收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 测主防
123
返回列表 发新帖
楼主: kfx13
 收起左侧

[其他相关] 测主防

[复制链接]
windows7爱好者
发表于 2013-7-9 12:31:37 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

夜微凉
发表于 2013-7-9 12:32:47 | 显示全部楼层
/tiao眼镜鱼 发表于 2013-7-9 12:28
话说,这个功用我还从来没用过……

这个功能是主动使用的,不需要人工参与,病毒在做了一系列动作后费尔才侦测到危害就会回滚,将这个样本所做过的动作还原,早两天那个QQ加速王费尔也回滚了十几个文件
回复

举报

/tiao眼镜鱼
发表于 2013-7-9 12:37:59 | 显示全部楼层
夜微凉 发表于 2013-7-9 12:32
这个功能是主动使用的,不需要人工参与,病毒在做了一系列动作后费尔才侦测到危害就会回滚,将这个样本所 ...

就和微点的双击后修复类似????

费尔的双击后修复能力怎样?
回复

举报

夜微凉
发表于 2013-7-9 12:40:05 | 显示全部楼层
/tiao眼镜鱼 发表于 2013-7-9 12:37
就和微点的双击后修复类似????

费尔的双击后修复能力怎样?

全程回滚就是这种修复,v8宣传力度最大的几项功能之一,还不错
回复

举报

hx1997
发表于 2013-7-9 12:52:11 | 显示全部楼层
实在太可怕了

Executing -> \Device\HarddiskVolume3\Users\Gateway\Downloads\极品大合集,黑丝.豹纹,性感,,翘臀,看到暴爽.rar.exe (PID: 7224)
Command-line: "C:\Users\Gateway\Downloads\极品大合集,黑丝.豹纹,性感,,翘臀,看到暴爽.rar.exe"

C:\Users\Gateway\Downloads\极品大合集,黑丝.豹纹,性感,,翘臀,看到暴爽.rar.exe                 
        Write File, C:\Program Files (x86)\jm.exe

Executing -> \Device\HarddiskVolume3\Sandbox\Gateway\Analyzer\drive\C\Program Files (x86)\jm.exe (PID: 7352)
Command-line: "C:\Program Files (x86)\jm.exe"

Terminated -> \Device\HarddiskVolume3\Users\Gateway\Downloads\极品大合集 (PID: 7224)

C:\Program Files (x86)\jm.exe
        Write File, C:\Program Files (x86)\EShow_3500_2481_v1.07.exe

C:\Program Files (x86)\jm.exe
        Write File, C:\Program Files (x86)\KINSTALLERS_66_45411.exe

C:\Program Files (x86)\jm.exe
        Write File, C:\Program Files (x86)\setups_66_29812.exe

Executing -> \Device\HarddiskVolume5\Program Files (x86)\Opera\launcher.exe (PID: 7444)
Command-line: "K:\Program Files (x86)\Opera\Launcher.exe" -noautoupdate "http://493680670.qzone.qq.com/#!app=2&via=QZ.HashRefresh&pos=1361597285"

Executing -> \Device\HarddiskVolume5\Program Files (x86)\Opera\launcher.exe (PID: 7456)
Command-line: "K:\Program Files (x86)\Opera\Launcher.exe" -noautoupdate "http://www.247ptp.com/p?uid=3523&ad=2"

Executing -> \Device\HarddiskVolume5\Program Files (x86)\Opera\15.0.1147.130\opera.exe (PID: 7468)
Command-line: "K:\Program Files (x86)\Opera\15.0.1147.130\opera.exe" -noautoupdate --ran-launcher http://493680670.qzone.qq.com/#! ... &pos=1361597285

K:\Program Files (x86)\Opera\15.0.1147.130\opera.exe
        Monitor Registry Key, SOFTWARE\MozillaPlugins

K:\Program Files (x86)\Opera\15.0.1147.130\opera.exe
        Monitor Registry Key, SOFTWARE\MozillaPlugins

K:\Program Files (x86)\Opera\15.0.1147.130\opera.exe
        Monitor Registry Key, Software\Microsoft\Windows\CurrentVersion\Internet Settings

K:\Program Files (x86)\Opera\15.0.1147.130\opera.exe
        Monitor Registry Key, Software\Microsoft\Windows\CurrentVersion\Internet Settings

K:\Program Files (x86)\Opera\15.0.1147.130\opera.exe
        Monitor Registry Key, SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

K:\Program Files (x86)\Opera\15.0.1147.130\opera.exe
        Monitor Registry Key, Software\Microsoft\Windows\CurrentVersion\Internet Settings

K:\Program Files (x86)\Opera\15.0.1147.130\opera.exe
        Monitor Registry Key, Software\Microsoft\Windows\CurrentVersion\Internet Settings

K:\Program Files (x86)\Opera\15.0.1147.130\opera.exe
        Monitor Registry Key, SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

