ap-facebook.com/operations/outer_band_remote.php

firefox3

BlackHole v2.0 exploit kit

fireold

Kaspersky Internet Security 2013

firefox3

fireold 发表于 2013-1-12 18:52
Kaspersky Internet Security 2013

测不测样本啊  ？？

fireold

PC-cillin Internet Security 2013

a256886572008

U盤病毒，全局感染EXE，注入explorer.exe和smss.exe，寫CLSID

2013-01-12 18:42:41   C:\Documents and Settings\Roger\wgsdgsdgdsgsd.exe   Sandboxed As   Partially Limited   

2013-01-12 18:42:50   C:\Documents and Settings\Roger\wgsdgsdgdsgsd.exe   Access COM Interface   LocalSecurityAuthority.Tcb   

2013-01-12 18:44:19   C:\Documents and Settings\Roger\wgsdgsdgdsgsd.exe   Modify Key   HKUS\S-1-5-21-448539723-261903793-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden  

2013-01-12 18:44:24   C:\Documents and Settings\Roger\wgsdgsdgdsgsd.exe   Access Memory   C:\WINDOWS\system32\smss.exe   

2013-01-12 18:44:24   C:\Documents and Settings\Roger\wgsdgsdgdsgsd.exe   Modify File   C:\WINDOWS\system.ini   

2013-01-12 18:44:33   C:\Documents and Settings\Roger\wgsdgsdgdsgsd.exe   Modify File   C:\WINDOWS\SOUNDMAN.EXE   

2013-01-12 18:44:33   C:\Documents and Settings\Roger\wgsdgsdgdsgsd.exe   Modify File   C:\Program Files\COMODO\COMODO Internet Security\cis.exe   

2013-01-12 18:44:39   C:\Documents and Settings\Roger\wgsdgsdgdsgsd.exe   Modify File   C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe   

2013-01-12 18:44:46   C:\Documents and Settings\Roger\wgsdgsdgdsgsd.exe   Modify File   D:\software\CLT2\clt.exe   

2013-01-12 18:44:08   C:\DOCUME~1\Roger\LOCALS~1\Temp\26550406.exe   Sandboxed As   Partially Limited   

2013-01-12 18:44:19   C:\Documents and Settings\Roger\Local Settings\Temp\26550406.exe   Modify Key   HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders   

2013-01-12 18:44:19   C:\Documents and Settings\Roger\Local Settings\Temp\26550406.exe   Access Memory   C:\WINDOWS\system32\smss.exe   

2013-01-12 18:44:19   C:\Documents and Settings\Roger\Local Settings\Temp\26550406.exe   Modify File   C:\WINDOWS\system32\UgcaxsayYits.dll   

2013-01-12 18:44:19   C:\Documents and Settings\Roger\Local Settings\Temp\26550406.exe   Modify Key   HKUS\S-1-5-21-448539723-261903793-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden   

2013-01-12 18:44:13   C:\DOCUME~1\Roger\LOCALS~1\Temp\26555906.exe   Sandboxed As   Partially Limited   

2013-01-12 18:44:19   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Access Memory   C:\WINDOWS\explorer.exe  

2013-01-12 18:44:51   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\Documents and Settings\Roger\Local Settings\Temp\26559765.exe   

2013-01-12 18:44:51   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Access Memory   C:\WINDOWS\system32\smss.exe   

2013-01-12 18:44:51   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\WINDOWS\system.ini   

2013-01-12 18:44:51   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify Key   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA   

2013-01-12 18:44:51   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify Key   HKUS\S-1-5-21-448539723-261903793-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden  

2013-01-12 18:44:57   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\WINDOWS\system32\IME\Chewing\ChewingServer.exe   

2013-01-12 18:44:57   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\Program Files\COMODO\COMODO Internet Security\cis.exe   

2013-01-12 18:45:02   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\WINDOWS\SOUNDMAN.EXE   

2013-01-12 18:45:08   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe   

2013-01-12 18:45:13   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   D:\software\CLT2\clt.exe   

2013-01-12 18:45:19   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\Program Files\COMODO\COMODO Internet Security\KillSwitch.exe   

2013-01-12 18:45:30   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\Program Files\Opera\opera.exe   

2013-01-12 18:45:37   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\autorun.inf  

2013-01-12 18:45:51   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\Program Files\PCMan Combo\PCMan.exe   

2013-01-12 18:46:04   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\Program Files\COMODO\Dragon\dragon.exe   

2013-01-12 18:46:04   C:\Documents and Settings\Roger\Local Settings\Temp\26555906.exe   Modify File   C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe   

2013-01-12 18:44:16   C:\DOCUME~1\Roger\LOCALS~1\Temp\26559765.exe   Sandboxed As   Partially Limited   

2013-01-12 18:44:24   C:\Documents and Settings\Roger\Local Settings\Temp\26559765.exe   Access COM Interface   LocalSecurityAuthority.Tcb   

2013-01-12 18:44:24   C:\Documents and Settings\Roger\Local Settings\Temp\26559765.exe   Modify Key   HKUS\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}   

2013-01-12 18:44:24   C:\Documents and Settings\Roger\Local Settings\Temp\26559765.exe   Access Memory   C:\WINDOWS\system32\wscntfy.exe  

fireold

firefox3 发表于 2013-1-12 18:53
测不测样本啊  ？？

當然要，只是懶得用pm的方式，因卡飯右上角那個「消息」不會變色，有人發消息我都不知道。

firefox3

fireold 发表于 2013-1-12 19:02
當然要，只是懶得用pm的方式，因卡飯右上角那個「消息」不會變色，有人發消息我都不知道。

无语了 早说啊 到现在的 发给你了

wjhstu-VxG

firefox3 发表于 2013-1-12 19:04
无语了 早说啊 到现在的 发给你了

真是乐此不彼哦！

firefox3

wjhstu-VxG 发表于 2013-1-12 20:44
真是乐此不彼哦！

你小孩懂什么，这叫哥们感情