免杀卡巴斯基.exe

聪b

这东西是可疑文件

• File Info
Name        Value
Size        209920
MD5        c5d35a0d55b8f4fecefed9e4719c2342
SHA1        78ac96e6a74f0bb4fc4676a050acf65490e29017
SHA256        dfbde4136a1b53c82a376312941e4a742a7eb79a7f49aa5434b9338b8ab53eec
Process        Active
• Keys Created
• Keys Changed
• Keys Deleted
• Values Created
Name        Type        Size        Value
CU\Software\Microsoft\Windows\CurrentVersion\Run\sample.exe        REG_SZ        38        "C:\TEST\sample.exe"
• Values Changed
Name        Type        Size        Value
CU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings        REG_BINARY/REG_BINARY        56/56        ?/?
• Values Deleted
• Directories Created
• Directories Changed
• Directories Deleted
• Files Created
• Files Changed
• Files Deleted
• Directories Hidden
• Files Hidden
• Drivers Loaded
• Drivers Unloaded
• Processes Created
• Processes Terminated
• Threads Created
PId        Process Name        TId        Start        Start Mem        Win32 Start        Win32 Start Mem
0x2b0        lsass.exe        0x4b0        0x7c810856        MEM_IMAGE        0x77e76bf0        MEM_IMAGE
0x2b0        lsass.exe        0x4c0        0x7c810856        MEM_IMAGE        0x75738e06        MEM_IMAGE
0x424        svchost.exe        0x6ec        0x7c810856        MEM_IMAGE        0x77df9981        MEM_IMAGE
• Modules Loaded
• Windows Api Calls
• DNS Queries
DNS Query Text
www.google.com.br IN A +
newconfg.sites.uol.com.br IN A +
• HTTP Queries
HTTP Query Text
newconfg.sites.uol.com.br GET /up.txt HTTP/1.1
• Verdict
Auto Analysis Verdict
Suspicious+
• Description
Suspicious Actions Detected
Creates autorun records
• Mutexes Created or Opened
PId        Image Name        Address        Mutex Name
0x4ac        C:\TEST\sample.exe        0x76ee3a34        RasPbFile
0x4ac        C:\TEST\sample.exe        0x771ba3ae        _!MSFTHISTORY!_
0x4ac        C:\TEST\sample.exe        0x771bc21c        WininetConnectionMutex
0x4ac        C:\TEST\sample.exe        0x771bc23d        WininetProxyRegistryMutex
0x4ac        C:\TEST\sample.exe        0x771bc2dd        WininetStartupMutex
0x4ac        C:\TEST\sample.exe        0x771d9710        c:!documents and settings!user!cookies!
0x4ac        C:\TEST\sample.exe        0x771d9710        c:!documents and settings!user!local settings!history!history.ie5!
0x4ac        C:\TEST\sample.exe        0x771d9710        c:!documents and settings!user!local settings!temporary internet files!content.ie5!
• Events Created or Opened
PId        Image Name        Address        Event Name
0x4ac        C:\TEST\sample.exe        0x769c4ec2        Global\userenv: User Profile setup event
0x4ac        C:\TEST\sample.exe        0x77de5f48        Global\SvcctrlStartEvent_A3752DX

Howl

蓝天二号 发表于 2012-4-8 16:43
那就好。。

你也试试卡巴的主防啊

jayavira

只有联网行为
没发现下载文件了

xyc5238207

gdata

Howl

jayavira 发表于 2012-4-8 17:05
只有联网行为
没发现下载文件了

远马上线没动作而已

jayavira

Howl 发表于 2012-4-8 17:09
远马上线没动作而已

呵呵
也不排除这种可能性啊

yylx168912

STOP! Bitdefender blocked this web page.
The page you are trying to access contains malware.

Details:
Web Page: http://bbs.kafan.cn/forum.php?mo ... ;aid=MTU5Njc0N3w...
Detected viruses: Gen:Trojan.Heur.DP.mmGfaew88jiG

Access from your browser has been blocked.
Take me back to safety

lbb9432

MSE和毒霸双杀

雪落留痕

sungan01 发表于 2012-4-8 16:31
avast kill 啦

看到你了

sungan01

雪落留痕 发表于 2012-4-8 19:21
看到你了

额，我有发帖的