C:\Program Files (x86)\setups_66_29812.exe
        Delete File, C:\Windows\system32\drivers\bc.sys

K:\Program Files (x86)\Opera\15.0.1147.130\opera_autoupdate.exe
        Write Registry Key, System\CurrentControlSet\Control\SecurityProviders\Schannel

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, Install Path

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write File, C:\Users\Gateway\AppData\Local\Temp\is-J2N0Q.tmp\_isetup\_shfoldr.dll

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\Coop

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Software\Microsoft\RestartManager\Session0000

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, OEMName

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Software\Microsoft\RestartManager\Session0000

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, OrgOEM

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Owner

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, PreOEM

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, SessionHash

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\Coop

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Software\Microsoft\RestartManager\Session0000

C:\Windows\SysWOW64\WerFault.exe (PID: 7660)
        Access Program, K:\Program Files (x86)\Opera\15.0.1147.130\opera_crashreporter.exe (PID: 7496)

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Sequence

C:\Windows\SysWOW64\WerFault.exe (PID: 7660)
        Access Program, K:\Program Files (x86)\Opera\15.0.1147.130\opera_crashreporter.exe (PID: 7496)

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\union

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write File, C:\Users\Gateway\AppData\Local\Temp\is-J2N0Q.tmp\UpdateIcon.dll

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, Software\Microsoft\Windows\Windows Error Reporting\Debug

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, ProductID

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write File, C:\Users\Gateway\AppData\Local\Temp\is-J2N0Q.tmp\psvince.dll

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, ExceptionRecord

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, versiontypes

C:\Windows\SysWOW64\WerFault.exe (PID: 7660)
        Access Program, K:\Program Files (x86)\Opera\15.0.1147.130\opera_crashreporter.exe (PID: 7496)

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\union\Setup

Terminated -> \Device\HarddiskVolume5\Program Files (x86)\Opera\launcher.exe (PID: 7444)

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, iid

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, tod1

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, tod2

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, tid1

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, tid2

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, time

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\Microsoft\Windows\CurrentVersion\Run

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, KSafeTray

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Software\Microsoft\RestartManager\Session0000

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\kws

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Software\Microsoft\RestartManager\Session0000

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\kws

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, RegFiles0000

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, i

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, RegFilesHash

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\KEng

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Software\Microsoft\RestartManager\Session0000

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, Install

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Software\Microsoft\RestartManager\Session0000

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\update

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Software\Microsoft\RestartManager\Session0000

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, config3a.dat

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write Registry Key, Software\Microsoft\RestartManager\Session0000

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\update

C:\Users\Gateway\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp
        Write File, C:\Program Files (x86)\StarEShow\AppCore.dll

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, kwsu.dat

Executing -> Unknown program (PID: 7484)

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\update

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, script.db

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\update

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, sp3a.nlb

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, System\CurrentControlSet\Control\SecurityProviders\Schannel

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\update

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, WhiteList.dat

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\KxEScanSystem\ksecore.config.top\appconfig\kse.kspfeng.kspolfile

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, cfgval

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\KxEScanSystem\ksecore.config.top\appconfig\kse.kspfeng.ksksgpath

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, cfgval

C:\Windows\SysWOW64\WerFault.exe (PID: 7508)
        Access PROTECTED Program, C:\Sandbox\Gateway\Analyzer\user\current\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp (PID: 8148)

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\KxEScanSystem\ksecore.config.top\appconfig\kse.kspfeng.virinfo_cfgpath

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, cfgval

C:\Windows\SysWOW64\WerFault.exe (PID: 7508)
        Access PROTECTED Program, C:\Sandbox\Gateway\Analyzer\user\current\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp (PID: 8148)

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\KxEScanSystem\ksecore.config.top\appconfig\kse.kspfeng.virinfo_libpath

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, cfgval

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, Software\Microsoft\Windows\Windows Error Reporting\Debug

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\KxEScanSystem\ksecore.config.top\appconfig\kse.kspfeng.ksinifile

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, ExceptionRecord

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, cfgval

C:\Windows\SysWOW64\WerFault.exe (PID: 7508)
        Access PROTECTED Program, C:\Sandbox\Gateway\Analyzer\user\current\AppData\Local\Temp\is-6AMDC.tmp\EShow_3500_2481_v1.07.tmp (PID: 8148)

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\KxEScanSystem\ksecore.config.top\appconfig\kse.kspfeng.ksbwmpath

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, cfgval

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?qk?

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, DisplayName

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, Software\Microsoft\Windows\Windows Error Reporting\Debug

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?qk?

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, StoreLocation

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, UninstallString

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, Software\Microsoft\Windows\Windows Error Reporting\Debug

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?qk?

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, StoreLocation

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, DisplayIcon

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?qk?

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, DisplayVersion

Executing -> \Device\HarddiskVolume5\Program Files (x86)\Opera\15.0.1147.130\opera_crashreporter.exe (PID: 7496)

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?qk?

