一窝四个 VT Detection ratio: 2 / 45 wgsdgsdgdsgsd.exe

显示全部楼层 · 发表于 2013-1-15 00:52:23

本帖最后由 firefox3 于 2013-1-15 00:54 编辑

https://www.virustotal.com/file/ ... nalysis/1358181882/

https://www.virustotal.com/file/ ... nalysis/1358182001/

https://www.virustotal.com/file/ ... 8173a1204/analysis/

https://www.virustotal.com/file/ ... nalysis/1358181912/

2013-01-15 00:37:52 C:\Program Files (x86)\Java\jre7\bin\java.exe 创建进程 C:\Sandbox\Firefox3\LLQ\user\current\wgsdgsdgdsgsd.exe

2013-01-15 00:38:07 C:\Sandbox\Firefox3\LLQ\user\current\wgsdgsdgdsgsd.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe

2013-01-15 00:38:12 C:\Sandbox\Firefox3\LLQ\user\current\wgsdgsdgdsgsd.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\exp9EB1.tmp.bat

2013-01-15 00:38:26 C:\Sandbox\Firefox3\LLQ\user\current\wgsdgsdgdsgsd.exe 创建进程 C:\Windows\SysWOW64\cmd.exe

2013-01-15 00:38:30 C:\Sandbox\Firefox3\LLQ\user\current\wgsdgsdgdsgsd.exe 创建进程 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe

2013-01-15 00:38:34 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\8555310F

2013-01-15 00:38:38 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2013-01-15 00:38:41 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\System32\taskhost.exe

2013-01-15 00:38:43 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改注册表项 \REGISTRY\REGISTRY\USER\Sandbox_Firefox3_LLQ\user\current\Software\Microsoft\Windows\CurrentVersion\Run

2013-01-15 00:38:46 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2013-01-15 00:38:49 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\System32\taskeng.exe

2013-01-15 00:38:50 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改注册表项 HKUS\SANDBOX_FIREFOX3_LLQ\user\current\software\Microsoft\Windows\CurrentVersion\Run\KB00688755.exe

2013-01-15 00:38:53 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2013-01-15 00:38:55 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\System32\dwm.exe

2013-01-15 00:38:57 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改注册表项 \REGISTRY\REGISTRY\USER\Sandbox_Firefox3_LLQ\user\current\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

2013-01-15 00:38:58 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe

2013-01-15 00:39:01 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改注册表项 HKUS\SANDBOX_FIREFOX3_LLQ\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable

2013-01-15 00:39:04 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\System32\conhost.exe

2013-01-15 00:39:06 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改注册表项 HKUS\SANDBOX_FIREFOX3_LLQ\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer

2013-01-15 00:39:08 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Users\Firefox3\Desktop\soft\TweakCube3\netmaster.exe

2013-01-15 00:39:09 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改注册表项 HKUS\SANDBOX_FIREFOX3_LLQ\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

2013-01-15 00:39:10 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\explorer.exe

2013-01-15 00:39:12 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low

2013-01-15 00:39:14 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files\VMware\VMware Tools\VMwareTray.exe

2013-01-15 00:39:15 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\Microsoft\Windows\Cookies\Low

2013-01-15 00:39:16 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files\VMware\VMware Tools\vmtoolsd.exe

2013-01-15 00:39:17 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Microsoft\Windows\History\Low

2013-01-15 00:39:19 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files\Sandboxie\SbieCtrl.exe

2013-01-15 00:39:20 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\Favorites

2013-01-15 00:39:22 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Users\Firefox3\Desktop\soft\goagent-goagent-91cd5e4\local\goagent.exe

2013-01-15 00:39:23 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized

2013-01-15 00:39:24 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Users\Firefox3\Desktop\soft\goagent-goagent-91cd5e4\local\proxy.exe

2013-01-15 00:39:25 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\Microsoft\Windows\PrivacIE\Low

2013-01-15 00:39:25 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存
C:\Users\Firefox3\Desktop\soft\Ad Muncher4.93\AdMunch.exe

2013-01-15 00:39:26 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\Microsoft\Windows\IECompatCache\Low

2013-01-15 00:39:28 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Users\Firefox3\Desktop\soft\Ad Muncher4.93\AdMunch64.exe

2013-01-15 00:39:30 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\Microsoft\Windows\IETldCache\Low

2013-01-15 00:39:31 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\System32\notepad.exe

2013-01-15 00:39:32 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

2013-01-15 00:39:32 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\Low

2013-01-15 00:39:34 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files (x86)\SogouInput\6.3.0.8227\SogouCloud.exe

2013-01-15 00:39:35 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 创建进程 C:\Windows\SysWOW64\rundll32.exe

2013-01-15 00:39:38 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Users\Firefox3\Desktop\soft\Hash_1.0.4_\Hash_1.0.4_.exe

2013-01-15 00:39:40 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改注册表项 HKUS\SANDBOX_FIREFOX3_LLQ\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

2013-01-15 00:39:42 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Users\Firefox3\AppData\Roaming\360se6\Application\360se.exe

2013-01-15 00:39:47 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2013-01-15 00:39:49 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files\Sandboxie\SandboxieRpcSs.exe

