红伞在线挂

显示全部楼层 · 发表于 2007-10-24 14:46:10

瑞星报

Antivirus	Version	Last Update	Result
AhnLab-V3	2007.10.24.0	2007.10.23	-
AntiVir	7.6.0.27	2007.10.24	-
Authentium	4.93.8	2007.10.23	-
Avast	4.7.1074.0	2007.10.23	Win32:VB-FBX
AVG	7.5.0.488	2007.10.23	VB.BAL
BitDefender	7.2	2007.10.24	DeepScan:Generic.Malware.P!.8595149F
CAT-QuickHeal	9.00	2007.10.23	-
ClamAV	0.91.2	2007.10.24	-
DrWeb	4.44.0.09170	2007.10.23	-
eSafe	7.0.15.0	2007.10.22	-
eTrust-Vet	31.2.5235	2007.10.23	-
Ewido	4.0	2007.10.23	-
FileAdvisor	1	2007.10.24	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.23	-
F-Secure	6.70.13030.0	2007.10.24	-
Ikarus	T3.1.1.12	2007.10.24	Trojan.Win32.VB.bgc
Kaspersky	7.0.0.125	2007.10.24	-
McAfee	5147	2007.10.23	New Malware
Microsoft	1.2908	2007.10.24	-
NOD32v2	2612	2007.10.24	-
Norman	5.80.02	2007.10.23	-
Panda	9.0.0.4	2007.10.23	-
Prevx1	V2	2007.10.24	Heuristic: Suspicious File With Anti-Security Technology
Rising	19.46.20.00	2007.10.24	Trojan.Win32.VB.ynp
Sophos	4.22.0	2007.10.24	-
Sunbelt	2.2.907.0	2007.10.23	-
Symantec	10	2007.10.24	-
TheHacker	6.2.9.106	2007.10.24	-
VBA32	3.12.2.4	2007.10.22	-
VirusBuster	4.3.26:9	2007.10.23	-
Webwasher-Gateway	6.6.1	2007.10.24	-

Additional information

File size: 155647 bytes

MD5: ed03fcb36188f8863793f451fa98ca94

SHA1: 315a31c1cfbe37dfac27915147a3c15c3d2caad8

Prevx info: http://fileinfo.prevx.com/filein ... 2455B6CC600BBC7AD3B

扫描结果 :	20%的杀软(7/35)报告发现病毒
时间 :	2007/10/24 14:47:26 (CST)

