楼主: a256886572008
收起左侧

[病毒样本] 測主防,網馬 winlocker 8隻

  [复制链接]
dreams521
发表于 2011-8-13 15:55:37 | 显示全部楼层
本帖最后由 dreams521 于 2011-8-13 15:56 编辑

测试其中一个:
2011-08-13 15:53:57 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\IMM32.DLL
2011-08-13 15:53:57 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\IMM32.DLL
2011-08-13 15:53:57 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\LPK.DLL C:\WINDOWS\system32\LPK.DLL
2011-08-13 15:53:57 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\USP10.dll C:\WINDOWS\system32\USP10.dll
2011-08-13 15:53:57 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\program files\kingsoft\kingsoft antivirus\security\ksde\KisDcom.dll C:\program files\kingsoft\kingsoft antivirus\security\ksde\KisDcom.dll
2011-08-13 15:53:57 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
2011-08-13 15:53:57 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建文件C:\Documents and Settings\Administrator\2032313602.exe C:\Documents and Settings\Administrator\2032313602.exe
2011-08-13 15:53:57 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写文件C:\KSafeBox\F89B21D2\Documents and Settings\Administrator\2032313602.exe C:\KSafeBox\F89B21D2\Documents and Settings\Administrator\2032313602.exe
2011-08-13 15:53:57 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\Apphelp.dll C:\WINDOWS\system32\Apphelp.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建进程C:\WINDOWS\System32\cmd.exe C:\WINDOWS\System32\cmd.exe
2011-08-13 15:53:58 C:\WINDOWS\System32\cmd.exe加载库文件C:\program files\kingsoft\kingsoft antivirus\security\ksde\KisDcom.dll C:\program files\kingsoft\kingsoft antivirus\security\ksde\KisDcom.dll
2011-08-13 15:53:58 C:\WINDOWS\System32\cmd.exe加载库文件C:\WINDOWS\system32\Apphelp.dll C:\WINDOWS\system32\Apphelp.dll
2011-08-13 15:53:58 C:\WINDOWS\System32\cmd.exe创建进程C:\WINDOWS\System32\reg.exe C:\WINDOWS\System32\reg.exe
2011-08-13 15:53:58 C:\WINDOWS\System32\reg.exe加载库文件C:\program files\kingsoft\kingsoft antivirus\security\ksde\KisDcom.dll C:\program files\kingsoft\kingsoft antivirus\security\ksde\KisDcom.dll
2011-08-13 15:53:58 C:\WINDOWS\System32\reg.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2011-08-13 15:53:58 C:\WINDOWS\System32\reg.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\UxTheme.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件D:\Program Files\360\360Safe\safemon\safemon.dll D:\Program Files\360\360Safe\safemon\safemon.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\MSVCP60.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\PSAPI.DLL
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2_32.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\WS2HELP.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\program files\kingsoft\kingsoft antivirus\kwsui.dll C:\program files\kingsoft\kingsoft antivirus\kwsui.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\MSCTF.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\netapi32.dll C:\WINDOWS\system32\netapi32.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\0000000000014930 HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\0000000000014930
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\CLBCATQ.DLL
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\COMRes.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\ieframe.dll C:\WINDOWS\system32\ieframe.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe加载库文件C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SETUPAPI.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda42-bcc4-11e0-95a9-806d6172696f}\ HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda42-bcc4-11e0-95a9-806d6172696f}\
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda42-bcc4-11e0-95a9-806d6172696f} HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda42-bcc4-11e0-95a9-806d6172696f}
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda45-bcc4-11e0-95a9-806d6172696f}\ HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda45-bcc4-11e0-95a9-806d6172696f}\
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda45-bcc4-11e0-95a9-806d6172696f} HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda45-bcc4-11e0-95a9-806d6172696f}
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda44-bcc4-11e0-95a9-806d6172696f}\ HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda44-bcc4-11e0-95a9-806d6172696f}\
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda44-bcc4-11e0-95a9-806d6172696f} HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda44-bcc4-11e0-95a9-806d6172696f}
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda43-bcc4-11e0-95a9-806d6172696f}\ HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda43-bcc4-11e0-95a9-806d6172696f}\
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda43-bcc4-11e0-95a9-806d6172696f} HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64cda43-bcc4-11e0-95a9-806d6172696f}
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe写注册表HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache HKEY_USERS\S-1-5-21-1844237615-308236825-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建进程C:\WINDOWS\system32\shutdown.exe C:\WINDOWS\system32\shutdown.exe
2011-08-13 15:53:58 C:\WINDOWS\system32\shutdown.exe加载库文件C:\program files\kingsoft\kingsoft antivirus\security\ksde\KisDcom.dll C:\program files\kingsoft\kingsoft antivirus\security\ksde\KisDcom.dll
2011-08-13 15:53:58 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.exe创建进程C:\WINDOWS\System32\cmd.exe C:\WINDOWS\System32\cmd.exe
2011-08-13 15:53:58 C:\WINDOWS\System32\cmd.exe加载库文件C:\program files\kingsoft\kingsoft antivirus\security\ksde\KisDcom.dll C:\program files\kingsoft\kingsoft antivirus\security\ksde\KisDcom.dll
C.C.
发表于 2011-8-13 15:56:43 | 显示全部楼层
360SD清空
病毒扫描结果
----------------------
C:\Documents and Settings\Administrator\桌面\porno\porno-rolik13.avi.exe        木马(Win32/Trojan.be3)        已删除
C:\Documents and Settings\Administrator\桌面\porno\porno-rolik18.avi.exe        木马(Win32/Trojan.4b2)        已删除
C:\Documents and Settings\Administrator\桌面\porno\porno-rolik20.avi.exe        木马(Win32/Trojan.663)        已删除
C:\Documents and Settings\Administrator\桌面\porno\porno-rolik11.avi.exe        行为和木马比较相似的程序        已删除
C:\Documents and Settings\Administrator\桌面\porno\porno-rolik12.avi.exe        行为和木马比较相似的程序        已删除
C:\Documents and Settings\Administrator\桌面\porno\porno-rolik14.avi.exe        行为和木马比较相似的程序        已删除
C:\Documents and Settings\Administrator\桌面\porno\porno-rolik16.avi.exe        行为和木马比较相似的程序        已删除
C:\Documents and Settings\Administrator\桌面\porno\porno-rolik17.avi.exe        行为和木马比较相似的程序        已删除
a256886572008
 楼主| 发表于 2011-8-13 15:58:28 | 显示全部楼层
dreams521 发表于 2011-8-13 15:55
测试其中一个:
2011-08-13 15:53:57 C:\Documents and Settings\Administrator\桌面\porno-rolik14.avi.ex ...

