HoopChina也有马了?

gomu887

www.hoopchina.com
大家帮着看看，同学的小红伞叫了，不会又是误报吧？

冷冷

可疑

1. 
   
2. http://ad.shitip.com/file/da.js
   
3. http://ad.shitip.com/file/ad.js
   
4. http://ww.shitip.com/file/logo.htm
   
5. http://ww.shitip.com/file/xunlei.htm
   
6. http://ww.shitip.com/file/bf.htm
   
7. http://ww.shitip.com/file/pps.htm
   
8. http://ww.shitip.com/file/sdr.htm
   
9. http://ww.shitip.com/file/images/logo.jpg
   
10. 
    
11. 
    

复制代码

[ 本帖最后由 冷冷 于 2008-5-8 18:18 编辑 ]

Starting the file scan:

Begin scan in 'E:\AV\logo.rar'
E:\AV\logo.rar
  [0] Archive type: RAR
  --> logo.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      The file was deleted!

Palkia

kv 0

SIGKILL

天天上，avira未报。

tanlimo

浪费表情，全部都是http://ww.shitip.com/file/images/logo.jpg

很狡猾啊，发现情况不对，扔了三个垃圾后就自动退出了。
\WINDOWS\system32\MayaBaby\MayaBabyDll.dat
\WINDOWS\system32\MayaBabyMain.exe
\WINDOWS\system32\MayaBabySYS.dat


Attempt to attach to the thread input of the C:\WINDOWS\System32\CSRSS.EXE
Attempt to detach from the thread input of the C:\WINDOWS\System32\CSRSS.EXE

Attempt to open process C:\WINDOWS\System32\ALG.EXE
Attempt to open process C:\WINDOWS\System32\CTFMON.EXE
Attempt to open process C:\WINDOWS\System32\SPOOLSV.EXE
Attempt to open process C:\WINDOWS\System32\SERVICES.EXE
Attempt to open process C:\Program Files\DefenseWall\defensewall.exe
Attempt to open process C:\Program Files\DefenseWall\defensewall.exe
Attempt to attach to the thread input of the C:\WINDOWS\System32\CSRSS.EXE
...............

[ 本帖最后由 tanlimo 于 2008-5-8 18:49 编辑 ]

BING126

McAfee        New Malware.aj

a256886572008

2008-05-08 19:44:23        应用程序保护(访问服务管理器)     操作:使用隔离区操作
进程路径:D:\logo.exe

a256886572008

你用哪款 HIPS 或 沙盤，怎麼 沒監控到  訪問SCM  呢？

SIGKILL

现在报了。。。