一个

显示全部楼层 · 发表于 2007-7-12 00:45:00

A-Squared	PE_PATCH, NSPACK Found nothing
AntiVir	Found TR/Click.Agent.hip
ArcaVir	Found nothing
Avast	Found Win32:Flyst
AVG Antivirus	Found nothing
BitDefender	Found nothing
ClamAV	Found nothing
Dr.Web	Found nothing
F-Prot Antivirus	Found nothing
F-Secure Anti-Virus	Found nothing
Fortinet	Found nothing
Kaspersky Anti-Virus	Found nothing
NOD32	Found nothing
Norman Virus Control	Found nothing
Panda Antivirus	Found nothing
Rising Antivirus	Found nothing
Sophos Antivirus	Found Mal/Packer
VirusBuster	Found Packed/NSPack
VBA32	Found nothing

显示全部楼层 · 发表于 2007-7-12 00:57:54

测试一下

NOD32没反映

过了微点!

[ 本帖最后由幼稚園于 2007-7-12 01:00 编辑 ]

显示全部楼层 · 发表于 2007-7-12 01:06:21

咖啡挂了

显示全部楼层 · 发表于 2007-7-12 01:18:15

红伞

Found a virus or unwanted program 'TR/Click.Agent.hip' [trojan]
in file 'F:\jhyyy.exe'.
Action taken:

AVGAS不报~

显示全部楼层 · 发表于 2007-7-12 01:35:06

病毒: Win32:Flyst [Trj]
文件: jhyyy[1].part1.rar
目录: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ODE3GLQZ
进程: GreenBrowser.exe

显示全部楼层 · 发表于 2007-7-12 01:39:55

C:\123\jhyyy\jhyyy.exe - Signature 'Trojan.Win32.Agent.ala' found

1 File scanned
(0 Archives with 0 files)
1 Signature found
0 Suspect code-parts found
Used time: 0:00.000

显示全部楼层 · 发表于 2007-7-12 02:16:38

显示全部楼层 · 发表于 2007-7-12 02:24:59

显示全部楼层 · 发表于 2007-7-12 07:45:09

運行jhyyy.exe，發現下列行為，被EQ-Secure RC4攔截！

2007-07-12 06:45:13 创建文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\krnln.fnr
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:13 创建文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\internet.fne
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:13 创建文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\HtmlView.fne
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:13 创建文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\shell.fne
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:13 创建文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\RegEx.fne
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:13 加载库文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\krnln.fnr
触发规则:黑名单->2.1组：禁止从Temp文件夹运行程序->*\*temp*\*

2007-07-12 06:45:13 加载库文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\HtmlView.fne
触发规则:黑名单->2.1组：禁止从Temp文件夹运行程序->*\*temp*\*

..................中間有連網

2007-07-12 06:45:28 加载库文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\shell.fne
触发规则:黑名单->2.1组：禁止从Temp文件夹运行程序->*\*temp*\*

2007-07-12 06:45:28 创建注册表值    操作:阻止
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
注册表路径:HKEY_CURRENT_USER\user\current\Software\Microsoft\Windows NT\CurrentVersion\Windows
注册表名称:run
注册表数据:C:\PROGRA~1\COMMON~1\ATion\jhyyy.exe
触发规则:所有程序规则->自動運行->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

2007-07-12 06:45:28 创建文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\ATion\alcxmntr.exe
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 修改文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\ATion\alcxmntr.exe
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 创建文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\ATion\jhyyy.exe
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 删除文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\ATion\alcxmntr.exe
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 创建文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\ATionjhyyy.exe
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 创建文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\ATion\alcxmntr.exe
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 创建文件    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 运行应用程序    操作:允许
进程路径:D:\桌面\virus\jhyyy\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
触发规则:所有程序规则->*

2007-07-12 06:45:29 修改文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\krnln.fnr
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 修改文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\internet.fne
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 修改文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\HtmlView.fne
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 修改文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\shell.fne
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 修改文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\RegEx.fne
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:29 加载库文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\krnln.fnr
触发规则:黑名单->2.1组：禁止从Temp文件夹运行程序->*\*temp*\*

2007-07-12 06:45:30 加载库文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\HtmlView.fne
触发规则:黑名单->2.1组：禁止从Temp文件夹运行程序->*\*temp*\*

2007-07-12 06:45:30 加载库文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\shell.fne
触发规则:黑名单->2.1组：禁止从Temp文件夹运行程序->*\*temp*\*

2007-07-12 06:45:30 创建注册表值    操作:阻止
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
注册表路径:HKEY_CURRENT_USER\user\current\Software\Microsoft\Windows NT\CurrentVersion\Windows
注册表名称:run
注册表数据:C:\PROGRA~1\COMMON~1\ATion\jhyyy.exe
触发规则:所有程序规则->自動運行->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

2007-07-12 06:45:30 加载库文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\internet.fne
触发规则:黑名单->2.1组：禁止从Temp文件夹运行程序->*\*temp*\*

2007-07-12 06:45:31 创建文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LQJAA1H\123[1].htm
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:37 加载库文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Temp\E_4\RegEx.fne
触发规则:黑名单->2.1组：禁止从Temp文件夹运行程序->*\*temp*\*

..............................中間有連網

2007-07-12 06:45:59 创建文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

2007-07-12 06:45:59 修改文件    操作:允许
进程路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\drive\C\Program Files\Common Files\jhyyy.exe
文件路径:C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\user\current\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
触发规则:所有程序规则->保護安全軟體->C:\Documents and Settings\Hung  Jui Hung\Application Data\Sandbox\DefaultBox\*

........................再下去有連網，會在左上角出一個視窗，鼠標被拉過去，sandboxie有攔截fake keyboard or mouse by

jhyyy.exe

显示全部楼层 · 发表于 2007-7-12 09:09:07

重复样本

[病毒样本] 一个

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源