測主防

显示全部楼层 · 发表于 2011-10-16 21:24:18

360的主防还是不错滴······
过卡巴斯基

显示全部楼层 · 发表于 2011-10-16 21:24:44

郑伟用户发表于 2011-10-16 21:05
毒霸应该报毒了吧

后台有没拦截就不知道了反正载图时只有金山卫士拦截一会后毒霸报危险了应该是自动云鉴定

刚想去看后台日记结果之前因为某些原因重装了下毒霸

显示全部楼层 · 发表于 2011-10-16 22:03:51

nis2012 云启发

完整路径: c:\users\sshss\downloads\upx\upx.exe
____________________________
____________________________
在电脑上的创建时间不可用
上次使用时间 2011/10/16 ( 22:01:05 )
启动项目否
已启动否
____________________________
____________________________
未知
诺顿社区中使用此文件的用户数量: 未知
____________________________
未知
此文件版本当前未知。
____________________________
高
此文件具有高风险。
____________________________
威胁详细信息
威胁类型: 启发式病毒。根据恶意软件启发式技术检测威胁。
____________________________
http://bbs.kafan.cn/forum.php?mo ... DQ4OTAzN3wxMTA4NjY2 已下载文件upx.exe
威胁名称:
Suspicious.Cloud.7.F自
bbs.kafan.cn
____________________________
文件操作
文件: c:\users\sshss\downloads\upx\upx.exe
已删除
____________________________
文件指纹 - SHA:
82950d5f533e3cf54f0a21391d72d14125c8eb5d2e80ede183f847ad6517f573
____________________________
文件指纹 - MD5:
91d080c037ba2c68f4bc41fb2b8b3dd1
____________________________

显示全部楼层 · 发表于 2011-10-16 22:30:23

GDATA KILL

显示全部楼层 · 发表于 2011-10-16 23:46:01

011-10-16 23:40:40? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改文件? \Device\KsecDD?
2011-10-16 23:40:43? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改文件? \Device\Tcp?
2011-10-16 23:40:45? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改文件? \Device\Ip?
2011-10-16 23:40:46? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改注册表项? HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile?
2011-10-16 23:40:47? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改文件? \Device\Afd\Endpoint?
2011-10-16 23:40:50? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改文件? \Device\NetBT_Tcpip_{47807F3E-07A0-40E9-AC73-DEBC8310EFB6}?
2011-10-16 23:40:52? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改文件? \Device\Afd\Endpoint?
2011-10-16 23:40:52? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改注册表项? HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MozillaAgent?
2011-10-16 23:40:52? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改文件? C:\WINDOWS\system32\Packet.dll?
2011-10-16 23:41:00? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改注册表项? HKUS\S-1-5-21-823518204-1202660629-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData?
2011-10-16 23:41:00? C:\Documents and Settings\Administrator\桌面\Vtest\upx.exe? 修改文件? \Device\NamedPipe\lsarpc?

显示全部楼层 · 发表于 2011-10-16 23:49:23

FS kill

显示全部楼层 · 发表于 2011-10-17 05:50:26

红伞杀“TR/Crypt.XPACK.Gen3 [trojan]”

自启动，充当服务器并试图出站。这家伙是不是老在尝试出去啊？硬盘灯一直亮，知道终止其进程

显示全部楼层 · 发表于 2011-10-17 07:02:20

2011-10-17 06:40:25 创建新进程允许
进程: c:\windows\explorer.exe
目标: e:\downloads\upx\upx.exe
命令行: "E:\downloads\upx\upx.exe"
规则: [应用程序]*

2011-10-17 06:40:39 创建注册表项允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\upx
规则: [注册表]*

2011-10-17 06:40:44 创建注册表项允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\upx\DEBUG
规则: [注册表]*

2011-10-17 06:40:48 删除注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\upx\DEBUG\Trace Level
规则: [注册表]*

2011-10-17 06:40:52 修改注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\upx\DEBUG\Trace Level
值:
规则: [注册表]*

2011-10-17 06:41:04 修改注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile
值: C:\WINDOWS\system32\ESENT.DLL
规则: [注册表组]安装服务和驱动 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services*

2011-10-17 06:41:10 修改注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile
值: C:\WINDOWS\system32\ESENT.DLL
规则: [注册表组]安装服务和驱动 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services*

2011-10-17 06:41:19 修改注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryCount
值: 0x00000010(16)
规则: [注册表组]安装服务和驱动 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services*

2011-10-17 06:41:22 修改注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\TypesSupported
值: 0x00000007(7)
规则: [注册表组]安装服务和驱动 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services*

2011-10-17 06:41:29 创建注册表项允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_CURRENT_USER\Software\Mozilla
规则: [注册表]*

2011-10-17 06:41:35 修改注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_CURRENT_USER\Software\Mozilla\AppID
值: DPlcebrcq06Y24dRhtkt1cgm8FacuYnEDD1Sc7R6oBqUas2HM0re9EjuXxsPqGcJeA==
规则: [注册表]*

2011-10-17 06:41:39 修改注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_CURRENT_USER\Software\Mozilla\ID
值: 0x00000050(80)
规则: [注册表]*

2011-10-17 06:41:43 修改注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_CURRENT_USER\Software\Mozilla\ID2
值: 00 00 00 00 00 00 00 00
规则: [注册表]*

