VT Detection ratio: 1 / 47 R4lyHVh.exe

显示全部楼层 · 发表于 2013-10-16 14:59:30

https://www.virustotal.com/en/fi ... nalysis/1381906559/

显示全部楼层 · 发表于 2013-10-16 15:05:13

本帖最后由 jayavira 于 2013-10-16 15:54 编辑

R4lyHVh.exe - Trojan.Win32.Droma.wr

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Best Regards, Kaspersky Lab

显示全部楼层 · 发表于 2013-10-16 15:09:33

百度杀毒国际版不杀
超级巡警二进制启发式引擎杀

显示全部楼层 · 发表于 2013-10-16 15:16:14

360卫士居然被过...诺顿下载分析双击报有风险建议删除

显示全部楼层 · 发表于 2013-10-16 15:28:40

2013/10/16 15:23:55 创建新进程阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: c:\windows\system32\svchost.exe
命令行: "C:\Windows\system32\svchost.exe"
规则: [应用程序组]『询问』病毒测试

2013/10/16 15:23:59 修改注册表值阻止
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\DeleteFlag
值: 0x00000001(1)
规则: [应用程序]c:\windows\system32\services.exe -> [注册表组]驱动服务 -> [注册表]*\System\*Controlset*\Services\*

2013/10/16 15:24:05 访问COM接口阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Windows Management and Instrumentation
规则: [应用程序组]『询问』病毒测试

2013/10/16 15:24:07 删除注册表项阻止
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Enum
规则: [应用程序]c:\windows\system32\services.exe -> [注册表组]驱动服务 -> [注册表]*\System\*Controlset*\Services\*

2013/10/16 15:24:09 删除注册表项阻止
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
规则: [应用程序]c:\windows\system32\services.exe -> [注册表组]驱动服务 -> [注册表]*\System\*Controlset*\Services\*

2013/10/16 15:24:12 访问COM接口阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Windows Management and Instrumentation
规则: [应用程序组]『询问』病毒测试

2013/10/16 15:24:13 创建注册表项阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\R4lyHVh_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/10/16 15:24:14 创建注册表项阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\R4lyHVh_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/10/16 15:24:15 创建注册表项阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\R4lyHVh_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/10/16 15:24:16 修改注册表值阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/10/16 15:24:17 创建注册表项阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\R4lyHVh_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/10/16 15:24:18 修改注册表值阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 02 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 d0 b7 bf 7e 13 c6 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 c0 a8 01 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 dd 82 11 2a 28 78 3b 0c 3f 57 fe 95 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/10/16 15:24:19 创建注册表项阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\R4lyHVh_RASMANCS
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/10/16 15:24:20 修改注册表值阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 02 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 d0 b7 bf 7e 13 c6 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 c0 a8 01 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 dd 82 11 2a 28 78 3b 0c 3f 57 fe 95 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/10/16 15:24:21 创建注册表项阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\R4lyHVh_RASMANCS
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/10/16 15:24:29 访问网络允许
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: TCP [本机 : 8320] -> [85.25.84.201 : 80 (http)]
规则: [应用程序组]『询问』病毒测试 -> [网络组]所有网络

2013/10/16 15:24:29 底层键盘操作阻止
进程: f:\program files\tencent\qq\bin\qq.exe
规则: [应用程序组]【授权】低限制组 -> [应用程序]f:\program files\tencent\qq\bin\qq.exe

2013/10/16 15:24:38 修改注册表值阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\qcgce2mrvjq91kk1e7pnbb19m52fx
值: F:\下载\Compressed\R4lyHVh\R4lyHVh.exe
规则: [应用程序组]『询问』病毒测试 -> [注册表组]自动运行 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Run*

2013/10/16 15:24:40 修改注册表值阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
值: "F:\下载\Compressed\R4lyHVh\R4lyHVh.exe"
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/10/16 15:24:42 修改注册表值阻止
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
值: cmd.exe
规则: [应用程序组]『询问』病毒测试 -> [注册表组]WinLogon -> [注册表]*\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

2013/10/16 15:24:45 创建文件允许
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: F:\下载\Compressed\R4lyHVh\R4lyHVh.dll
规则: [应用程序组]『询问』病毒测试 -> [文件组]全局高危文件

2013/10/16 15:26:00 创建文件允许
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: C:\Users\iROCK\AppData\Local\2433f433
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/10/16 15:26:03 创建文件允许
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: C:\ProgramData\2433f433
规则: [应用程序组]『询问』病毒测试 -> [文件组]秒杀写入

2013/10/16 15:26:05 创建文件允许
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: C:\Users\iROCK\AppData\Roaming\Microsoft\Windows\Templates\2433f433
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/10/16 15:26:06 创建文件允许
进程: f:\下载\compressed\r4lyhvh\r4lyhvh.exe
目标: C:\Users\iROCK\AppData\Roaming\2433f433
规则: [应用程序组]『询问』病毒测试 -> [文件]*

干掉安全中心····玩腻了

显示全部楼层 · 发表于 2013-10-16 16:24:52

过火绒推荐

显示全部楼层 · 发表于 2013-10-16 17:00:17

显示全部楼层 · 发表于 2013-10-16 17:07:13

锁屏，在沙盘运行诺顿没有报0.0 幸好没有穿沙盘，重启后正常

显示全部楼层 · 发表于 2013-10-16 17:29:37

云杀了

2013/10/16 17:28:19 已隔离未知对象：90 UDS:DangerousObject.Multi.Generic C:\Users\Administrator\Downloads\R4lyHVh.exe 高

[可疑文件] VT Detection ratio: 1 / 47 R4lyHVh.exe

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块