有手动主防的来帮帮忙

显示全部楼层 · 发表于 2012-3-3 20:49:47

因为换win8了，md没办法用，杀软兼容的不多，现在用360，连续下了几个md5修改的，360全部报病毒，忍无可忍断网，强行改md5，360安静了，但是没有md没办法跟踪，麻烦帮忙看看是不是病毒还是误报。怀念我的卡巴2012。。。。。

显示全部楼层 · 发表于 2012-3-3 20:54:38

avast7报毒

显示全部楼层 · 发表于 2012-3-3 20:56:24

解压直接报了

楼主可以用在线沙盘测的，而且行为一目了然
http://www.sunbeltsecurity.com/sandbox/

显示全部楼层 · 发表于 2012-3-3 20:57:30

lmywen 发表于 2012-3-3 20:56
解压直接报了

楼主可以用在线沙盘测的，而且行为一目了然

我的下载就拦截了。。。

显示全部楼层 · 发表于 2012-3-3 20:58:23

liwnpin 发表于 2012-3-3 20:57
我的下载就拦截了。。。

我只装了文件监控。。。

显示全部楼层 · 发表于 2012-3-3 21:01:46

微点KILL

显示全部楼层 · 发表于 2012-3-3 21:02:37

Bullguard不杀主防沉默

显示全部楼层 · 发表于 2012-3-3 21:03:29

就是怕反沙的啊。。。。还是md好用啊

显示全部楼层 · 发表于 2012-3-3 21:13:25

EQ 未发现可疑
MD 未发现可疑

KIS2012 主防
2012-3-3 21:09:11 MD5修改器.exe 已拒绝: My documents2
2012-3-3 21:09:11 MD5修改器.exe 已拒绝: 重复句柄
2012-3-3 21:09:08 MD5修改器.exe 已拒绝: 截屏
2012-3-3 21:09:05 MD5修改器.exe 已拒绝: My documents2
2012-3-3 21:09:02 MD5修改器.exe 已拒绝: 访问其它进程内存
2012-3-3 21:08:55 MD5修改器.exe 将应用程序移至高限制组

OA
Created:    2012-3-3 21:11:16
Summary:    Program Guard: MD5修 -> Smok
Description:  C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修 wants to create executable file C:\Documents and Settings\Administrator\桌面\MD5修改器\Smok
Event type: Suspicious file(13)
Event action: Allowed(2)

Created:    2012-3-3 21:10:51
Summary:    Program Guard: kernel event
Description:  OADriver: OpenProcess, 1872 -> 292, Mask: 1F0FFF - 1F0414 - Deny (watched)
Event type: Kernel event(26)
Event action: None(1)
Processes:
  PID: 1872 Name: MD5修
  PID:    292 Name: ctfmon.exe

Created:    2012-3-3 21:10:50
Summary:    Screen logger detected: MD5修
Description:  C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修
Event type: Keyboard logger(3)
Event action: Blocked(3)

Created:    2012-3-3 21:10:48
Summary:    Program Guard: MD5修改器.exe
Description:  C:\WINDOWS\explorer.exe -> C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe
Event type: Program Guard(9)
Event action: Allowed(2)

DW
03.03.2012  21:12:57，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to open process C:\WINDOWS\system32\ctfmon.exe (进程)

03.03.2012  21:12:56，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to open process C:\WINDOWS\system32\ctfmon.exe (进程)

03.03.2012  21:12:54，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to open process C:\WINDOWS\system32\ctfmon.exe (进程)

03.03.2012  21:12:54，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to open process C:\WINDOWS\system32\ctfmon.exe (进程)

03.03.2012  21:12:53，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to delete service (服务)

03.03.2012  21:12:53，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to set value Personal within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

03.03.2012  21:12:53，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to set value Recent within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

03.03.2012  21:12:53，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to set value Desktop within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

03.03.2012  21:12:53，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， 1:Attempt to bring window of the process C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe to the top (屏幕)

03.03.2012  21:12:53，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to set value Favorites within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

03.03.2012  21:12:53，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to open process C:\WINDOWS\system32\ctfmon.exe (进程)

03.03.2012  21:12:53，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， Attempt to open process C:\WINDOWS\system32\ctfmon.exe (进程)

03.03.2012  21:12:51，模块 C:\Documents and Settings\Administrator\桌面\MD5修改器\MD5修改器.exe， 1:Process is running untrusted now (进程)

显示全部楼层 · 发表于 2012-3-3 21:15:19

顺便传一个改 MD5 工具，绝对无毒。

[可疑文件] 有手动主防的来帮帮忙

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源