9月28日最新感染文

显示全部楼层 · 发表于 2007-10-1 08:31:09

中标了怎么杀啊

显示全部楼层 · 发表于 2007-10-1 08:40:28

上报后的结果

恶意程序名称:Malware.Win32.RepIcon.a

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\感染.EXE
是恶意程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2007-10-1 09:22:37

原帖由 人浪流涯天 于 2007-9-30 15:38 发表
如果不通过API或者原生API调用NTOSKRNL.EXE和win32k中的系统服务怎么操作windows？E语言自己写调用CPU的指令集？

垃圾病毒一个，放几个图标文件改几个文件关联和资源管理器关联就叫做感染？

有病！

仁兄，易语言的确是直接输出CPU指令，可以内嵌汇编。

病毒也不是我写的，只是解释一下罢了。
HIPS对低级操作也只是一个简单提示，对于操作了什么，没有提示。
这也是R3才能做的事情。
微点也算是不错的
但没有Norman的Windows底层代码……

不要随意骂易语言，与用它写的软件
每个语言都有每个语言的优点，
你能用汇编写一个收发邮件？
几辈子才能写完？

显示全部楼层 · 发表于 2007-10-1 09:31:02

WinRAR.exe ISOLATE on access to F:\virus\感染.rar (File)
感染.exe ISOLATE on start from explorer.exe
感染.exe DENY C0B5 message to explorer.exe (Process)
感染.exe DENY C0B6 message to explorer.exe (Process)
感染.exe DENY C0B6 message to ctfmon.exe (Process)
感染.exe DENY access to C:\WINDOWS\system32\0401032.ico (File)
感染.exe DENY access to C:\WINDOWS\system32\0401128.ico (File)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\1 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\2 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\3 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\4 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\5 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\6 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\7 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\8 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\9 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\10 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\11 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\12 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\13 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\14 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\15 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\16 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\17 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\18 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\19 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\20 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\21 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\22 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\23 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\24 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\25 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\26 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\27 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\28 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\29 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\30 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\31 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\32 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\33 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\34 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\35 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\36 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\37 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\38 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\39 (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\40 (Registry)
感染.exe READONLY access to HKU\S-1-5-21-73586283-2111687655-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D} (Registry)
感染.exe REDIRECT access to HKU\S-1-5-21-73586283-2111687655-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\DefaultIcon\ (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Classes\inifile\DefaultIcon\ (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Classes\txtfile\DefaultIcon\ (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Classes\giffile\DefaultIcon\ (Registry)
感染.exe REDIRECT access to HKLM\SOFTWARE\Classes\jpegfile\DefaultIcon\ (Registry)
感染.exe REDIRECT access to HKU\S-1-5-21-73586283-2111687655-1957994488-1003\Control Panel\Desktop\WindowMetrics\Shell Icon Size (Registry)
感染.exe DENY 1A message to csrss.exe (Process)
感染.exe REDIRECT access to HKLM\SOFTWARE\Classes\htmlfile\DefaultIcon\ (Registry)
感染.exe DENY C0B5 message to explorer.exe (Process)

[ 本帖最后由 ubuntu 于 2007-10-1 09:36 编辑 ]

显示全部楼层 · 发表于 2007-10-1 09:47:20

显示全部楼层 · 发表于 2007-10-1 09:49:27

不小心运行了，哪位搞个专杀清除下。。。

显示全部楼层 · 发表于 2007-10-1 09:55:20

[local]4[/local]

显示全部楼层 · 发表于 2007-10-1 16:43:55

用OD随便栽入一个E语言的库文件都可以看到它调用了win32 API，就算它能够不用HAL中断CPU和其他硬件，自己做几个硬件接口，不用执行体API怎么解除中断？不解除中断如何返回？

显示全部楼层 · 发表于 2007-10-1 16:56:52

内联汇编..
...不要争了。。严格的说，是易语言编译出的程序在启发扫描方面有先天独后的优势。至于主动防御。。就连Themida也不能怎么样滴..

显示全部楼层 · 发表于 2007-10-1 17:03:12

UGuard Log (Digital Fox - gankeyu@126.com)
UGuarduu.exe = 4.1.0
HC0.rlb = 2.8.9
HC2.rlb = 2.4.0
FN0.rlb = 2.3.1
扫描选项：扫描档案, 扩展, 忽略非活动, 忽略大文件, nFile, BAT模拟, 捆绑检测, 变形壳, 启发, 捆绑流,
[扫描] [SuperSmart] 在 E:\Documents and Settings\Administrator\桌面\感染\感染.exe//Patch_E//E//ecode//e_entry//mainwnd_entry 检测到 Generic.RepIcon.A
检测到了 1 个未知的恶意程序，请上报。
任务扫描完成。共耗费的时间：0-00-00 00:00:01:0016，共扫描的文件数量：1，共扫描到的威胁数量：1，威胁率：1

[病毒样本] 9月28日最新感染文

昏

我是

我是菜鸟

本帖子中包含更多资源

回复 23楼 FBAV 的帖子