经常更新的木马(第36次更新)[已开新帖]

sam.to

9月10:
0fc0cd96cfa43a101fd87c8f812f4885  ff.exe3
f84a67d730f16c75d7c9b8d1813bc305  cc.exe3
已上报卡巴
Hello,

cc.exe_ - Trojan.Win32.Crypt.sq,
ff.exe_ - Worm.Win32.AutoRun.ncs

These files are already detected. Please update your antivirus bases.

Please quote all when answering.

--
Best regards, Evgeny Aseev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

============================================================
9月10日晚上十一时:
50d55a0884fc3a0b174395b4028f2725  install_player_2xxx3912941.exe3
0fc0cd96cfa43a101fd87c8f812f4885  ff.exe3
已上报卡巴
ff.exe_ - Worm.Win32.AutoRun.ncs

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

install_player_2xxx3912941.exe_ - Trojan-Downloader.Win32.FraudLoad.vbzg,

============================================================
9月１１:
03c2382aa3ea6cbc32e2f8083b1182b3  ff.exe4
c40c08285a61c1d46a2d3f5e55826988  1.exe3
9b98f3ce80b6684a3c4332ea5d32589e  cc.exe3
ff.exe是使用Adobe Reader安裝程序的图标
已上报到卡巴

============================================================
9月11第2次:
859dac686752005872f9a97229a1b2fd  install_player_2xxx3912941.exe
已上报到卡巴

============================================================
9月12:
2bbbdc71aaa69b85c2f145b9f13086ac  install_player_2xxx3912941.exe3
36f319dddc5a60e0f063a25547b648c2  cc.exe3
6bc402548cb66895187024a4099c9bfb  ff.exe3
已上报到卡巴

============================================================
9月13:
4657d17fdf7817b597c7492ed820dc84  ff.exe3
5be7bcb4f8a5c023e8eaeaff44e5cab5  cc.exe3
2bbbdc71aaa69b85c2f145b9f13086ac  install_player_2xxx3912941.exe3
已上报到卡巴

============================================================
9月13晚上7时:(生成在37楼)
5db958268df85fe5e3c18fe940308669  cc.exe3
da1fc453fb7578bc1a5f595c3ec2ac5c  ff.exe
9f0a173712d1e2b635dce7f708ad6271  install_player_2xxx3912941.exe
已上报到卡巴

============================================================
9月14:(生成在42楼)
6e80390b4c77f24c45e99e909b483ed7  install_player_2xxx3912941.exe3
3cc83d0545faff2264f3f772f4b790c1  cc.exe3
30098fdae11217ddd58dcc9f3dee5e25  ff.exe3
已上报到卡巴

============================================================
9月14第2次:
8f98221cc70cce746c03f983dcbaa891  install_player_2xxx3912941.exe3
已上报到卡巴

============================================================
9月15:
f5b456d68aaa42314c32ebf77f55165d  install_player_2xxx3912941.exe3
b7e04adab24d72a998b9cdc61de90e21  cc.exe3
4eda1c5e65217f6e398834435687e777  ff.exe3
已上报卡巴
Hello,

cc.exe_,
ff.exe_ - Trojan.Win32.Agent.adpj

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Vitaly Butuzov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.
怪!那个flash沒有提及到~

============================================================
9月15第2次:(到55楼下載生成)
1670a696255a86f4ee172da9e3e0f150  ff.exe
3f5452fdb4be50b084109b23929bf471  install_player_2xxx3912941.exe3
fb6ccb9da80c148791d6829f81114c82  cc.exe
已上报卡巴
Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.
-----------------
Regards, Namestnikov Yury
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com

============================================================
9月15第3次:
ab5df16a74b68df4cfe4ef3337cb9c5d  install_player_2xxx3912941.exe3(会放一个木馬文件到卡巴的安裝目錄!!请到58楼下載)
已上报到卡巴