這個要實機雙擊運行,才能看見效果的
XMonster
发表于 2011-8-13 15:59:03 | 显示全部楼层
a256886572008 发表于 2011-8-13 15:55
剩下沒殺到的,可以實機雙擊,測試 BD 的 AVC 是否攔截

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
留侯
发表于 2011-8-13 16:03:33 | 显示全部楼层
大蜘蛛发现4个:
porno\porno-rolik16.avi.exe - infected with Trojan.MulDrop2.57277
porno\porno-rolik13.avi.exe - packed by FLY-CODE
porno\porno-rolik13.avi.exe - infected with Trojan.Packed.2201
porno\porno-rolik18.avi.exe - infected with Trojan.Winlock.3523
porno\porno-rolik20.avi.exe - infected with Trojan.Winlock.3523

余下4个同样的加壳方式:
porno\porno-rolik11.avi.exe 已打包,方式: FLY-CODE
porno\porno-rolik11.avi.exe 已打包,方式: FLY-CODE
porno\porno-rolik12.avi.exe 已打包,方式: FLY-CODE
porno\porno-rolik12.avi.exe 已打包,方式: FLY-CODE
porno\porno-rolik14.avi.exe 已打包,方式: FLY-CODE
porno\porno-rolik14.avi.exe 已打包,方式: FLY-CODE
porno\porno-rolik17.avi.exe 已打包,方式: FLY-CODE
porno\porno-rolik17.avi.exe 已打包,方式: FLY-CODE
已上报大蜘蛛。
dreams521
发表于 2011-8-13 16:05:32 | 显示全部楼层
a256886572008 发表于 2011-8-13 15:58
這個要實機雙擊運行,才能看見效果的

你测了没?我觉得这样本挺犀利
a256886572008
 楼主| 发表于 2011-8-13 16:07:55 | 显示全部楼层
dreams521 发表于 2011-8-13 16:05
你测了没?我觉得这样本挺犀利

就是會鎖住系統,讓你進不去
dreams521
发表于 2011-8-13 16:15:12 | 显示全部楼层
a256886572008 发表于 2011-8-13 16:07
就是會鎖住系統,讓你進不去

哦了,大热天的我就不找麻烦了
hj5abc
发表于 2011-8-13 16:23:33 | 显示全部楼层
熊猫云的网页防护目前是独立组件,所以关闭PCAV防护没关系..

-------------
AVAST网络防护全部拦截~

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
卡卡洛夫
发表于 2011-8-13 16:55:07 | 显示全部楼层
解压后KIS通杀,红伞杀4个
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-24 21:28 , Processed in 0.099748 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表