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	3.0.0.126	2007.10.23	2007-10-23	-	7.352
AntiVir	7.6.0.27	7.0.0.126	2007-10-24	-	2.741
Arcavir	1.0.4	200710231142	2007-10-23	-	1.627
AVAST	1.0.8	000783-1	2007-10-22	Win32:VB-FBX	3.053
AVG	7.5.49.442	269.15.8/1089	2007-10-23	VB.BAL	1.666
BitDefender	7.60825.934917	7.15457	2007-10-24	DeepScan:Generic.Malware.P!.8595149F	3.455
CA (VET)	8.4.0.24	31.2.5235	2007-10-24	-	0.932
ClamAV	0.91.2	4583	2007-10-24	-	0.553
Comodo	2.11	2.0.0.322	2007-10-23	-	1.376
Dr.WEB	4.33	2007.10.24	2007-10-24	-	5.634
ewido	4.0.0.2	2007.10.23	2007-10-23	-	4.321
F-PROT	4.4.0.50	20071023	2007-10-23	-	1.296
F-SECURE	5.51.6100	2007.10.24.01	2007-10-24	-	0.050
IKARUS	T3.1.1.12	2007.10.23.69708	2007-10-23	Trojan.Win32.VB.bgc	1.496
MKS_VIR	2.01	2007.10.23	2007-10-23	-	3.981
NOD32	2.70.10	2612	2007-10-24	-	0.018
NORMAN	5.91.08	5.90	2007-10-23	-	5.468
nProtect	2007-10-22.00	1009036	2007-10-22	-	32.315
Prevx	V2	20071024	2007-10-24	-	40.746
QuickHeal	9.00	2007.10.23	2007-10-23	-	5.625
SOPHOS	2.49.1	4.21	2007-10-24	-	5.656
The Hacker	6.2.9	v00105	2007-10-22	-	2.109
VBA32	3.12.2.4	20071023.1502	2007-10-23	-	2.662
ViRobot	20071023	2007.10.23	2007-10-23	-	0.986
VirusBuster	4.3.19:9	9.112.4/11.0	2007-10-22	-	3.271
卡巴斯基	5.5.10	2007.10.24	2007-10-24	-	4.628
安博士V3	2007.10.23.00	2007.10.23	2007-10-23	-	1.125
江民杀毒	10.00.650	2007.10.23	2007-10-23	-	1.215
熊猫卫士	9.04.03.0001	2007.10.23	2007-10-23	-	0.851
瑞星	19.0	19.46.12.00	2007-10-23	Trojan.Win32.VB.ynp	5.172
赛门铁克	1.3.0.24	20071023.016	2007-10-23	-	0.390
趋势	8.500-1001	4.792.01	2007-10-23	-	0.046
迈克菲	5.2.00	5147	2007-10-23	New Malware	1.514
金山毒霸	2007.6.20.249	2007.10.24	2007-10-24	-	0.920
飞塔	2.81-3.11	8.275	2007-10-23	Suspicious	0.452

注意: 就算报告发现病毒，也可能是杀软误报，请根据查毒结果自行判断

[ 本帖最后由 kp2006 于 2007-10-24 14:52 编辑 ]

显示全部楼层 · 发表于 2007-10-24 14:58:53

新建文件：C:\file.Axv
C:\file.Axv
C:\178#.exe
C:\analysis\log\file.exe\run_1\proc_1\created_files\
C:\analysis\log\file.exe\run_1\proc_1\
C:\analysis\log\file.exe\run_1\proc_2\created_files\
C:\analysis\log\file.exe\run_1\proc_2\
C:\analysis\log\file.exe\run_1\
C:\analysis\log\file.exe\
C:\analysis\log\
C:\analysis\CWDllLoader.exe
C:\analysis\CWDllLoader.exe$
C:\analysis\CWDllLoader.exe
C:\analysis\
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\
C:\Documents and Settings\All Users\Application Data\Microsoft\
C:\Documents and Settings\All Users\Application Data\
C:\Documents and Settings\All Users\Desktop\
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000CEB4F\
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\
C:\Documents and Settings\All Users\Documents\My Music\
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\
C:\Documents and Settings\All Users\Documents\My Pictures\
C:\Documents and Settings\All Users\Documents\My Videos\
C:\Documents and Settings\All Users\Documents\
C:\Documents and Settings\All Users\DRM\
C:\Documents and Settings\All Users\Favorites\
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\
C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\
C:\Documents and Settings\All Users\Start Menu\Programs\Games\
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
C:\Documents and Settings\All Users\Start Menu\Programs\