============================================================
9月16:(生成在60楼)
58148329b50395d150b4b46a3794db04  install_player_3xxx3912941.exe3
fa23820ff42a8ab03b9339081d4efe68  cc.exe3
1af0589313b5d33a65c970803e54cb9a  ff.exe3
a42f680f24b3effcaf9f029de7775f3b  install_player_2xxx3912941.exe3
TO KL

============================================================
9月16第2次:(生成在62楼)
216eed107f28c9b994c12ce02cff2c03  install_player_1xxx3912941.exe
c9a742c70c5dd803d11453329086d999  install_player_2xxx3912941.exe
TO KL
Hello,

1.exe_ - Trojan-GameThief.Win32.OnLineGames.thgo,
3.exe_ - Trojan-Downloader.Win32.Delf.oen,
9.exe_ - HackTool.Win32.Xarp.ar,
a.exe_ - Trojan.Win32.Pakes.kmb,
install_player_1xxx3912941.exe_, install_player_2xxx3912941.exe_ - Trojan-Downloader.Win32.FraudLoad.vcdu,
piki.dll3 - Trojan.Win32.BHO.gus,
x.gif_ - Worm.Win32.AutoRun.nov

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Ilya Tolstikhin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

============================================================
9月17:(生成在63楼)
f0434ec64df4021f392d33631c9bed54  ff.ex3e
397ffc1262563404bf408fce27023ea7  cc.exe3
TO KL

============================================================
9月17第2次:(生成在64楼)
ece7077a841fad30b76abe285564fdd9  ff.exe
7584af3f0934aecc93a86c1a0ccc4cc5  cc.exe
ff.exe是用Access文件的图标
TO KL

============================================================
9月18:(生成在67楼)
fcc913a2411bc9e986595d01a6d210f6  cc.exe
324c963090ca73bb373fc975538481c8  ff.exe
ff.exe是用InfoPath文件的图标
TO KL

Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Temnikov Sergey
Virus Analyst, Kaspersky Lab.

Ph.: +7(495) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com

============================================================
9月19:(生成在71楼)
131d18360e650128bcbb344b701ac8d4  install_player_2xxx3912941.exe
834efe9c60f68382d0a19cc7569535a5  cc.exe
40a71cc7808108659177b0b54c58c556  ff.exe
cc.exe是使用Access文件的图标
ff,exe是使用Excel文件的图标
TO KL
Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Temnikov Sergey
Virus Analyst, Kaspersky Lab.

Ph.: +7(495) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com

============================================================
9月20:(生成在75楼)
49930977c47fa1b086f735e3c6a3485d  cc.exe
3d23e9731770f2e6807d4ee80bcbfefc  ff.exe
TO KL

============================================================
9月21:(生成在76楼)
1ede6eedeeca2cab70290407a1520efa  install_player_2xxx3912941.exe
TO KL
Hello,

2xxx3912941.exe3 - Trojan-Dropper.Win32.Agent.wzg,
hare32.dll - Trojan-Downloader.Win32.Agent.ahdd

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Davidov Dmitriy
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

============================================================
9月21:(生成在83楼)
e889192f33365c7e3739c0f402031ec3  ff.ex3e
a7990a4771dfcd640d83e4297481bed5  cc.exe3
TO KL
Hello,

1.exe3 - Trojan-Spy.Win32.Delf.efn,
2.exe3 - Trojan.Win32.Pakes.knl,
5.exe3 - Trojan-Dropper.Win32.Agent.wzm,
cc.exe3 - Trojan-Dropper.Win32.Agent.wzn,
ff.ex3e - Trojan-Dropper.Win32.Agent.wzl,
mm.exe3 - Trojan-Downloader.Win32.Agent.ahev,
tt.exe3 - Trojan.Win32.Pakes.knm,
x.gif3 - Worm.Win32.AutoRun.ofz

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Kirill Erakhtin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.



============================================================
9月22:(生成在84楼)
704673a57db84bcc256582e863fca6a0  cc.exe
TO KL
Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Temnikov Sergey
Virus Analyst, Kaspersky Lab.

