货真价实BMW病毒样本（不是老的CIH）9月4日更新<增加实际修改mbr和BIOS的部分>

显示全部楼层 · 发表于 2011-9-7 11:25:01

有凤来仪发表于 2011-9-6 23:28
我猜这个病毒是不是用还原卡的原理写的呢？

以前有文章教人把还原卡的代码写到bios的空白地方，就可以 ...

原理不同，不过有一个共同点：还原卡使用PCI设备或写入BIOS可以较早的启动并监视磁盘读写，而病毒写入BIOS可以在硬盘引导之前加载自身

显示全部楼层 · 发表于 2011-9-7 14:02:05

没免杀nis？怎么是今年4月27的启发定义？

http://securityresponse.symantec ... 47-99&vid=38392

显示全部楼层 · 发表于 2011-9-7 17:28:18

Ahn cured

显示全部楼层 · 发表于 2011-9-7 21:52:55

诺顿立刻杀掉

显示全部楼层 · 发表于 2011-9-8 22:03:57

传说中的CIH变种，强化版。

祸国殃民啊，不过一直认为编写病毒的人实际上都是装牛的菜鸟

显示全部楼层 · 发表于 2011-9-9 22:27:19

2011-9-9 22:28:09 创建文件阻止
进程: d:\specimen\bmw\123.exe
目标: C:\WINDOWS\system32\293D05C0.tmp
规则: [应用程序]?:\*\* -> [文件]c:\windows\*

2011-9-9 22:28:13 修改文件阻止
进程: d:\specimen\bmw\123.exe
目标: \Device\NamedPipe\SfcApi
规则: [应用程序]?:\*\* -> [文件]\device\namedpipe\sfcapi

2011-9-9 22:28:13 修改文件阻止
进程: d:\specimen\bmw\123.exe
目标: \Device\NamedPipe\SfcApi
规则: [应用程序]?:\*\* -> [文件]\device\namedpipe\sfcapi

2011-9-9 22:28:13 修改文件阻止并结束进程
进程: d:\specimen\bmw\123.exe
目标: C:\WINDOWS\system32\appmgmts.dll
规则: [应用程序]?:\*\* -> [文件组]系统执行文件 -> [文件]c:\windows\*; *.dll

显示全部楼层 · 发表于 2011-9-18 15:02:22

这家伙先进行镜像劫持然后安装驱动修改BIOS，真是混球
http://camas.comodo.com/cgi-bin/ ... 0338c4d&iframe=

• File Info
Name Value
Size 89600
MD5 1aa4c64363b68622c9426ce96c4186f2
SHA1 6d30a08e63beec01478959d96a792d43bf03fb23
SHA256 7936deb5e6a236e8dce91352d0617e3db3bbe0fbaeba5fb08bbeac7590338c4d
Process Exited

• Keys Created
Name Last Write Time
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFE_INSTALLER.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360se.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwServ.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avfwsvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwengine.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FilMsg.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsd.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsdsvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsdtray.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsdwsc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpopserver.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeSvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeTray.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksmgui.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksmsvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvexpert.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwstray.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwsupd.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxedefend.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxesapp.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxescore.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxeserv.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxetray.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcods.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfefire.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfevtps.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOBKbackup.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsSvHost.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCAddWidget.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCMgr.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCMgr_tz_Setup.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPConfig.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCRTP.EXE 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCUPDATE.EXE 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsmgrsvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfCtlCom.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spideragent.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SpIDerMl.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperKiller.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Twister.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upsvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3PScan.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3SP.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vgchsvx.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPSvc.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe 2009.01.09 10:37:31.953
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe 2009.01.09 10:37:31.968
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\РЮёґ№¤ѕЯ.exe 2009.01.09 10:37:31.968
LM\System\CurrentControlSet\Services\143367E9 2009.01.09 10:37:31.796
LM\System\CurrentControlSet\Services\143367E9\Enum 2009.01.09 10:37:31.859

• Keys Changed
• Keys Deleted
Name Last Write Time
LM\System\CurrentControlSet\Services\AppMgmt 2008.08.01 08:03:19.406
LM\System\CurrentControlSet\Services\AppMgmt\Parameters 2008.08.01 08:03:19.406
LM\System\CurrentControlSet\Services\AppMgmt\Security 2008.08.01 06:20:12.156