C:\Documents and Settings\All Users\Start Menu\
C:\Documents and Settings\All Users\Templates\
C:\Documents and Settings\All Users\
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\
C:\Documents and Settings\Default User\Application Data\Microsoft\Media Player\
C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates\
C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs\
C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs\
C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\
C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\
C:\Documents and Settings\Default User\Application Data\Microsoft\
C:\Documents and Settings\Default User\Application Data\
C:\Documents and Settings\Default User\Cookies\
C:\Documents and Settings\Default User\Desktop\
C:\Documents and Settings\Default User\Favorites\
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\
C:\Documents and Settings\Default User\Local Settings\Application Data\
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\
C:\Documents and Settings\Default User\Local Settings\History\
C:\Documents and Settings\Default User\Local Settings\Temp\
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\5DCFQQX5\
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HTZRPPD6\
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\OPW9B5Z5\
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\Q45IUVWC\
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\
C:\Documents and Settings\Default User\Local Settings\
C:\Documents and Settings\Default User\My Documents\
C:\Documents and Settings\Default User\NetHood\
C:\Documents and Settings\Default User\PrintHood\
C:\Documents and Settings\Default User\Recent\
C:\Documents and Settings\Default User\SendTo\
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
C:\Documents and Settings\Default User\Start Menu\Programs\
C:\Documents and Settings\Default User\Start Menu\
C:\Documents and Settings\Default User\Templates\
C:\Documents and Settings\Default User\
C:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\S-1-5-19\
C:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\
C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\
C:\Documents and Settings\LocalService\Application Data\Microsoft\Media Player\
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates\
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs\
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs\
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\
C:\Documents and Settings\LocalService\Application Data\Microsoft\
C:\Documents and Settings\LocalService\Application Data\
C:\Documents and Settings\LocalService\Cookies\
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-19\
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\
C:\Documents and Settings\LocalService\Local Settings\Application Data\
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\
C:\Documents and Settings\LocalService\Local Settings\History\
C:\Documents and Settings\LocalService\Local Settings\Temp\
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6PMVKFOZ\
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QD8PKXOT\
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QRCVCPY1\

