sname 木馬

a256886572008

2011-11-07 11:41:11   C:\Documents and Settings\Roger\桌面\virus\123\calc.exe   Sandboxed As   Partially Limited   

2011-11-07 11:41:35   C:\DOCUME~1\Roger\LOCALS~1\Temp\4erCB.tmp   Sandboxed As   Partially Limited   

2011-11-07 11:41:36   C:\DOCUME~1\Roger\LOCALS~1\Temp\4erCC.tmp   Sandboxed As   Partially Limited   

2011-11-07 11:41:48   C:\Documents and Settings\Roger\Local Settings\Temp\~unins5843.bat   Sandboxed As   Partially Limited   

2011-11-07 11:41:48   C:\WINDOWS\system32\conime.exe   Sandboxed As   Partially Limited   

2011-11-07 11:41:50   C:\Documents and Settings\Roger\Local Settings\Temp\4erCB.tmp   Modify File   C:\WINDOWS\system32\tsbyuvl.exe   

2011-11-07 11:41:50   C:\Documents and Settings\Roger\Local Settings\Temp\4erCC.tmp   Modify File   C:\WINDOWS\system32\mdhcp32.dll   

2011-11-07 11:41:50   C:\Documents and Settings\Roger\Local Settings\Temp\4erCB.tmp   Modify Key   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer   

2011-11-07 11:41:50   C:\Documents and Settings\Roger\Local Settings\Temp\4erCC.tmp   Modify File   C:\WINDOWS\system32\shimg.dll   

2011-11-07 11:41:57   C:\WINDOWS\system32\dwwin.exe   Sandboxed As   Partially Limited   

2011-11-07 11:41:57   C:\Documents and Settings\Roger\Local Settings\Temp\4erCC.tmp   Modify Key   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhcp32   

2011-11-07 11:42:03   C:\WINDOWS\system32\dwwin.exe   Modify Key   HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable   

訪問網路

樣本下載：
http://www.vdisk.cn/down/index/9087166A5174

a256886572008

2011-11-07 11:51:44   C:\Documents and Settings\Roger\桌面\virus\123\tsbyuvl.exe   Sandboxed As   Partially Limited   

2011-11-07 11:51:45   C:\Documents and Settings\Roger\桌面\virus\123\tsbyuvl.exe   Modify File   C:\WINDOWS\system32\drivers\etc\hosts   

2011-11-07 11:51:45   C:\WINDOWS\system32\ipconfig.exe   Sandboxed As   Partially Limited   

2011-11-07 11:51:46   C:\WINDOWS\system32\conime.exe   Sandboxed As   Partially Limited   

2011-11-07 11:51:51   C:\Documents and Settings\Roger\桌面\virus\123\tsbyuvl.exe   Modify Key   HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable   

2011-11-07 11:51:51   C:\WINDOWS\system32\ipconfig.exe   Modify Key   HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile   

這隻會改 host

夜ㄝ殇

毒霸kill

绅博周幸

dalianjhc1986

eset清空4个文件

blue_仰望

红伞kill

C.C.

360SD KILL4X
C:\Documents and Settings\Administrator\桌面\calc\4erCC.tmp        恶意程序(Malware.QVM05.Gen)        已删除
C:\Documents and Settings\Administrator\桌面\calc\calc.exe        HEUR/Malware.QVM20.Gen        已删除
C:\Documents and Settings\Administrator\桌面\calc\sname        HEUR/Malware.QVM25.Gen        已删除
C:\Documents and Settings\Administrator\桌面\calc\tsbyuvl.exe        HEUR/Malware.QVM20.Gen        已删除

will

病毒: Gen:Variant.Zusy.14 (引擎A)
文件: sname

病毒: Gen:Variant.PWS.5 (引擎A)
文件: 4erCC.tmp

病毒: Gen:Trojan.Heur.FU.aiW@aO2L!lk (引擎A)
文件: calc.exe

病毒: Trojan.QHosts.AVD (引擎A)
文件: tsbyuvl.exe

jayavira

hitman 清空

绅博周幸

will 发表于 2011-11-7 12:10
病毒: Gen:Variant.Zusy.14 (引擎A)
文件: sname

引擎B？？？？