2013-01-15 00:39:50 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe

2013-01-15 00:39:51 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files\Sandboxie\32\SbieSvc.exe

2013-01-15 00:39:52 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files\Sandboxie\SandboxieCrypto.exe

2013-01-15 00:39:52 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe

2013-01-15 00:39:53 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Program Files (x86)\Java\jre7\bin\java.exe

2013-01-15 00:39:56 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\System32\SearchFilterHost.exe

2013-01-15 00:40:03 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZK81YWXS\qCA[1].txt

2013-01-15 00:40:07 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\exp6099.tmp.exe

2013-01-15 00:40:25 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\System32\dllhost.exe

2013-01-15 00:40:37 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 创建进程 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\exp6099.tmp.exe

2013-01-15 00:40:41 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\8555310F\8555310F

2013-01-15 00:40:45 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\expF2AB.tmp.exe

2013-01-15 00:40:52 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 创建进程 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\expF2AB.tmp.exe

2013-01-15 00:41:09 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\exp6099.tmp.exe 修改注册表项 \REGISTRY\REGISTRY\USER\Sandbox_Firefox3_LLQ\user\current\Software\Microsoft\SystemCertificates\My

2013-01-15 00:41:13 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\exp6099.tmp.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2013-01-15 00:41:15 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\exp6099.tmp.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2013-01-15 00:41:18 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\exp6099.tmp.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2013-01-15 00:41:23 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\expF2AB.tmp.exe 修改注册表项 \REGISTRY\REGISTRY\USER\Sandbox_Firefox3_LLQ\user\current\Software\Microsoft\SystemCertificates\My

2013-01-15 00:41:26 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\expF2AB.tmp.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2013-01-15 00:41:27 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\expF2AB.tmp.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2013-01-15 00:41:29 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Temp\expF2AB.tmp.exe 修改文件 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2013-01-15 00:42:19 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\System32\SnippingTool.exe

2013-01-15 00:43:15 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\SysWOW64\dllhost.exe

2013-01-15 00:43:40 C:\Sandbox\Firefox3\LLQ\user\current\AppData\Roaming\KB00688755.exe 访问内存 C:\Windows\System32\wisptis.exe

报告结束

显示全部楼层 · 发表于 2013-1-15 01:03:39

FS 双击，6099入库

显示全部楼层 · 发表于 2013-1-15 01:46:08

前3个 GD没拦截全部QVM20

第四个
网站被阻止！
G Data 互联网安全套装 2013已阻止访问此网站。
该站点包含被感染的代码：Trojan.Generic.8542289 (引擎A), Win32:Crypt-ORW [Trj] (引擎B)。

显示全部楼层 · 发表于 2013-1-15 03:50:48

本帖最后由 284678343 于 2013-1-15 03:54 编辑

To Kaspersky

expF2AB.tmp.exe Trojan-PSW.Win32.Tepfer.ejxx 已删除 2013/01/15 星期二 03:50:28 C:\Test\
KB00688755.exe UDS:DangerousObject.Multi.Generic 已删除 2013/01/15 星期二 03:50:28 C:\Test\
exp6099.tmp.exe Trojan-PSW.Win32.Tepfer.dxpd 已删除 2013/01/15 星期二 03:50:26 C:\Test\
wgsdgsdgdsgsd.exe UDS:DangerousObject.Multi.Generic 已删除 2013/01/15 星期二 03:50:26 C:\Test\

复制代码

更新：

KB00688755.exe,
wgsdgsdgdsgsd.exe - Trojan.Win32.Bublik.aavt

显示全部楼层 · 发表于 2013-1-15 11:13:22

趋势科技,未经授权的更改,名称,KB01373786.exe 检测到的资源或进程 ID:ZwCreateThreadEx 处理措施:已终止.
威胁名称: HEU_CDPLC016
类型: 威胁
受感染文件:C:\Users\zxy\AppData\Local\Temp\expF073.tmp
处理措施: 已移除
检测方式: 关联扫描

威胁名称: HEU_CDPLC016
类型: 威胁
受感染文件:C:\Users\zxy\AppData\Roaming\IDM\Scheduler\q_1.dt
处理措施: 已移除
检测方式: 关联扫描

显示全部楼层 · 发表于 2013-1-15 11:46:08

显示全部楼层 · 发表于 2013-1-15 11:53:59

大蜘蛛发现2个：

余下2个已上报。

显示全部楼层 · 发表于 2013-1-15 11:56:40

留侯发表于 2013-1-15 11:53
大蜘蛛发现2个：

余下2个已上报。

这一段时间你在干嘛，很长时间不见你有点想你了

你在上班么？

显示全部楼层 · 发表于 2013-1-15 11:58:36

3801187 发表于 2013-1-15 11:56
这一段时间你在干嘛，很长时间不见你有点想你了你在上班么？

谢谢关心！
下半年去了下乡基层锻炼，所以上网就不多了。

显示全部楼层 · 发表于 2013-1-15 11:59:04

[可疑文件] 一窝四个 VT Detection ratio: 2 / 45 wgsdgsdgdsgsd.exe

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源