病毒过毛豆了

显示全部楼层 · 发表于 2012-1-6 18:11:29

试试untrusted

显示全部楼层 · 发表于 2012-1-6 22:57:24

KIS杀不掉不代表防不了，GKR开最大保护试试

显示全部楼层 · 发表于 2012-1-6 23:31:51

这对DW来说只是小菜一碟，能静默地完美地拦截。贴出日志如下：

DefenseWall log file

01.06.2012  23:04:54, 模块 C:\Documents and Settings\All Users\Application Data\gocBcScmNJwBeCF.exe, Attempt to set value 5761b2dc-ce77-4bfa-b965-6f33b1867cf2 within the key HKCU\Control Panel\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value DisableTaskMgr within the key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\All Users\Application Data\gocBcScmNJwBeCF.exe, 1:Process is running untrusted now (进程)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value gocBcScmNJwBeCF.exe within the key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value gocBcScmNJwBeCF.exe within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value Cache within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new file C:\Documents and Settings\china\Local Settings\Temporary Internet Files\desktop.ini (文件 )

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value Directory within the key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value Cookies within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value History within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, 10:Attempt to open protected file C:\Documents and Settings\china\Cookies\ (资源隔离)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, 10:Attempt to open protected file C:\Documents and Settings\china\Cookies\ (资源隔离)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, 8:Attempt to open protected file C:\Documents and Settings\china\Cookies\index.dat (资源隔离)

01.06.2012  23:04:49, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to delete service (服务)

01.06.2012  23:04:49, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value AppData within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

01.06.2012  23:04:49, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value MigrateProxy within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ (注册表)

01.06.2012  23:04:49, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value ProxyEnable within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ (注册表)

01.06.2012  23:04:49, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value SavedLegacySettings within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\ (注册表)

01.06.2012  23:04:49, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ (注册表)

01.06.2012  23:04:49, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ (注册表)

01.06.2012  23:04:49, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\ (注册表)

01.06.2012  23:04:49, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to create new key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\ (注册表)

01.06.2012  23:04:49, 模块 C:\Documents and Settings\*\Local Settings\Temp\bhQdIh3ZhlUede.exe.tmp, Attempt to set value PendingFileRenameOperations within the key HKLM\SYSTEM\ControlSet002\Control\Session Manager\ (注册表)

01.06.2012  23:04:48, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value Common AppData within the key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

01.06.2012  23:01:48, 模块 C:\Documents and Settings\china\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, Attempt to set value 5761b2dc-ce77-4bfa-b965-6f33b1867cf2 within the key HKCU\Control Panel\ (注册表)

01.06.2012  23:01:41, 模块 C:\Documents and Settings\*\桌面\fpishzgukueugzgsyok\fpishzgukueugzgsyok.exe, 1:Process is running untrusted now (进程)

01.06.2012  23:01:25, 模块 C:\Program Files\WinRAR\WinRAR.exe, Attempt to set value AppData within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

01.06.2012  23:01:25, 模块 C:\Program Files\WinRAR\WinRAR.exe, Attempt to delete service (服务)

01.06.2012  23:01:24, 模块 C:\Program Files\WinRAR\WinRAR.exe, 2:Process is running untrusted now (进程)

显示全部楼层 · 发表于 2012-1-7 18:38:04

DW给力，LS的童鞋没测试下comodo？这货壳真不错。。。

显示全部楼层 · 发表于 2012-1-7 19:32:58

MSE4.0没下载完就清理了，chrome下

显示全部楼层 · 发表于 2012-1-7 21:29:39

huyazhou2012 发表于 2012-1-6 17:50
不会吧，这下悲剧了吧。mse右键扫描
还有卡巴pure右键扫描
大家自家看吧

拜托，五天前的病毒库先更新一下啦~~
呵呵

显示全部楼层 · 发表于 2012-1-7 22:04:20

测试MSE 很给力的。哈哈。
爱上MSE了

显示全部楼层 · 发表于 2012-1-7 22:16:21

accp.taotao 发表于 2012-1-7 21:29
拜托，五天前的病毒库先更新一下啦~~
呵呵

一直在用卡巴，没用mse了。只是用卡巴扫了没反应，才用mse试了试，呵呵

显示全部楼层 · 发表于 2012-1-7 22:23:14

huyazhou2012 发表于 2012-1-7 22:16
一直在用卡巴，没用mse了。只是用卡巴扫了没反应，才用mse试了试，呵呵

那你不更新他，怎么有好的结果呢？唉，，桑心，

显示全部楼层 · 发表于 2012-1-7 22:34:28

有没有人试过手动版的毛豆情况如何？

[讨论] 病毒过毛豆了