无语，AB4DB7

显示全部楼层 · 发表于 2007-8-23 22:50:50

00404E79 BA70544000 mov edx, 00405470 -> ANSI "我我草死卡巴"
00404E7E E8E9E9FFFF call 0040386C
00404E83 7541 jnz 00404EC6
00404E85 B880544000 mov eax, 00405480 -> ANSI "0"
00404E8A E8F5F2FFFF call 00404184
00404E8F 84C0 test al, al
00404E91 7433 jz 00404EC6
00404E93 8D55D4 lea edx, [ebp-2C]
00404E96 B88C544000 mov eax, 0040548C -> ANSI "bcoo"
00404E9B E854F3FFFF call 004041F4
00404EA0 8B45D4 mov eax, [ebp-2C]
00404EA3 BA9C544000 mov edx, 0040549C -> ANSI "fuckfuckavp"
00404EA8 E8BFE9FFFF call 0040386C
00404EAD 7517 jnz 00404EC6
00404EAF 8D55D0 lea edx, [ebp-30]
00404EB2 33C0 xor eax, eax
00404EB4 E8BBF4FFFF call 00404374
00404EB9 8B45D0 mov eax, [ebp-30]
00404EBC BAB0544000 mov edx, 004054B0 -> ANSI "求着你别杀我啊"
00404EC1 E8A6E9FFFF call 0040386C

复制代码

00404DDC E8C7F5FFFF call 004043A8
00404DE1 8B45EC mov eax, [ebp-14]
00404DE4 BAE8534000 mov edx, 004053E8 -> ANSI "真想日死瑞星"
00404DE9 E87EEAFFFF call 0040386C
00404DEE 0F85D2000000 jnz 00404EC6
00404DF4 8D55E8 lea edx, [ebp-18]
00404DF7 B801000000 mov eax, 00000001
00404DFC E873F5FFFF call 00404374
00404E01 8B45E8 mov eax, [ebp-18]
00404E04 BA00544000 mov edx, 00405400 -> ANSI "免杀的啊呀也"
00404E09 E85EEAFFFF call 0040386C
00404E0E 0F85B2000000 jnz 00404EC6
00404E14 8D55E4 lea edx, [ebp-1C]
00404E17 B802000000 mov eax, 00000002
00404E1C E853F5FFFF call 00404374
00404E21 8B45E4 mov eax, [ebp-1C]
00404E24 BA18544000 mov edx, 00405418 -> ANSI "免杀的啊啊啊啊"
00404E29 E83EEAFFFF call 0040386C
00404E2E 0F8592000000 jnz 00404EC6
00404E34 8D55E0 lea edx, [ebp-20]
00404E37 B803000000 mov eax, 00000003
00404E3C E833F5FFFF call 00404374
00404E41 8B45E0 mov eax, [ebp-20]
00404E44 BA30544000 mov edx, 00405430 -> ANSI "免杀的啊呀呀"

复制代码

显示全部楼层 · 发表于 2007-8-23 22:53:09

娱乐大众

显示全部楼层 · 发表于 2007-8-23 22:53:17

2007-8-23 22:50:41 AMON 文件 D:\病毒库\QQ\QQ.exe 可能是 Win32/PSW.QQShou 木马的一个变种 A9A4210159974B7\Administrator 程序新建文件时发生事件： C:\Program Files\WinRAR\WinRAR.exe.

显示全部楼层 · 发表于 2007-8-23 22:53:46

Scan performed at: 2007-8-23 22:52:56
Scanning Log
NOD32 version 2479 (20070823) NT
Command line: C:\Documents and Settings\Don johnson\桌面\QQ.rar
Operating memory - is OK

Date: 23.8.2007 Time: 22:53:03
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\QQ.rar
C:\Documents and Settings\Don johnson\桌面\QQ.rar ?RAR ?QQ.exe - probably a variant of Win32/PSW.QQShou trojan
Number of scanned files: 2
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 22:53:03 Total scanning time: 0 sec (00:00:00)

显示全部楼层 · 发表于 2007-8-23 22:58:57

kv监控查出动作
主防

显示全部楼层 · 发表于 2007-8-23 22:59:20

他水平差了点，没免卡7

detected: virus Heur.Downloader (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\QQ.rar/QQ.exe

显示全部楼层 · 发表于 2007-8-23 23:01:25

显示全部楼层 · 发表于 2007-8-23 23:03:06

显示全部楼层 · 发表于 2007-8-23 23:06:59

Start of the scan: 2007年8月23日  23:06

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\QQ.rar
  [0] Archive type: RAR
  --> QQ.exe
   [DETECTION] Is the Trojan horse TR/PSW.Stealer.34293
   [INFO]    The file was deleted!

End of the scan: 2007年8月23日  23:06
Used time: 00:12 min

The scan has been done completely.

   1 Scanning directories
   2 Files were scanned
   1 viruses and/or unwanted programs were found
   0 classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-8-23 23:09:25

卡巴连真的QQ程序都杀
更别说这个假的了

[病毒样本] 无语，AB4DB7

本帖子中包含更多资源

和卡巴以及瑞星有深仇大恨

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

伞杀!

浏览过的版块