• Values Created
Name Type Size Value
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFE_INSTALLER.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360se.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwServ.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avfwsvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwengine.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FilMsg.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsd.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsdsvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsdtray.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsdwsc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpopserver.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeSvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeTray.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksmgui.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksmsvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvexpert.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwstray.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwsupd.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxedefend.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxesapp.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxescore.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxeserv.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxetray.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcods.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfefire.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfevtps.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOBKbackup.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsSvHost.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCAddWidget.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCMgr.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCMgr_tz_Setup.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPConfig.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCRTP.EXE\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCUPDATE.EXE\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsmgrsvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfCtlCom.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spideragent.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SpIDerMl.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperKiller.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Twister.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upsvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3PScan.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3SP.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vgchsvx.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPSvc.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe\Debugger REG_SZ 16 "ntsd -d"
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\РЮёґ№¤ѕЯ.exe\Debugger REG_SZ 16 "ntsd -d"
LM\System\CurrentControlSet\Services\143367E9\Enum\Count REG_DWORD 4 0x1
LM\System\CurrentControlSet\Services\143367E9\Enum\NextInstance REG_DWORD 4 0x1
LM\System\CurrentControlSet\Services\143367E9\ErrorControl REG_DWORD 4 0x1
LM\System\CurrentControlSet\Services\143367E9\ImagePath REG_EXPAND_SZ 44 "system32\143367E9.sys"
LM\System\CurrentControlSet\Services\143367E9\Start REG_DWORD 4 0x2
LM\System\CurrentControlSet\Services\143367E9\Type REG_DWORD 4 0x1

• Values Changed
• Values Deleted
Name Type Size Value
LM\System\CurrentControlSet\Services\AppMgmt\Description REG_SZ 154 "Provides software installation services such as Assign, Publish, and Remove."
LM\System\CurrentControlSet\Services\AppMgmt\DisplayName REG_SZ 46 "Application Management"
LM\System\CurrentControlSet\Services\AppMgmt\ErrorControl REG_DWORD 4 0x1
LM\System\CurrentControlSet\Services\AppMgmt\ImagePath REG_EXPAND_SZ 90 "%SystemRoot%\system32\svchost.exe -k netsvcs"
LM\System\CurrentControlSet\Services\AppMgmt\ObjectName REG_SZ 24 "LocalSystem"
LM\System\CurrentControlSet\Services\AppMgmt\Parameters\ServiceDll REG_EXPAND_SZ 70 "%SystemRoot%\System32\appmgmts.dll"
LM\System\CurrentControlSet\Services\AppMgmt\Parameters\ServiceDllUnloadOnStop REG_DWORD 4 0x1
LM\System\CurrentControlSet\Services\AppMgmt\Security\Security REG_BINARY 192 ?
LM\System\CurrentControlSet\Services\AppMgmt\Start REG_DWORD 4 0x3
LM\System\CurrentControlSet\Services\AppMgmt\Type REG_DWORD 4 0x20

• Directories Created
• Directories Changed
• Directories Deleted
• Files Created
Name Size Last Write Time Creation Time Last Access Time Attr
C:\Documents and Settings\User\Local Settings\Temp\105F31D9.log 11566 2009.01.09 10:37:26.281 2009.01.09 10:37:26.265 2009.01.09 10:37:26.265 0x20
C:\WINDOWS\system32\105F075C.tmp 89600 2004.08.04 01:55:30.000 2004.08.04 01:55:30.000 2004.08.04 01:55:30.000 0x20
C:\WINDOWS\system32\143367E9.sys 12512 2004.08.04 01:55:30.000 2004.08.04 01:55:30.000 2004.08.04 01:55:30.000 0x20
C:\WINDOWS\Temp\r4d6e5368.txt 3756 2009.01.09 10:37:32.375 2009.01.09 10:37:32.375 2009.01.09 10:37:32.375 0x20
C:\WINDOWS\Temp\sc414b6e.txt 8192 2009.01.09 10:37:31.984 2009.01.09 10:37:31.968 2009.01.09 10:37:31.968 0x20

• Files Changed
Name Size Last Write Time Creation Time Last Access Time Attr
C:\WINDOWS\system32\appmgmts.dll 167936/89600 2007.07.27 12:00:00.000/2007.07.27 12:00:00.000 2007.07.27 12:00:00.000/2007.07.27 12:00:00.000 2008.08.01 06:17:07.328/2008.08.01 06:23:20.718 0x20/0x20
C:\WINDOWS\system32\config\software 8912896/8912896 2009.01.09 10:22:48.828/2009.01.09 10:37:31.968 2008.08.01 07:59:59.062/2008.08.01 07:59:59.062 2009.01.09 10:22:48.828/2009.01.09 10:22:48.828 0x20/0x20

• Files Deleted
Name Size Last Write Time Creation Time Last Access Time Attr
C:\TEST\sample.exe 89600 2009.01.09 10:37:25.203 2009.01.09 10:36:42.187 2009.01.09 10:36:42.187 0x20

