bot.exe

显示全部楼层 · 发表于 2011-5-10 23:26:31

bot.exe

显示全部楼层 · 发表于 2011-5-10 23:29:45

木马名称：Backdoor._0011A2E4

程序：
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\BOT[1].EXE\BOT.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2011-5-10 23:56:11

毒霸杀之

显示全部楼层 · 发表于 2011-5-11 02:48:12

Virus: Gen:Variant.Kazy.1779 (Engine A), Win32:Fraudo [Trj] (Engine B)

Virus found while downloading content from the web.

Address: bbs.kafan.cn
Status: Access denied.

显示全部楼层 · 发表于 2011-5-11 07:29:07

ess kill

D:\下载文件夹\bot.exe.rar > 7ZIP > bot.exe - Win32/Spy.Zbot.YW 特洛伊木马的变种

显示全部楼层 · 发表于 2011-5-11 09:01:16

Installation Report: bot
Generated by InCtrl5, version 1.0.0.0
Install program: E:\DownLoads\bot.exe\bot.exe
5-11-2011 7:47 AM

------------------------------------------------------------
Registry
********

Keys added: 1
-------------
HKEY_CURRENT_USER\Software\Microsoft\Zaku

Values added: 12
----------------
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts "ConnectionSettingsMigrated"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4 "FirstRun"
Type: REG_DWORD
Data: 01, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "{AAC73D35-C9D9-573A-B060-87A272523DD7}"
Type: REG_SZ
Data: "C:\Documents and Settings\Administrator\Application Data\Ofbu\waah.exe"
HKEY_CURRENT_USER\Software\Microsoft\Zaku "Faycweafe"
Type: REG_BINARY
Data: 2C, 75, 62, 71, F5, C7, 69, B6, 69, 77, E5, 34, 09, 9B, 93, 5B, 58, AC, 8A, D7, 18, 18, FB, CC, 54, BB, 5E, 93, 8D, 9D, F3, BC, 5B, 94, 68, B9, 26, 33, 75, 25, 4A, DF, A0, 4B, 93, 56, 32, B4, 46, CA, 86, 54, A9, 8C, A5, B5, 69, 38, 5A, E8, 41, 6A, 6E, B5, 64, FA, D7, 48, 07, 7B, 6B, 95, 2E, 13, 94, F7, 7F, 2A, 77, A6, E3, 81, 56, A0, 89, BA, AF, 26, 92, 87, CD, 13, AD, 8A, 61, 84, C1, FA, 5C, D4, 17, 36, 5E, 94, 21, 43, 4B, 9B, F9, A2, 6E, D4, 12, 15, 6B, 87
HKEY_CURRENT_USER\Software\Microsoft\Zaku "Wiqe"
Type: REG_BINARY
Data: (data too large: 116215 bytes)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\explorer.exe"
Type: REG_SZ
Data: C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\explorer.exe"
Type: REG_SZ
Data: C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer

Folders added: 2
----------------
c:\Documents and Settings\Administrator\Application Data\Arif
c:\Documents and Settings\Administrator\Application Data\Ofbu

Files added: 7
--------------
c:\Documents and Settings\Administrator\Application Data\Ofbu\waah.exe
Date: 2-20-2011 9:08 AM
Size: 141,824 bytes
c:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{26F695AD-30C1-4E59-95CE-5A3BE2B270FD}\Microsoft\Outlook Express\已发送邮件.dbx
Date: 5-11-2011 7:36 AM
Size: 76,500 bytes
c:\WINDOWS\Prefetch\BOT.EXE-2935DDA2.pf
Date: 5-11-2011 7:36 AM
Size: 15,302 bytes
c:\WINDOWS\Prefetch\RUNDLL32.EXE-1EDA2CF6.pf
Date: 5-11-2011 7:36 AM
Size: 20,986 bytes
c:\WINDOWS\Prefetch\WAAH.EXE-1CCD0901.pf
Date: 5-11-2011 7:36 AM
Size: 14,258 bytes

Files deleted: 25
-----------------
e:\DownLoads\bot.exe\bot.exe
Date: 5-10-2011 11:23 PM
Size: 141,824 bytes

显示全部楼层 · 发表于 2011-5-11 09:20:19

avast killed

显示全部楼层 · 发表于 2011-5-11 09:38:07

BitDefender
bot.exe Gen:Variant.Kazy.1779

显示全部楼层 · 发表于 2011-5-11 09:50:49

江民kill

显示全部楼层 · 发表于 2011-5-11 10:20:00

PCA启发

[病毒样本] bot.exe

评分