苏拉克病毒样本

显示全部楼层 · 发表于 2016-2-21 10:44:05

BD入库

显示全部楼层 · 发表于 2016-2-21 11:34:40

AVG：

扫描：killed；

"";"Trojan horse Patched3_c.CMZS, c:\Users\killer\Desktop\OEM10.exe";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/21, 11:29:49"

双击：关闭监控，实机双击，IDP击杀之。（这哪像一个激活工具该做的事啊。。。。。。）

"";"IDP.Program.D1B0A5C0, C:\Users\killer\Desktop\新建文件夹\OEM10.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/21, 11:30:44"

"";", C:\Users\killer\Desktop\新建文件夹\OEM10.exe";"Object was blocked";"Process";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\START PAGE";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Local Page";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Play_Animations";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\StatusBarOther";"Healed";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Window_Placement";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\XMLHTTP";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Do404Search";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\NoUpdateCheck";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\RunOnceComplete";"Healed";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\UseClearType";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Enable Browser Extensions";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Show_FullURL";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\SearchMigrated";"Healed";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Disable Script Debugger";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Play_Background_Sounds";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Show_StatusBar";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\CompatibilityFlags";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Display Inline Images";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Use_DlgBox_Colors";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Cache_Update_Frequency";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\RunOnceHasShown";"Healed";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Save_Session_History_On_Exit";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Show_URLinStatusBar";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Show_ToolBar";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\FullScreen";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\StartPageCache";"Healed";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Anchor Underline";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Show_URLToolBar";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Search Page";"Healed, Moved to Virus Vault";"Registry value";"2016/2/21, 11:30:44"

显示全部楼层 · 发表于 2016-2-21 12:26:54

类型：
木马程序(Trojan.Generic)

描述：
木马通常利用系统的漏洞，绕过系统防御，达到：盗取账号、窃取资料、篡改文件、破坏数据的目的。
经过360安全中心检验，此文件是木马，建议您立即处理。

扫描引擎：
360云查杀引擎

文件指纹(MD5)：
9204fade0448dfb3d010f292e4542b0d

显示全部楼层 · 发表于 2016-2-21 12:43:40

icedream89 发表于 2016-2-21 10:09
我还是觉得NO，只是添加修改主页添加任务计划。
也许这个样本不是······

然而他没有激活的作用，这些东西可以判断为一个病毒了

你要坚持不是就不是吧

显示全部楼层 · 发表于 2016-2-21 12:46:51

显示全部楼层 · 发表于 2016-2-21 12:47:09

windows7爱好者发表于 2016-2-21 12:43
然而他没有激活的作用，这些东西可以判断为一个病毒了
你要坚持不是就不是吧

- -行为很脏，不做自己该做的事。。。。好吧应该这么看是的

显示全部楼层 · 发表于 2016-2-22 14:11:06

激活工具必须加计划任务的，kms激活180后会过期的

[病毒样本] 苏拉克病毒样本

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块