• Directories Hidden
• Files Hidden
• Drivers Loaded
Base Size Flags Image Name
0xf8a69000 0x4000 0x1104000 \SystemRoot\system32\143367E9.sys

• Drivers Unloaded
• Processes Created
• Processes Terminated
• Threads Created
PId Process Name TId Start Start Mem Win32 Start Win32 Start Mem
0x278 winlogon.exe 0x5d0 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE
0x2b0 lsass.exe 0xdc 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE
0x3f4 svchost.exe 0x29c 0x7c810856 MEM_IMAGE 0x762cf0a3 MEM_IMAGE
0x3f4 svchost.exe 0x40c 0x7c810856 MEM_IMAGE 0x7529edb3 MEM_IMAGE
0x3f4 svchost.exe 0x414 0x7c810856 MEM_IMAGE 0x762cf0a3 MEM_IMAGE
0x3f4 svchost.exe 0x418 0x7c810856 MEM_IMAGE 0x7529e44b MEM_IMAGE
0x3f4 svchost.exe 0x5d4 0x7c810856 MEM_IMAGE 0x762cf0a3 MEM_IMAGE
0x3f4 svchost.exe 0x678 0x7c810856 MEM_IMAGE 0x75219a1e MEM_IMAGE
0x3f4 svchost.exe 0x6ac 0x7c810856 MEM_IMAGE 0x2025438 MEM_IMAGE

• Modules Loaded
PId Process Name Base Size Flags Image Name
0x3f4 svchost.exe 0x4ec50000 0x1a3000 0x900c4006 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x3f4 svchost.exe 0x71b20000 0x12000 0x800c4006 C:\WINDOWS\system32\mpr.dll
0x3f4 svchost.exe 0x73d30000 0x17000 0x800c4004 C:\WINDOWS\system32\wbem\wbemcons.dll
0x3f4 svchost.exe 0x76bf0000 0xb000 0x800c4006 c:\windows\system32\psapi.dll

• Windows Api Calls
• DNS Queries
DNS Query Text
www.mvuni33797.info IN A +
www.baidu.com IN A +
www.baidu.com IN A +
www.baidu.com IN A +

• HTTP Queries
• Verdict
Auto Analysis Verdict
Suspicious++

• Description
Suspicious Actions Detected
Creates files in windows system directory
Creates system services or drivers
Deletes self
Load system drivers
Patches system files

• Mutexes Created or Opened
PId Image Name Address Mutex Name
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x76ee3a34 RasPbFile
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x771ba3ae _!MSFTHISTORY!_
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x771bc21c WininetConnectionMutex
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x771bc23d WininetProxyRegistryMutex
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x771bc2dd WininetStartupMutex
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x771d9710 c:!documents and settings!networkservice!cookies!
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x771d9710 c:!documents and settings!networkservice!local settings!history!history.ie5!
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x771d9710 c:!documents and settings!networkservice!local settings!temporary internet files!content.ie5!
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x77267e1b ZonesCacheCounterMutex
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x77267e1b ZonesLockedCacheCounterMutex
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x772689fc ZonesCounterMutex
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x777904d3 WininetStartupMutex
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x77f76e78 Shell.CMruPidlList
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x7c81a838 ShimCacheMutex

• Events Created or Opened
PId Image Name Address Event Name
0x4ac C:\TEST\sample.exe 0x401623 Global\{49DC5E00-FB89-41c2-8E1E-852B0B0C6B00}
0x4ac C:\TEST\sample.exe 0x40295b Global\{6581F932-EEC4-422e-A5FD-0F78BB508683}
0x4ac C:\TEST\sample.exe 0x421e9b {00C92B91-763E-4a4e-8404-29ED1850790B}
0x4ac C:\TEST\sample.exe 0x77a89422 Global\crypt32LogoffEvent
0x4ac C:\TEST\sample.exe 0x77de5f48 Global\SvcctrlStartEvent_A3752DX
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x76b443c5 DINPUTWINMM
0x690 C:\Program Files\Internet Explorer\iexplore.exe 0x77de5f48 Global\SvcctrlStartEvent_A3752DX

显示全部楼层 · 发表于 2011-10-5 22:36:02

ms有点恐怖，我机子上只装得有TF，不晓得防不防得了，我不敢试

显示全部楼层 · 发表于 2011-10-7 09:58:16

comodo 扫描时没反应

显示全部楼层 · 发表于 2011-10-7 18:50:10

熊猫云无压力。

[病毒样本] 货真价实BMW病毒样本（不是老的CIH）9月4日更新<增加实际修改mbr和BIOS的部分>

本帖子中包含更多资源