显示全部楼层 · 发表于 2007-10-24 15:00:24

接上面的：C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W505S3Q5\
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\
C:\Documents and Settings\LocalService\Local Settings\
C:\Documents and Settings\LocalService\
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\S-1-5-20\
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Media Player\
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates\
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs\
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs\
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\
C:\Documents and Settings\NetworkService\Application Data\Microsoft\
C:\Documents and Settings\NetworkService\Application Data\
C:\Documents and Settings\NetworkService\Cookies\
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-20\
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Credentials\
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\
C:\Documents and Settings\NetworkService\Local Settings\Application Data\
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\
C:\Documents and Settings\NetworkService\Local Settings\History\
C:\Documents and Settings\NetworkService\Local Settings\Temp\
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LY38H6F\
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I5XFHT9X\
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MS89PYH6\
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VE2SQ3EU\
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\
C:\Documents and Settings\NetworkService\Local Settings\
C:\Documents and Settings\NetworkService\
C:\Documents and Settings\Sandbox\Application Data\Identities\{CE39F33A-AC8A-466A-A1BE-4AF0222569E0}\
C:\Documents and Settings\Sandbox\Application Data\Identities\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\Credentials\S-1-5-21-299502267-1958367476-682003330-1004\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\Credentials\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\Internet Explorer\Quick Launch\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\Internet Explorer\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\Media Player\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\MMC\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\SystemCertificates\My\Certificates\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\SystemCertificates\My\CRLs\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\SystemCertificates\My\CTLs\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\SystemCertificates\My\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\SystemCertificates\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\Windows\Themes\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\Windows\
C:\Documents and Settings\Sandbox\Application Data\Microsoft\
C:\Documents and Settings\Sandbox\Application Data\
C:\Documents and Settings\Sandbox\Cookies\
C:\Documents and Settings\Sandbox\Desktop\DF6Wks_SCM_Protect.exe$
C:\Documents and Settings\Sandbox\Desktop\DF6Wks_SCM_Protect.exe
C:\Documents and Settings\Sandbox\Desktop\
C:\Documents and Settings\Sandbox\Favorites\Links\
C:\Documents and Settings\Sandbox\Favorites\
C:\Documents and Settings\Sandbox\Local Settings\Application Data\Microsoft\CD Burning\
C:\Documents and Settings\Sandbox\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-299502267-1958367476-682003330-1004\
C:\Documents and Settings\Sandbox\Local Settings\Application Data\Microsoft\Credentials\
C:\Documents and Settings\Sandbox\Local Settings\Application Data\Microsoft\Internet Explorer\
C:\Documents and Settings\Sandbox\Local Settings\Application Data\Microsoft\Media Player\
C:\Documents and Settings\Sandbox\Local Settings\Application Data\Microsoft\Windows\
C:\Documents and Settings\Sandbox\Local Settings\Application Data\Microsoft\Windows Media\9.0\
C:\Documents and Settings\Sandbox\Local Settings\Application Data\Microsoft\Windows Media\
C:\Documents and Settings\Sandbox\Local Settings\Application Data\Microsoft\
C:\Documents and Settings\Sandbox\Local Settings\Application Data\
C:\Documents and Settings\Sandbox\Local Settings\History\History.IE5\MSHist012007083020070831\
C:\Documents and Settings\Sandbox\Local Settings\History\History.IE5\
C:\Documents and Settings\Sandbox\Local Settings\History\
C:\Documents and Settings\Sandbox\Local Settings\Temp\WER564c.dir00\
C:\Documents and Settings\Sandbox\Local Settings\Temp\_$Df\
C:\Documents and Settings\Sandbox\Local Settings\Temp\
C:\Documents and Settings\Sandbox\Local Settings\Temporary Internet Files\Content.IE5\5DCFQQX5\
C:\Documents and Settings\Sandbox\Local Settings\Temporary Internet Files\Content.IE5\HTZRPPD6\
C:\Documents and Settings\Sandbox\Local Settings\Temporary Internet Files\Content.IE5\OPW9B5Z5\
C:\Documents and Settings\Sandbox\Local Settings\Temporary Internet Files\Content.IE5\Q45IUVWC\
C:\Documents and Settings\Sandbox\Local Settings\Temporary Internet Files\Content.IE5\
C:\Documents and Settings\Sandbox\Local Settings\Temporary Internet Files\
C:\Documents and Settings\Sandbox\Local Settings\