Ph.: +7(495) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com


============================================================
9月22第2次:(生成在87楼)
8f35f9ea51e0f573982be9cd5855a7f1  install_player_2xxx3912941.exe
TO KL

============================================================
9月23:(生成在89楼)
2c6e0315868d7241a6901decb5faac36  ff.exe1
f169fdfd12db1b2a41302843f526b6e0  cc.ex3e
061613a649fc150d9edae94bc05c638f  install_player_2xxx3912941.exe
TO KL
Hello,

fgi.dll - Trojan-Downloader.Win32.Agent.ahki

This file is already detected. Please update your antivirus bases.

2.ex3e - Trojan.Win32.Pakes.kpb,
cc.ex3e - Trojan-Downloader.Win32.Agent.ahlh,
ff.exe1 - Trojan.Win32.Pakes.kpd,
tt.ex3e - Trojan.Win32.Pakes.kpc

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

install_player_2xxx3912941.ex3e - not-a-virus:AdWare.Win32.BHO.dbi

This file is an Advertizing Tool, It's detection will be included in the next
update of extended databases set. See more info about
extended databases here: http://www.kaspersky.com/extraavupdates

Please quote all when answering.

--
Best regards, Kirill Erakhtin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

============================================================
9月23第2次:(生成在91楼)
149a3412be0a22faaa661070b7a0bbaf  cc.exe
cf84872b430ed102ac37541b92c73f9b  ff.exe
TO KL

Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Tatarinov Ivan
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com

============================================================
9月24:(生成在92楼)
d3ec257ee1eea05adc02b90f02afc3fa  ff.exe
af14cf3c75cbe453b4beab57b8214d21  install_player_2xxx3912941.exe
912086f68477ebc24b4397c7771e6bfc  cc.exe
TO KL

============================================================
9月25(生成在93楼):
aa0d9ca5e687af613bffa515ccf699ff  ff.exe3
39a2ac432cbcd9a1f14c7f4947885c9b  cc.exe3
TO KL
Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.
-----------------
Regards, Namestnikov Yury
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com


============================================================
9月26:
bd89e8ba593f25c8a0d68d4c70c5e823  ff.exe
to kl
Hello,

ff.e3xe - Trojan-GameThief.Win32.Magania.aepg

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Sergey Prokudin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.


============================================================
9月26第2次(生成在95楼):
379d318dbba6f30e1d5b0c78e2925814  ff.ex3e
6f4c965ddd08c1877491a24817abc821  cc.ex3e
TO KL
Hello,

2.ex3e,
tt.e3xe - Packed.Win32.Krap.b

These files are already detected. Please update your antivirus bases.

cc.ex3e - Trojan-GameThief.Win32.OnLineGames.tlcz,

ff.ex3e - Trojan-GameThief.Win32.OnLineGames.tlda

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Mikhail Bulgakov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

============================================================
9月27(生成在99楼):
a9e0b79f841baaf41172455050e549cc  install_player_2xxx3912941.exe
6f4c965ddd08c1877491a24817abc821  cc.exe
379d318dbba6f30e1d5b0c78e2925814  ff.exe
TO KL

Hello. This file is already detected. Please update your bases.
-----------------
Regards,  Namestnikov Yury
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com



============================================================
9月28(生成在100楼):
3bc00734c5b5d6258d402f4d3ec8c042  install_player_2xxx3912941.exe
37ae6c06acedd27b5a40a43afdc05753  cc.exe
f0e1e1b4c3ee5b29e211aba759b66d98  ff.exe
to kl
Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Gashkin Alexey
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com

============================================================
9月28第2次(生成在101楼):
ea5ea197fd00eb0a22880271b5e901b3  cc.exe3
0df4e7171f594be3b9d015d42e3b4b53  ff.exe3
TO KL
Hello,

2.ex3e, cc.exe_, ff.exe_ - Trojan-GameThief.Win32.OnLineGames.tlkl,
tt.ex3e - Trojan-GameThief.Win32.OnLineGames.tlkk

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Andrey Ladikov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.


