小耗子

显示全部楼层 · 发表于 2008-2-23 01:50:51

FS结果: 找到 1 恶意软件
Trojan-Downloader.Win32.Losabel.by (病毒)
D:\Virus\Test\MOUSIE.EXE 操作: 删除

显示全部楼层 · 发表于 2008-2-23 08:07:02

Contains suspicious code HEUR/Crypted

显示全部楼层 · 发表于 2008-2-23 09:04:59

本身就是病毒

00008664 00409464    0 mmmm d, yyyy
000086AC 004094AC    0 AMPM
000086BC 004094BC    0 AMPM
000086D8 004094D8    0 :mm:ss
000086E6 004094E6    0 TUnitHashArray
00008705 00409505    0 SysUtils
00008716 00409516    0 TModuleInfo
000088D8 004096D8    0 kernel32.dll
000088E8 004096E8    0 GetDiskFreeSpaceExA
00008EC0 00409CC0    0 explorer.exe
00008F1B 00409D1B    0 QSVW3
00008F49 00409D49    0 hXMVu
0000910C 00409F0C    0 shell32.dll
00009118 00409F18    0 ShellExecuteA
0000913C 00409F3C    0 06011F1E1C1D5D171F1F
0000915C 00409F5C    0 26213F371C041D1F1C1217271C351A1F1632
00009238 0040A038    0 SQTj
00009270 0040A070    0 SeDebugPrivilege
0000929C 0040A09C    0 http://www.baidu.com/List.txt
000094B8 0040A2B8    0 360tray.exe
000094CC 0040A2CC    0 360safe.exe
000094E0 0040A2E0    0 avp.exe
000097DC 0040A5DC    0 avp.exe
000097EC 0040A5EC    0 594545410B1E1E4646461F53505855441F525E5C1E56561F544954
0000982C 0040A62C    0 594545410B1E1E4646461F40401C425A481F5F54451E455B1E455B1F504241
0000990C 0040A70C    0 Phx9A
00009B30 0040A930    0 C:\Documents and Settings\
00009BDC 0040A9DC    0 Software\Microsoft\Windows\CurrentVersion\policies
00009C10 0040AA10    0 explorer
00009C20 0040AA20    0 Mousie
00009CF0 0040AAF0    0 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
00009D3C 0040AB3C    0 Debugger
0000A244 0040B044    0 360rpt.exe
0000A258 0040B058    0 360Safe.exe
0000A26C 0040B06C    0 360tray.exe
0000A280 0040B080    0 adam.exe
0000A294 0040B094    0 AgentSvr.exe
0000A2AC 0040B0AC    0 AppSvc32.exe
0000A2C4 0040B0C4    0 autoruns.exe
0000A2DC 0040B0DC    0 avgrssvc.exe
0000A2F4 0040B0F4    0 AvMonitor.exe
0000A30C 0040B10C    0 avp.com
0000A31C 0040B11C    0 avp.exe
0000A32C 0040B12C    0 CCenter.exe
0000A340 0040B140    0 ccSvcHst.exe
0000A358 0040B158    0 FileDsty.exe
0000A370 0040B170    0 FTCleanerShell.exe
0000A38C 0040B18C    0 HijackThis.exe
0000A3A4 0040B1A4    0 IceSword.exe
0000A3BC 0040B1BC    0 iparmo.exe
0000A3D0 0040B1D0    0 Iparmor.exe
0000A3E4 0040B1E4    0 isPwdSvc.exe
0000A3FC 0040B1FC    0 kabaload.exe
0000A414 0040B214    0 KaScrScn.SCR
0000A42C 0040B22C    0 KASMain.exe
0000A440 0040B240    0 KASTask.exe
0000A454 0040B254    0 KAV32.exe
0000A468 0040B268    0 KAVDX.exe
0000A47C 0040B27C    0 KAVPFW.exe
0000A490 0040B290    0 KAVSetup.exe
0000A4A8 0040B2A8    0 KAVStart.exe
0000A4C0 0040B2C0    0 KISLnchr.exe
0000A4D8 0040B2D8    0 KMailMon.exe
0000A4F0 0040B2F0    0 KMFilter.exe
0000A508 0040B308    0 KPFW32.exe
0000A51C 0040B31C    0 KPFW32X.exe
0000A530 0040B330    0 KPFWSvc.exe
0000A544 0040B344    0 KRegEx.exe
0000A558 0040B358    0 KRepair.COM
0000A56C 0040B36C    0 KsLoader.exe
