收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 一个比较强的病毒
123下一页
返回列表 发新帖
楼主: newcenturysun
 收起左侧

[病毒样本] 一个比较强的病毒

[复制链接]
wangjay1980
发表于 2008-3-8 12:19:11 | 显示全部楼层
Hello,

bsmain.exed - Virus.Win32.VB.jw

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Denis Maslennikov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.



> Attachment: bsmain.rar
回复

举报

303898443
发表于 2008-3-8 12:25:59 | 显示全部楼层
卡巴278无反应。
回复

举报

秋叶濛濛
发表于 2008-3-8 12:38:31 | 显示全部楼层
File ID  Filename  Size (Byte) Result
3786098  bsmain.exe  128 KB  UNDER ANALYSIS


Please find a detailed report concerning each individual sample below:

Filename Result
bsmain.exe  UNDER ANALYSIS

The file 'bsmain.exe' has been determined to be 'UNDER ANALYSIS'.
回复

举报

Palkia
发表于 2008-3-8 13:05:00 | 显示全部楼层

费尔已经可以杀了~

C:\Documents and Settings\Administrator\桌面\bsmain.rar>>bsmain.exe        Worm.VB.zbm.kgmh        病毒        还未处理
回复

举报

微点卫士
发表于 2008-3-8 13:12:15 | 显示全部楼层
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\BSMAIN.EXE
是否删除木马程序及其衍生物?

居然伪装成瑞星图标
回复

举报

醉一生爱妍
发表于 2008-3-8 14:30:31 | 显示全部楼层
2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:55    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*

2008-03-08 14:27:56    创建注册表值      操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\bsmain.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ceSword.exe
注册表名称:[Key]
触发规则:高优先规则->受保护的注册表->*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options*


。。。=就不列举太多了
回复

举报

sanhu35
发表于 2008-3-8 14:35:14 | 显示全部楼层
红伞也没报
回复

举报

冷冷
发表于 2008-3-8 14:39:15 | 显示全部楼层
这个毒简直是一个噩梦
回复

举报

醉一生爱妍
发表于 2008-3-8 14:41:22 | 显示全部楼层

回复 18楼 冷冷 的帖子

没有磁碟机那样的恶梦..
回复

举报

sanshui-1
发表于 2008-3-8 15:13:35 | 显示全部楼层
McAfee 2008过,没检测到任何东西。
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-7-14 09:39 , Processed in 0.111643 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表