14:06:03    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\MPKTS64.exe
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.exe


2011-09-20 14:06:04    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\MPKTS64.exe
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.exe


2011-09-20 14:06:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\sqlite3.dll
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.dll


2011-09-20 14:06:05    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\sqlite3.dll
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.dll


2011-09-20 14:06:06    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Images
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*\*


2011-09-20 14:06:07    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*\*


2011-09-20 14:06:08    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\English\invisible.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:09    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\English\password.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:10    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\English\popupmessage.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:11    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\English\settings_node.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:12    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\English\timecontrol.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:13    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\English\update.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:14    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\English\users_node.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:15    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\Russian\invisible.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:16    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\Russian\password.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:16    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\Russian\popupmessage.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:17    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\Russian\settings_node.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:18    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\Russian\timecontrol.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:19    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\Russian\update.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:20    修改文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\Help\Russian\users_node.htm
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.htm


2011-09-20 14:06:20    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\ndisapi.dll
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.dll


2011-09-20 14:06:20    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Program Files\TS\ndisapi.dll
触发规则:所有程序规则->%ProgramFiles%设置->%ProgramFiles%\*.dll


2011-09-20 14:06:22    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\Time Sheriff
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\*


2011-09-20 14:06:23    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\Time Sheriff\Time Sheriff.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-09-20 14:06:25    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\Time Sheriff\Сайт Time Sheriff в Интернете.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-09-20 14:06:27    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\Time Sheriff\Купить сейчас!.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\*菜单\程序\*.lnk


2011-09-20 14:06:29    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\Documents and Settings\Administrator\桌面\Time Sheriff.lnk
触发规则:所有程序规则->Documents and Settings设置(二)->?:\Documents and Settings\*\桌面\*.lnk


2011-09-20 14:06:29    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
文件路径:C:\WINDOWS\system32\runts.lnk
触发规则:应用程序规则->TEMP临时目录->*\Temp\*->%WinDir%\system32\*


2011-09-20 14:06:29    修改注册表内容      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
注册表名称:Userinit
更改后:c:\windows\system32\userinit.exe,C:\Program Files\TS\MPKTS.exe
更改前:C:\WINDOWS\system32\userinit.exe,
触发规则:应用程序规则->WinLogon设置->?:\*->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon*


2011-09-20 14:06:30    创建注册表值      操作:使用任务隔离区操作
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\is-NDLOM.tmp\mipko_time_sheriff_setup_203.tmp
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
注册表名称:DefaultDataInformation
触发规则:应用程序规则->WinLogon设置->?:\*->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon*


回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-2-3 14:55 , Processed in 0.125592 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表