0000A584 0040B384    0 KVCenter.kxp
0000A59C 0040B39C    0 KvDetect.exe
0000A5B4 0040B3B4    0 KvfwMcl.exe
0000A5C8 0040B3C8    0 KVMonXP.kxp
0000A5DC 0040B3DC    0 KVMonXP_1.kxp
0000A5F4 0040B3F4    0 kvol.exe
0000A608 0040B408    0 kvolself.exe
0000A620 0040B420    0 KvReport.kxp
0000A638 0040B438    0 KVSrvXP.exe
0000A64C 0040B44C    0 KVStub.kxp
0000A660 0040B460    0 kvupload.exe
0000A678 0040B478    0 kvwsc.exe
0000A68C 0040B48C    0 KvXP.kxp
0000A6A0 0040B4A0    0 KWatch.exe
0000A6B4 0040B4B4    0 KWatch9x.exe
0000A6CC 0040B4CC    0 KWatchX.exe
0000A6E0 0040B4E0    0 loaddll.exe
0000A6F4 0040B4F4    0 MagicSet.exe
0000A70C 0040B50C    0 mcconsol.exe
0000A724 0040B524    0 mmqczj.exe
0000A738 0040B538    0 mmsk.exe
0000A74C 0040B54C    0 NAVSetup.exe
0000A764 0040B564    0 nod32krn.exe
0000A77C 0040B57C    0 nod32kui.exe
0000A794 0040B594    0 PFW.exe
0000A7A4 0040B5A4    0 PFWLiveUpdate.exe
0000A7C0 0040B5C0    0 QHSET.exe
0000A7D4 0040B5D4    0 Ras.exe
0000A7E4 0040B5E4    0 Rav.exe
0000A7F4 0040B5F4    0 RavMon.exe
0000A808 0040B608    0 RavMonD.exe
0000A81C 0040B61C    0 RavStub.exe
0000A830 0040B630    0 RavTask.exe
0000A844 0040B644    0 RegClean.exe
0000A85C 0040B65C    0 rfwcfg.exe
0000A870 0040B670    0 RfwMain.exe
0000A884 0040B684    0 rfwProxy.exe
0000A89C 0040B69C    0 rfwsrv.exe
0000A8B0 0040B6B0    0 RsAgent.exe
0000A8C4 0040B6C4    0 Rsaupd.exe
0000A8D8 0040B6D8    0 runiep.exe
0000A8EC 0040B6EC    0 safelive.exe
0000A904 0040B704    0 scan32.exe
0000A918 0040B718    0 shcfg32.exe
0000A92C 0040B72C    0 SmartUp.exe
0000A940 0040B740    0 SREng.exe
0000A954 0040B754    0 symlcsvc.exe
0000A96C 0040B76C    0 SysSafe.exe
0000A980 0040B780    0 TrojanDetector.exe
0000A99C 0040B79C    0 Trojanwall.exe
0000A9B4 0040B7B4    0 TrojDie.kxp
0000A9C8 0040B7C8    0 UIHost.exe
0000A9DC 0040B7DC    0 UmxAgent.exe
0000A9F4 0040B7F4    0 UmxAttachment.exe
0000AA10 0040B810    0 UmxCfg.exe
0000AA24 0040B824    0 UmxFwHlp.exe
0000AA3C 0040B83C    0 UmxPol.exe
0000AA50 0040B850    0 UpLive.EXE
0000AA64 0040B864    0 WoptiClean.exe
0000AA7C 0040B87C    0 zxsweep.exe
0000AA90 0040B890    0 sos.exe
0000AAA0 0040B8A0    0 auto.exe
0000AAB4 0040B8B4    0 UFO.exe
0000AAC4 0040B8C4    0 AutoRun.exe
0000AAD8 0040B8D8    0 XP.exe
0000AAE8 0040B8E8    0 taskmgr.exe
0000AAFC 0040B8FC    0 guangd.exe
0000AB10 0040B910    0 appdllman.exe
0000AB28 0040B928    0 kernelwind32.exe
0000AB44 0040B944    0 logogo.exe
0000AB58 0040B958    0 TNT.Exe
0000AB68 0040B968    0 SDGames.exe
0000AB7C 0040B97C    0 TxoMoU.Exe
0000AB90 0040B990    0 cross.exe
0000ABA4 0040B9A4    0 regedit.Exe
0000ABB8 0040B9B8    0 regedit32.Exe
0000ABD0 0040B9D0    0 Wsyscheck.exe
0000ABE8 0040B9E8    0 servet.exe
0000ABFC 0040B9FC    0 Discovery.exe
0000B0D0 0040BED0    0 FireWall
0000B0E4 0040BEE4    0 Virus
0000B118 0040BF18    0 NOD32
0000B168 0040BF68    0 Sniffer

[病毒样本] 小耗子

浏览过的版块