C:\Documents and Settings\Sandbox\My Documents\My Music\
C:\Documents and Settings\Sandbox\My Documents\My Pictures\
C:\Documents and Settings\Sandbox\My Documents\sleep.exe
C:\Documents and Settings\Sandbox\My Documents\sleep.exe$
C:\Documents and Settings\Sandbox\My Documents\sleep.exe
C:\Documents and Settings\Sandbox\My Documents\
C:\Documents and Settings\Sandbox\NetHood\
C:\Documents and Settings\Sandbox\PrintHood\
C:\Documents and Settings\Sandbox\Recent\
C:\Documents and Settings\Sandbox\SendTo\
C:\Documents and Settings\Sandbox\Start Menu\Programs\Accessories\Accessibility\
C:\Documents and Settings\Sandbox\Start Menu\Programs\Accessories\Entertainment\
C:\Documents and Settings\Sandbox\Start Menu\Programs\Accessories\
C:\Documents and Settings\Sandbox\Start Menu\Programs\Startup\SandboxReboot.exe
C:\Documents and Settings\Sandbox\Start Menu\Programs\Startup\
C:\Documents and Settings\Sandbox\Start Menu\Programs\
C:\Documents and Settings\Sandbox\Start Menu\
C:\Documents and Settings\Sandbox\Templates\
C:\Documents and Settings\Sandbox\
C:\Documents and Settings\
C:\Program Files\Common Files\Microsoft Shared\DAO\
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe$
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\
C:\Program Files\Common Files\Microsoft Shared\Speech\1033\
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe$
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\
C:\Program Files\Common Files\Microsoft Shared\Stationery\
C:\Program Files\Common Files\Microsoft Shared\TextConv\
C:\Program Files\Common Files\Microsoft Shared\Triedit\
C:\Program Files\Common Files\Microsoft Shared\VGX\
C:\Program Files\Common Files\Microsoft Shared\Web Folders\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\scripts\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\scripts\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\1033\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_adm\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_aut\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\servsupp\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\
C:\Program Files\Common Files\Microsoft Shared\web server extensions\
C:\Program Files\Common Files\Microsoft Shared\
C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033\
C:\Program Files\Common Files\MSSoap\Binaries\Resources\
C:\Program Files\Common Files\MSSoap\Binaries\
C:\Program Files\Common Files\MSSoap\
C:\Program Files\Common Files\ODBC\Data Sources\
C:\Program Files\Common Files\ODBC\
C:\Program Files\Common Files\Services\
删除文件：C:\analysis\CWDllLoader.exe
C:\analysis\CWDllLoader.exe$
C:\Documents and Settings\Sandbox\Desktop\DF6Wks_SCM_Protect.exe
C:\Documents and Settings\Sandbox\Desktop\DF6Wks_SCM_Protect.exe$
C:\Documents and Settings\Sandbox\My Documents\sleep.exe
C:\Documents and Settings\Sandbox\My Documents\sleep.exe$
C:\Documents and Settings\Sandbox\Start Menu\Programs\Startup\SandboxReboot.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe$
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe$
修改注册表：HKEY_CURRENT_USER\Software\VB and VBA Program Settings\MSfirewall\Options "Size" = 155647
HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0 "" = Microsoft Scripting Runtime
HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0\FLAGS "" = 0
HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0\0\win32 "" = C:\WINDOWS\system32\scrrun.dll
HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0\HELPDIR "" = C:\WINDOWS\system32
HKEY_CLASSES_ROOT\Interface\{42C642C1-97E1-11CF-978F-00A02463E06F} "" = IDictionary
HKEY_CLASSES_ROOT\Interface\{42C642C1-97E1-11CF-978F-00A02463E06F}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{42C642C1-97E1-11CF-978F-00A02463E06F}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{42C642C1-97E1-11CF-978F-00A02463E06F}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{42C642C1-97E1-11CF-978F-00A02463E06F}\TypeLib "Version" = 1.0
HKEY_CLASSES_ROOT\Interface\{0AB5A3D0-E5B6-11D0-ABF5-00A0C90FFFC0} "" = IFileSystem
HKEY_CLASSES_ROOT\Interface\{0AB5A3D0-E5B6-11D0-ABF5-00A0C90FFFC0}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0AB5A3D0-E5B6-11D0-ABF5-00A0C90FFFC0}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0AB5A3D0-E5B6-11D0-ABF5-00A0C90FFFC0}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{0AB5A3D0-E5B6-11D0-ABF5-00A0C90FFFC0}\TypeLib "Version" = 1.0
HKEY_CLASSES_ROOT\Interface\{C7C3F5A1-88A3-11D0-ABCB-00A0C90FFFC0} "" = IDriveCollection
HKEY_CLASSES_ROOT\Interface\{C7C3F5A1-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A1-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A1-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A1-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "Version" = 1.0
HKEY_CLASSES_ROOT\Interface\{C7C3F5A0-88A3-11D0-ABCB-00A0C90FFFC0} "" = IDrive
HKEY_CLASSES_ROOT\Interface\{C7C3F5A0-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A0-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A0-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A0-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "Version" = 1.0