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, Publisher

Terminated -> \Device\HarddiskVolume5\Program Files (x86)\Opera\launcher.exe (PID: 7456)

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?qk?

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, URLInfoAbout

Executing -> Unknown program (PID: 7580)

C:\Program Files (x86)\setups_66_29812.exe
        Write PROTECTED File, \\.\PIPE\srvsvc

Terminated -> Unknown program (PID: 7484)

Terminated -> Unknown program (PID: 7580)

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, Software\Microsoft\Windows\Windows Error Reporting\Debug

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, StoreLocation

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, Software\Microsoft\Windows\Windows Error Reporting\Debug

C:\Windows\SysWOW64\WerFault.exe
        Write Registry Key, StoreLocation

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, cfgval

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, {E44A3E87-876D-46BB-8831-836A4C74918B}

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

Executing -> Unknown program (PID: 7760)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, bksafesvc.EXE

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, AppID

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, {E44A3E87-876D-46BB-8831-836A4C74918B}

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, LocalService

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, bksafesvc.bkcomm.1

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

Executing -> Unknown program (PID: 7772)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, CLSID

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, bksafesvc.bkcomm

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, CLSID

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

Terminated -> Unknown program (PID: 7760)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, CurVer

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, {C313E554-97AB-49F9-988F-04DF64CD0451}

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, ProgID

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

Executing -> Unknown program (PID: 7964)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, VersionIndependentProgID

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, Programmable

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, LocalServer32

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, AppID

Executing -> Unknown program (PID: 7976)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, TypeLib

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

Executing -> Unknown program (PID: 7960)

Executing -> Unknown program (PID: 8064)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, cfgval

Executing -> Unknown program (PID: 7840)

Terminated -> Unknown program (PID: 7964)

Terminated -> Unknown program (PID: 7976)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\CLASSES_ROOT

Executing -> Unknown program (PID: 7792)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

Executing -> Unknown program (PID: 7812)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

Terminated -> Unknown program (PID: 7840)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

Terminated -> Unknown program (PID: 7792)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

Terminated -> Unknown program (PID: 8064)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

Terminated -> Unknown program (PID: 7812)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\CLASSES_ROOT

Terminated -> \Device\HarddiskVolume3\Sandbox\Gateway\Analyzer\drive\C\Program Files (x86)\jm.exe (PID: 7352)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\SP_ROOT\KBasicSP

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, Name

Terminated -> Unknown program (PID: 7960)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, SOFTWARE\kingsoft\KSWSVC

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, guid

Executing -> Unknown program (PID: 7660)

Terminated -> Unknown program (PID: 7772)

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\SP_ROOT\KwsCommunicateSP

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key, Name

C:\Program Files (x86)\setups_66_29812.exe
        Delete File, c:\program files (x86)\ksafe\cp\KSafeSvc.exe

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, SOFTWARE\Microsoft\Windows\CurrentVersion\Run

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, KSafeTray

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, idno

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, NoDriveTypeAutorun

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, idex

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, idno

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\setups_66_29812.exe
        Write Registry Key, idex

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\ksafevulfix.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\ksafevulfix.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\SP_ROOT\KxeVulFixEngin

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\ksafevulfix.exe
        Write Registry Key, Name

C:\Program Files (x86)\ksafe\ksetupwiz.exe
        Write Registry Key, SOFTWARE\KSafe\Coop

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\ksafevulfix.exe
        Write Registry Key, SOFTWARE\KSafe\KXEngine\SP_ROOT\CKxeVulFixCommu

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\ksafevulfix.exe
        Write Registry Key, Name

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, NoDriveTypeAutorun

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\ksafevulfix.exe
        Write Registry Key, CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\ksafevulfix.exe
        Write Registry Key, CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, NoDriveTypeAutorun

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, NoDriveTypeAutorun

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, NoDriveTypeAutorun

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeTray.exe
        Write Registry Key, NoDriveTypeAutorun

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\KSafeSvc.exe
        Write Registry Key,

C:\Program Files (x86)\ksafe\kdumprep.exe
        Write PROTECTED File, \\.\PIPE\srvsvc


Rolling back...
Analysis ended
Reason: Malware detected and rolled back

Anomalies:
        - Modifies protected resource. The executable modifies critical resources (files, processes, etc.)
回复

举报

蓝天二号
发表于 2013-7-9 20:28:36 | 显示全部楼层
wqcaokeyinwq 发表于 2013-7-9 08:59
你机器上的微点和多个主防共存。。已经凌乱了。。

什么呀,,怎么可能~~、、
回复

举报

蓝天二号
发表于 2013-7-9 20:29:12 | 显示全部楼层
夜微凉 发表于 2013-7-9 12:16
win8 64位下双击,费尔主防报毒,清除后全程回滚,隔离51个文件,查阅未发现误回滚情况,电脑未重启,沙盘全 ...

表示 我是 win7 32位
回复

举报

123
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-20 08:33 , Processed in 0.092819 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表