2011-10-17 06:41:46 修改注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_CURRENT_USER\Software\Mozilla\ID3
值: a2 49 4d f3 d9 1e 9f 88 01 01 08 61 00 02 01 10 77 00 00 00 6a 00 03 11 02 01 14 62 00 02 01 10 af b0 91 01 64 00 02 01 10 50 00 00 00 67 00 02 01 20 00 00 00 00 00 00 00 00 70 00 02 01 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 02 01 20 00 00 00 00 00 00 00 00 01 14 62 00 02 01 10 77 eb 54 03 64 00 02 01 10 50 00 00 00 67 00 02 01 20 00 00 00 00 00 00 00 00 70 00 02 01 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 02 01 20 00 00 00 00 00 00 00 00 01 14 62 00 02 01 10 1b 03 21 05 64 00 02 01 10 50 00 00 00 67 00 02 01 20 00 00 00 00 00 00 00 00 70 00 02 01 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 02 01 20 00 00 00 00 00 00 00 00 01 14 62 00 02 01 10 ae 6d c1 07 64 00 02 01 10 50 00 00 00 67 00 02 01 20 00 00 00 00 00 00 00 00 70 00 02 01 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 02 01 20 00 00 00 00 00 00 00 00 01 14 62 00 02 01 10 3d 61 dd 09 64 00 02 01 10 50 00 00 00 67 00 02 01 20 00 00 00 00 00 00 00 00 70 00 02 01 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 02 01 20 00 00 00 00 00 00 00 00 01 14 62 00 02 01 10 3a 61 d8 0c 64 00 02 01 10 50 00 00 00 67 00 02 01 20 00 00 00 00 00 00 00 00 70 00 02 01 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 02 01 20 00 00 00 00 00 00 00 00 01 14 62 00 02 01 10 6f f1 44 0d 64 00 02 01 10 50 00 00 00 67 00 02 01 20 00 00 00 00 00 00 00 00 70 00 02 01 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 02 01 20 00 00 00 00 00 00 00 00 01 14 62 00 02 01 10 da d1 6f 0d 64 00 02 01 10 50 00 00 00 67 00 02 01
规则: [注册表]*

2011-10-17 06:41:50 修改注册表值允许
进程: e:\downloads\upx\upx.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MozillaAgent
值: E:\downloads\upx\upx.exe
规则: [注册表组]自动运行程序所在位置 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*

2011-10-17 06:41:56 创建文件允许
进程: e:\downloads\upx\upx.exe
目标: C:\WINDOWS\system32\Packet.dll
规则: [文件组]系统执行文件 -> [文件]c:\windows\*; *.dll

2011-10-17 06:42:01 创建文件允许
进程: e:\downloads\upx\upx.exe
目标: C:\WINDOWS\system32\wpcap.dll
规则: [文件组]系统执行文件 -> [文件]c:\windows\*; *.dll

2011-10-17 06:42:11 创建文件允许
进程: e:\downloads\upx\upx.exe
目标: C:\WINDOWS\system32\drivers\npf.sys
规则: [文件组]系统执行文件 -> [文件]c:\windows\*; *.sys

2011-10-17 06:42:16 创建注册表项允许
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF
规则: [应用程序]c:\windows\system32\services.exe -> [注册表]*

2011-10-17 06:42:20 修改注册表值允许
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Type
值: 0x00000001(1)
规则: [应用程序]c:\windows\system32\services.exe -> [注册表]*

2011-10-17 06:42:25 修改注册表值允许
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Start
值: 0x00000003(3)
规则: [应用程序]c:\windows\system32\services.exe -> [注册表]*

2011-10-17 06:42:28 修改注册表值允许
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\ErrorControl
值: 0x00000001(1)
规则: [应用程序]c:\windows\system32\services.exe -> [注册表]*

2011-10-17 06:42:32 修改注册表值允许
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\ImagePath
值: system32\drivers\NPF.sys
规则: [应用程序]c:\windows\system32\services.exe -> [注册表]*

2011-10-17 06:42:39 修改注册表值允许
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\DisplayName
值: WinPcap Packet Driver (NPF)
规则: [应用程序]c:\windows\system32\services.exe -> [注册表]*

2011-10-17 06:42:42 创建注册表项允许
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Security
规则: [应用程序]c:\windows\system32\services.exe -> [注册表]*

2011-10-17 06:42:46 修改注册表值允许
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Security\Security
值: 01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
规则: [应用程序]c:\windows\system32\services.exe -> [注册表]*

2011-10-17 06:42:51 加载驱动程序允许
进程: c:\windows\system32\services.exe
目标: c:\windows\system32\drivers\npf.sys
规则: [应用程序]c:\windows\system32\services.exe

2011-10-17 06:43:27 访问网络允许
进程: e:\downloads\upx\upx.exe
目标: TCP [本机 : 1115] -> [127.0.0.1 : 1114]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2011-10-17 06:43:30 访问网络允许
进程: e:\downloads\upx\upx.exe
目标: TCP [本机 : 1116] -> [124.51.21.30 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

访问网络...

显示全部楼层 · 发表于 2011-10-17 08:37:02

tf kill

显示全部楼层 · 发表于 2011-10-17 09:50:23

BitDefender
upx.exe Trojan.Generic.KD.379016

[病毒样本] 測主防

本帖子中包含更多资源

本帖子中包含更多资源