显示全部楼层 · 发表于 2007-10-24 15:00:48

HKEY_CLASSES_ROOT\Interface\{C7C3F5A2-88A3-11D0-ABCB-00A0C90FFFC0} "" = IFolder
HKEY_CLASSES_ROOT\Interface\{C7C3F5A2-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A2-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A2-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A2-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "Version" = 1.0
HKEY_CLASSES_ROOT\Interface\{C7C3F5A3-88A3-11D0-ABCB-00A0C90FFFC0} "" = IFolderCollection
HKEY_CLASSES_ROOT\Interface\{C7C3F5A3-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A3-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A3-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A3-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "Version" = 1.0
HKEY_CLASSES_ROOT\Interface\{C7C3F5A5-88A3-11D0-ABCB-00A0C90FFFC0} "" = IFileCollection
HKEY_CLASSES_ROOT\Interface\{C7C3F5A5-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A5-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A5-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A5-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "Version" = 1.0
HKEY_CLASSES_ROOT\Interface\{C7C3F5A4-88A3-11D0-ABCB-00A0C90FFFC0} "" = IFile
HKEY_CLASSES_ROOT\Interface\{C7C3F5A4-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A4-88A3-11D0-ABCB-00A0C90FFFC0}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A4-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{C7C3F5A4-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib "Version" = 1.0
HKEY_CLASSES_ROOT\Interface\{53BAD8C1-E718-11CF-893D-00A0C9054228} "" = ITextStream
HKEY_CLASSES_ROOT\Interface\{53BAD8C1-E718-11CF-893D-00A0C9054228}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{53BAD8C1-E718-11CF-893D-00A0C9054228}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{53BAD8C1-E718-11CF-893D-00A0C9054228}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{53BAD8C1-E718-11CF-893D-00A0C9054228}\TypeLib "Version" = 1.0
HKEY_CLASSES_ROOT\Interface\{2A0B9D10-4B87-11D3-A97A-00104B365C9F} "" = IFileSystem3
HKEY_CLASSES_ROOT\Interface\{2A0B9D10-4B87-11D3-A97A-00104B365C9F}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2A0B9D10-4B87-11D3-A97A-00104B365C9F}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2A0B9D10-4B87-11D3-A97A-00104B365C9F}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{2A0B9D10-4B87-11D3-A97A-00104B365C9F}\TypeLib "Version" = 1.0
HKEY_CLASSES_ROOT\Interface\{AADC65F6-CFF1-11D1-B747-00C04FC2B085} "" = IScriptEncoder
HKEY_CLASSES_ROOT\Interface\{AADC65F6-CFF1-11D1-B747-00C04FC2B085}\ProxyStubClsid "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{AADC65F6-CFF1-11D1-B747-00C04FC2B085}\ProxyStubClsid32 "" = {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{AADC65F6-CFF1-11D1-B747-00C04FC2B085}\TypeLib "" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\Interface\{AADC65F6-CFF1-11D1-B747-00C04FC2B085}\TypeLib "Version" = 1.0
HKEY_CLASSES_ROOT\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}\InprocServer32 "" = C:\WINDOWS\system32\scrrun.dll
HKEY_CLASSES_ROOT\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}\InprocServer32 "ThreadingModel" = Apartment
HKEY_CLASSES_ROOT\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F} "TypeLib" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F} "Version" = 1.0
HKEY_CLASSES_ROOT\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F} "ProgID" = Scripting.Dictionary
HKEY_CLASSES_ROOT\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F} "" = Scripting.Dictionary
HKEY_CLASSES_ROOT\Scripting.Dictionary "CLSID" = {EE09B103-97E0-11CF-978F-00A02463E06F}
HKEY_CLASSES_ROOT\Scripting.Dictionary "" = Scripting.Dictionary
HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32 "" = C:\WINDOWS\system32\scrrun.dll
HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32 "ThreadingModel" = Both
HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} "TypeLib" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} "Version" = 1.0
HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} "ProgID" = Scripting.FileSystemObject
HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} "" = FileSystem Object
HKEY_CLASSES_ROOT\Scripting.FileSystemObject "CLSID" = {0D43FE01-F093-11CF-8940-00A0C9054228}
HKEY_CLASSES_ROOT\Scripting.FileSystemObject "" = FileSystem Object
HKEY_CLASSES_ROOT\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}\InprocServer32 "" = C:\WINDOWS\system32\scrrun.dll
HKEY_CLASSES_ROOT\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}\InprocServer32 "ThreadingModel" = Apartment
HKEY_CLASSES_ROOT\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085} "TypeLib" = {420B2830-E718-11CF-893D-00A0C9054228}
HKEY_CLASSES_ROOT\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085} "Version" = 1.0
HKEY_CLASSES_ROOT\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085} "ProgID" = Scripting.Encoder
HKEY_CLASSES_ROOT\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085} "" = Script Encoder Object
HKEY_CLASSES_ROOT\Scripting.Encoder "CLSID" = {32DA2B15-CFED-11D1-B747-00C04FC2B085}
HKEY_CLASSES_ROOT\Scripting.Encoder "" = Script Encoder Object
HKEY_CLASSES_ROOT\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324} "" = HTML Host Encode Object
HKEY_CLASSES_ROOT\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324} "InprocServer32" = C:\WINDOWS\system32\scrrun.dll
HKEY_CLASSES_ROOT\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324}\InprocServer32 "ThreadingModel" = Apartment
HKEY_CLASSES_ROOT\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324} "ProgID" = HTML.HostEncode
HKEY_CLASSES_ROOT\HTML.HostEncode "CLSID" = {0CF774D0-F077-11D1-B1BC-00C04F86C324}
HKEY_CLASSES_ROOT\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324} "" = ASP Host Encode Object
HKEY_CLASSES_ROOT\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324} "InprocServer32" = C:\WINDOWS\system32\scrrun.dll
HKEY_CLASSES_ROOT\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324}\InprocServer32 "ThreadingModel" = Apartment
HKEY_CLASSES_ROOT\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324} "ProgID" = ASP.HostEncode
HKEY_CLASSES_ROOT\ASP.HostEncode "CLSID" = {0CF774D1-F077-11D1-B1BC-00C04F86C324}
HKEY_CLASSES_ROOT\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324} "" = JS File Host Encode Object
HKEY_CLASSES_ROOT\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324} "InprocServer32" = C:\WINDOWS\system32\scrrun.dll
HKEY_CLASSES_ROOT\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324}\InprocServer32 "ThreadingModel" = Apartment
HKEY_CLASSES_ROOT\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324} "ProgID" = JSFile.HostEncode
HKEY_CLASSES_ROOT\JSFile.HostEncode "CLSID" = {85131630-480C-11D2-B1F9-00C04F86C324}
HKEY_CLASSES_ROOT\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324} "" = VBS File Host Encode Object
HKEY_CLASSES_ROOT\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324} "InprocServer32" = C:\WINDOWS\system32\scrrun.dll
HKEY_CLASSES_ROOT\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324}\InprocServer32 "ThreadingModel" = Apartment
HKEY_CLASSES_ROOT\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324} "ProgID" = VBSFile.HostEncode
HKEY_CLASSES_ROOT\VBSFile.HostEncode "CLSID" = {85131631-480C-11D2-B1F9-00C04F86C324}
HKEY_CLASSES_ROOT\htmlfile "ScriptHostEncode" = {0CF774D0-F077-11D1-B1BC-00C04F86C324}
HKEY_CLASSES_ROOT\aspfile "ScriptHostEncode" = {0CF774D1-F077-11D1-B1BC-00C04F86C324}
HKEY_CLASSES_ROOT\JSFile "ScriptHostEncode" = {85131630-480C-11D2-B1F9-00C04F86C324}
HKEY_CLASSES_ROOT\VBSFile "ScriptHostEncode" = {85131631-480C-11D2-B1F9-00C04F86C324}

显示全部楼层 · 发表于 2007-10-24 15:04:58

微点砍掉

显示全部楼层 · 发表于 2007-10-24 16:23:04

你不累

显示全部楼层 · 发表于 2007-10-24 16:23:59

厉害，看着都累

显示全部楼层 · 发表于 2007-10-24 22:16:25

这毒厉害，不是修改文件，就是删除文件。

[病毒样本] 红伞在线挂

本帖子中包含更多资源

本帖子中包含更多资源

回复 4楼 EQ2 的帖子

浏览过的版块