DEP拦截的东西

wolffshen

FS 2008-02-01_03 飘， 上报

冷冷

IKARUS
I:\virus\test\winlogon.exe - Signature 'Trojan.Win32.Pakes.cbc' found

        1 File scanned
          (0 Archives with 0 files)
        1 Signature found
        0 Suspect code-parts found
        Used time: 0:00.000

冷冷

SBie跑了下


下载者行为：


[ 本帖最后由 冷_冷 于 2008-2-1 23:00 编辑 ]

Graybird

Starting the file scan:

Begin scan in 'E:\DefLib.rar'
E:\DefLib.rar
  [0] Archive type: RAR
  --> DefLib.sys
      [DETECTION] Is the Trojan horse TR/Agent.asu.1
      [INFO]      The file was deleted!

挪威的冬天

信息        2008-02-01  23:00:41        您此次查毒共查出1个病毒以及危险代码                       
信息        2008-02-01  23:00:41        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件2个                       
信息        2008-02-01  23:00:41        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-02-01  23:00:41        C:\Users\挪威的冬天\Desktop\DefLib.rar\DefLib.sys        Win32.Troj.Agent.7923        跳过，未处理

Oceanzd

1. 2008.02.01 11:00:23 winlogon.exe REDIRECT access to HKU\S-1-5-21-2052111302-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Desktop\host (Registry)
   
2. 2008.02.01 11:00:23 winlogon.exe REDIRECT access to HKU\S-1-5-21-2052111302-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Security\host (Registry)
   
3. 2008.02.01 11:00:29 winlogon.exe REDIRECT access to HKU\S-1-5-21-2052111302-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\Firewall auto setup (Registry)
   
4. 2008.02.01 11:00:32 winlogon.exe READONLY access to HKLM\SYSTEM\ControlSet003\Services\SysLibrary (Registry)
   
5. 2008.02.01 11:00:34 winlogon.exe DENY access to C:\WINDOWS\system32\DefLib.sys (File)
   
6. 2008.02.01 11:00:34 winlogon.exe REDIRECT access to HKU\S-1-5-21-2052111302-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Desktop\host (Registry)
   
7. 2008.02.01 11:00:34 winlogon.exe REDIRECT access to HKU\S-1-5-21-2052111302-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Security\host (Registry)
   
8. 2008.02.01 11:00:34 winlogon.exe REDIRECT access to C:\WINDOWS\system32\drivers\etc\hosts (File)
   
9. 2008.02.01 11:00:34 winlogon.exe REDIRECT access to HKU\S-1-5-21-2052111302-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Desktop\id (Registry)
   
10. 2008.02.01 11:00:37 winlogon.exe REDIRECT access to HKU\S-1-5-21-2052111302-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\Firewall auto setup (Registry)
    
11. 2008.02.01 11:00:42 winlogon.exe REDIRECT access to HKU\S-1-5-21-2052111302-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Desktop\host (Registry)
    
12. 2008.02.01 11:00:42 winlogon.exe REDIRECT access to HKU\S-1-5-21-2052111302-688789844-725345543-1003\Software\Microsoft\Internet Explorer\Security\host (Registry)

复制代码

醉一生爱妍

金山的主防？？

连鸽子都防不了= =

solcroft

原帖由 garyyan456 于 2008-2-2 00:36 发表
金山的主防？？

连鸽子都防不了= =

完全搞不懂金山的主防是怎么回事
莫名其妙
有谁知道的说说一下 

醉一生爱妍

费尔动态砍 - -

醉一生爱妍

原帖由 solcroft 于 2008-2-1 23:07 发表

完全搞不懂金山的主防是怎么回事
莫名其妙
有谁知道的说说一下

它所内置的规则=没有制定一样，你做个纯粹过金山硬盘免杀鸽子，然后开着金山的防护运行看看有没有被拦截？