============================================================
9月29(生成在103楼):
f0dc3316fa7a4f4c7cffb11b219594bc   cc.exe1
b9c6eb04614dbc87c329d98124c60cd1   install_player_2xxx3912941.exe3
923f0c664a2dfb411331d601d23f026f   ff.ex3e
TO KL

============================================================
9月29第2次(生成在104楼):
923f0c664a2dfb411331d601d23f026f   ff.exe3
f0dc3316fa7a4f4c7cffb11b219594bc   cc.exe3
9caa6f8cd4f57cb092b344cc899d3d6a   zz.exe3
to kl

============================================================
9月29第3次(生成在107楼):
4fddea3105730121b3536043876b2cc8  cc.e3xe
913a754b7b243b2f28df9bd1cdafb787  zz.ex3e
35fbe79e97d378ac0f148fb893d5927f  ff.ex3e
TO KL

============================================================
9月30(生成在110楼):
6bd30dc457c1d7bff65dbdf5f7acc721  cc.exe
da1c247b1e4b7e80b232c3c20695eca6  zz.exe
6975b2b0b35b6350a907dcc3a724bc4a  ff.exe
TO KL
Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Gashkin Alexey
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com


============================================================
９月３０第２次(生成在113楼):
6c3ac20a031046e4d6c81624f91e72d6  install_player_2xxx3912941.exe3
TO KL

============================================================

[ 本帖最后由 kato9096 于 2008-10-1 15:57 编辑 ]

Nerazzurri

Begin scan in 'C:\Users\Nerazzurri\Desktop\0910-1550.rar'
C:\Users\Nerazzurri\Desktop\0910-1550.rar
    [0] Archive type: RAR
    --> ff.exe3
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    --> cc.exe3
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was deleted!

xhlhsu

Begin scan in 'C:\Documents and Settings\xu\桌面\0910-1550.rar'
C:\Documents and Settings\xu\桌面\0910-1550.rar
    [0] Archive type: RAR
    --> ff.exe3
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    --> cc.exe3
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '48f8860f.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!

无尽藏海

程序:
D:\VIRUS\0910-1550\CC.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TRUC.TMP
2) C:\WINDOWS\TT.EXE
3) C:\WINDOWS\SYSTEM32\TAVO.EXE
4) C:\WINDOWS\SYSTEM32\TAVO0.DLL
是否删除木马程序及其衍生物?


程序:
D:\VIRUS\0910-1550\FF.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TRUD.TMP
2) C:\WINDOWS\2.EXE
3) C:\WINDOWS\SYSTEM32\KAVO.EXE
4) C:\WINDOWS\SYSTEM32\KAVO0.DLL
是否删除木马程序及其衍生物?

啊弥陀佛

微点拦截

沙加

NIS2009全部识别
Total security risks detected: 2
   Total items resolved: 2
   Total items that require attention: 0

Resolved Threats:
Risks in compressed file "0910-1550.rar"
Type: Compressed
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)  
Categories: Heuristic Virus
Status: Fully Resolved
-----------
2 Files
e:\0910-1550.rar - Deleted

