这个是什么病毒？

显示全部楼层 · 发表于 2008-6-1 11:03:15

Autorun.rar里的文件在C:\WINDOWS\system32下的

还有就是，C:\WINDOWS\system32下老是生成个auto.ini文件，
auto.ini里面内容是：
[AUTO]
DIR=C:\
删除auto.ini文件，重启后还是有。
在C:\WINDOWS\system32 下自己命名个auto.ini
重启后还是被替换
请解答，谢谢！

显示全部楼层 · 发表于 2008-6-1 11:06:19

这东西叫病毒，很神奇吧

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\Autorun.rar'
C:\Documents and Settings\morgan\My Documents\
  Autorun.rar
[0] Archive type: RAR
--> Autorun.exe
      [DETECTION] Contains detection pattern of a probably damaged sample CC/UKMalw.LB
--> Autorun.ini
   [NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-6-1 11:10:16

运行提示不支持当前系统..

显示全部楼层 · 发表于 2008-6-1 11:15:30

楼上的用的是？？？？

0000B090 0040B090    0 Driver%d
0000B09C 0040B09C    0 Did not Support this MotherBoard
0000B0C0 0040B0C0    0 Mother Board Message
0000B0D8 0040B0D8    0 SETUP
0000B0E8 0040B0E8    0 NOVALUE
0000B0F0 0040B0F0    0 GROUP%d
0000B0F8 0040B0F8    0 This OS is not supported!!
0000B113 0040B113    0 If you have any question, please contact us!!
0000B144 0040B144    0 Information
0000B154 0040B154    0 BUILDNUMBER
0000B160 0040B160    0 PLATFORMID
0000B16C 0040B16C    0 MINOR
0000B174 0040B174    0 MAJOR
0000B17C 0040B17C    0 SUPPORT%d
0000B188 0040B188    0 SUPPORT
0000B190 0040B190    0 ENGLISH
0000B198 0040B198    0 SETUPFILE
0000B1A4 0040B1A4    0 SETUPKEY
0000B1B0 0040B1B0    0 LANGUAGE%d
0000B1BC 0040B1BC    0 EXTDATADEBUGSTRING%d
0000B1D4 0040B1D4    0 STRING%d
0000B1E0 0040B1E0    0 AVIFRAMEY
0000B1EC 0040B1EC    0 AVIFRAMEX
0000B1F8 0040B1F8    0 ENDAVI
0000B200 0040B200    0 BEGINAVI
0000B20C 0040B20C    0 DEFAULT
0000B214 0040B214    0 LANGUAGE
0000B220 0040B220    0 SETUPNO
0000B228 0040B228    0 EXTDATADEBUGMODE
0000B23C 0040B23C    0 DEBUGVERSION
0000B24C 0040B24C    0 DEBUGMODE
0000B258 0040B258    0 ENDBMP
0000B260 0040B260    0 BEGINBMP
0000B26C 0040B26C    0 BACKGROUND
0000B278 0040B278    0 ENDBMP16
0000B284 0040B284    0 BEGINBMP16
0000B290 0040B290    0 BACKGROUND16
0000B2A0 0040B2A0    0 LOADICON
0000B2AC 0040B2AC    0 CAPTION
0000B2B4 0040B2B4    0 GROUPNO
0000B2BC 0040B2BC    0 SETUPSIZE
0000B2C8 0040B2C8    0 SETUPSCRIPT
0000B2D4 0040B2D4    0 SETUPKIND
0000B2E0 0040B2E0    0 IMGPOSTY
0000B2EC 0040B2EC    0 IMGPOSTX
0000B2F8 0040B2F8    0 RUNSIZE
0000B300 0040B300    0 ACTION
0000B308 0040B308    0 ARGUMENTS
0000B314 0040B314    0 STARTROOT
0000B320 0040B320    0 BUTTONFTEXTCOLOR16
0000B334 0040B334    0 BUTTONUTEXTCOLOR16
0000B348 0040B348    0 BUTTONFTEXTCOLOR
0000B35C 0040B35C    0 BUTTONUTEXTCOLOR
0000B370 0040B370    0 BUTTONFTEXT
0000B37C 0040B37C    0 BUTTONUTEXT
0000B388 0040B388    0 BUTTONF16
0000B394 0040B394    0 BUTTONU16
0000B3A0 0040B3A0    0 BUTTONF
0000B3A8 0040B3A8    0 BUTTONU
0000B3B0 0040B3B0    0 0 0 0
0000B3B8 0040B3B8    0 INSTALLTEXTCOLOR
0000B3CC 0040B3CC    0 INSTALLTEXT
0000B3D8 0040B3D8    0 INSTALLMASK
0000B3E4 0040B3E4    0 INSTALLB
0000B3F4 0040B3F4    0 ,ACTION
0000B3FC 0040B3FC    0 CHECK
0000B404 0040B404    0 DRIVERNAME%s
0000B414 0040B414    0 INSTALL
0000B41C 0040B41C    0 OSSUPPORT
0000B428 0040B428    0 SCRIPT
0000B430 0040B430    0 system\currentcontrolset\services\MapMem
0000B488 0040B488    0 Bits Per Pixel : %d
0000B49C 0040B49C    0 UNKNOWN ACTION!
0000B4AC 0040B4AC    0 Error
0000B4C8 0040B4C8    0 PRINT:
0000B4D4 0040B4D4    0 %d %d %d
0000B4E0 0040B4E0    0 System
0000B4E8 0040B4E8    0 Wrong OS
0000B4FC 0040B4FC    0 STRING
0000B50C 0040B50C    0 Software\Microsoft\Windows\CurrentVersion\Run
0000B53C 0040B53C    0 DIGIT
0000B544 0040B544    0 NUMBER
0000B54C 0040B54C    0 COUNT
0000B558 0040B558    0 CHECKFILE%d
0000B564 0040B564    0 NEXT1
0000B580 0040B580    0 "PATH%d"
0000B58C 0040B58C    0 PATH%d
0000B594 0040B594    0 Are you sure you want to cancel it?
0000B5B8 0040B5B8    0 Warning
0000B5C0 0040B5C0    0 NAME%d
0000B5C8 0040B5C8    0 patch.ini
0000B5D4 0040B5D4    0 After you choose the driver(s) you want and press "OK", it will show device drivers to be installed in sequence.
0000B648 0040B648    0 Soltek
0000B650 0040B650    0 \autorun.exe
0000B660 0040B660    0 \Autorun.ini
0000B670 0040B670    0 \En.ini

显示全部楼层 · 发表于 2008-6-1 11:18:10

c32asm 静态的遇到加了壳的就傻眼了

显示全部楼层 · 发表于 2008-6-1 11:38:21

微点被过了

显示全部楼层 · 发表于 2008-6-1 11:41:24

2008-6-1 11:41:35 内核文件 'C:\Documents and Settings\Administrator\桌面\Autorun.rar' 已发送到 ESET 进行分析。

显示全部楼层 · 发表于 2008-6-1 12:02:21

TO KL

显示全部楼层 · 发表于 2008-6-1 12:13:04

显示全部楼层 · 发表于 2008-6-1 12:18:57

太高深了，不懂

[病毒样本] 这个是什么病毒？

本帖子中包含更多资源

评分

本帖子中包含更多资源

回复 4楼 kiki 的帖子

本帖子中包含更多资源