v_ww

ess无

浪滔天

第一个：

2008-09-10 17:48:39        cc.exe        应用程序过滤        添加到群组        低受限               
2008-09-10 17:48:39        cc.exe        系统安全        启动进程        F:\病毒样本\0910-1550\cc.exe               
2008-09-10 17:48:39        cc.exe        系统安全        修改        C:\Documents and Settings\GWH\Local Settings\Temp\tru113.tmp               
2008-09-10 17:48:49        cc.exe        应用程序过滤        创建        C:\WINDOWS\tt.exe        已被允许: KLSystemData/KLSystemFiles/SystemExe        
2008-09-10 17:48:49        cc.exe        系统安全        创建        C:\WINDOWS\tt.exe               
2008-09-10 17:48:53        cc.exe        应用程序过滤        读取        C:\Documents and Settings\GWH\My Documents\desktop.ini        已被允许: KLPrivateData/KLPrivateUserFiles/My documents2        
2008-09-10 17:48:53        cc.exe        应用程序过滤        读取        C:\Documents and Settings\GWH\My Documents\desktop.ini        已被允许: KLPrivateData/KLPrivateUserFiles/My documents2        
2008-09-10 17:48:53        cc.exe        应用程序过滤        读取        C:\Documents and Settings\GWH\My Documents\desktop.ini        已被允许: KLPrivateData/KLPrivateUserFiles/My documents2        
2008-09-10 17:48:53        cc.exe        应用程序过滤        读取        C:\Documents and Settings\GWH\My Documents\desktop.ini        已被允许: KLPrivateData/KLPrivateUserFiles/My documents2        
2008-09-10 17:48:53        cc.exe        应用程序过滤        读取        C:\Documents and Settings\GWH\My Documents\desktop.ini        已被允许: KLPrivateData/KLPrivateUserFiles/My documents2        
2008-09-10 17:48:53        cc.exe        应用程序过滤        读取        C:\Documents and Settings\GWH\My Documents\desktop.ini        已被允许: KLPrivateData/KLPrivateUserFiles/My documents2        
2008-09-10 17:49:07        cc.exe        系统安全        退出进程        F:\病毒样本\0910-1550\cc.exe               
        

生成 tt.exe

2008-09-10 17:48:55        tt.exe        应用程序过滤        添加到群组        低受限               
2008-09-10 17:48:57        tt.exe        系统安全        启动进程        C:\WINDOWS\tt.exe               
2008-09-10 17:49:01        tt.exe        应用程序过滤        设置调试权限                已被允许: KLPrivileges/KLPermissionSystem/KLPermissionPrivileges/KLSetDbgPrivilege        
2008-09-10 17:49:12        tt.exe        应用程序过滤        修改        C:\WINDOWS\system32\drivers\tdi.sys        已被拒绝: KLSystemData/KLSystemFiles/Drivers        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo.exe        已被拒绝: KLSystemData/KLSystemFiles/SystemExe        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo.exe        已被拒绝: KLSystemData/KLSystemFiles/SystemExe        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo.exe        已被拒绝: KLSystemData/KLSystemFiles/SystemExe        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo0.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo1.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo2.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo3.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo4.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo5.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo6.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo7.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo8.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo9.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:39        tt.exe        应用程序过滤        修改        hkey_users\S-1-5-21-2025429265-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run        已被拒绝: KLSystemData/KLStartupRegKeys/Main_Run        
2008-09-10 17:49:45        tt.exe        应用程序过滤        插入代码        c:\windows\explorer.exe        已被拒绝: KLPrivileges/KLPermissionAppAccess/KLPermissionProcEmbed/KLCodeInject        
2008-09-10 17:49:48        tt.exe        系统安全        退出进程        C:\WINDOWS\tt.exe

第二个行为类似~

看来有点质量，不过没试卡巴的自动模式，一大堆东西清理起来麻烦。

[ 本帖最后由 浪滔天 于 2008-9-10 18:17 编辑 ]

vocation1985

AVG扫描结果：


红伞C版扫描结果

[ 本帖最后由 vocation1985 于 2008-9-10 18:18 编辑 ]

sam.to

2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo.exe        已被拒绝: KLSystemData/KLSystemFiles/SystemExe        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo.exe        已被拒绝: KLSystemData/KLSystemFiles/SystemExe        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo.exe        已被拒绝: KLSystemData/KLSystemFiles/SystemExe        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo0.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo1.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo2.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo3.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo4.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo5.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo6.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo7.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo8.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        
2008-09-10 17:49:12        tt.exe        应用程序过滤        创建        C:\WINDOWS\system32\tavo9.dll        已被拒绝: KLSystemData/KLSystemFiles/SystemDll        


你有这些文件嗎?