脑残星磁碟机 3代.... 感染EXE

挪威的冬天

都加了点什么进去呀...

Nblock

过不了微点

qianwenxiang

[病毒自己]+["OpenYourSoul"]+[病毒自己]+...(重复5次)+[IE]+["OpenYourSoul"]+[记事本还是什么]+["OpenYourSoul"]+................+[正常文件]

loveyuwei

KIS2009 Miss.

testhawk

被感染后有没有修复工具????不小心运行了.........
[:08:]

[ 本帖最后由 testhawk 于 2008-6-9 14:12 编辑 ]

没有
等待qianwenxiang中

qwerasdf123

TF拦了

fcerebel

小伞不报，不敢用antibot测试，上传Threat expert，报毒

    * The following files were created in the system:

#        Filename(s)        File Size        File MD5
1         c:\autorun.inf         26 bytes         0x36812730603173B6EBE5CF22938E3E92
2         c:\cf.exe
%Windir%\CCTV.exe
[file and pathname of the sample #1]         102,400 bytes         0xD11B7943A70FC469A53B18C130CE6B55
3         %Temp%\[filename of the sample #1 without extension]kill.bat         112 bytes         0xADFF02B3BC2BDA309DC93E4F11B58F0C

    * Note:
          o %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

    * The following files were modified:
          o [pathname with a string SHARE]\MSINF16H.EXE
          o [pathname with a string SHARE]\msinfo32.exe
          o [pathname with a string SHARE]\sapisvr.exe
          o %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn1.exe
          o %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn2.exe
          o %ProgramFiles%\Internet Explorer\Connection Wizard\icwrmind.exe
          o %ProgramFiles%\Internet Explorer\Connection Wizard\icwtutor.exe
          o %ProgramFiles%\Internet Explorer\Connection Wizard\inetwiz.exe
          o %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.exe
          o %ProgramFiles%\Internet Explorer\iedw.exe
          o %ProgramFiles%\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
          o %ProgramFiles%\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
          o %ProgramFiles%\MSN\MSNCoreFiles\Install\msnsusii.exe
          o %ProgramFiles%\MSN\MSNIA\msniasvc.exe
          o %ProgramFiles%\MSN\MSNIA\prestp.exe
          o %ProgramFiles%\MSN\MsnInstaller\msninst.exe
          o %ProgramFiles%\NetMeeting\cb32.exe
          o %ProgramFiles%\NetMeeting\conf.exe
          o %ProgramFiles%\NetMeeting\wb32.exe
          o %ProgramFiles%\Outlook Express\msimn.exe
          o %ProgramFiles%\Outlook Express\oemig50.exe
          o %ProgramFiles%\Outlook Express\setup50.exe
          o %ProgramFiles%\Outlook Express\wab.exe
          o %ProgramFiles%\Outlook Express\wabmig.exe
          o %ProgramFiles%\Web Publish\WPWIZ.EXE
          o %ProgramFiles%\Windows Media Player\migrate.exe
          o %ProgramFiles%\Windows Media Player\mplayer2.exe
          o %ProgramFiles%\Windows Media Player\setup_wm.exe
          o %ProgramFiles%\Windows Media Player\wmplayer.exe
          o %ProgramFiles%\Windows NT\Accessories\wordpad.exe
          o %ProgramFiles%\Windows NT\dialer.exe
          o %ProgramFiles%\Windows NT\hypertrm.exe
          o %ProgramFiles%\Windows NT\Pinball\PINBALL.EXE

    * Notes:
          o %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.


        Memory Modifications

    * There were new processes created in the system:

Process Name        Process Filename        Main Module Size
CCTV.exe        %Windir%\cctv.exe        102,400 bytes
[filename of the sample #1]        [file and pathname of the sample #1]        102,400 bytes

spaceplane

就脑残星这几个病毒，那么多人不小心或者无意的运行，结果中了毒。

我很有意见，我觉得试毒应该有一定的引导，在置顶帖里写一下，建议使用虚拟机sandboxie等。

雨宫优子

对啊
怎么能实机试毒呢..
……………………………………………………
红伞不报，哪位去上报？我不知道上报邮箱

不过NOD32对磁碟机很有疗效..
这是不争的事实

[ 本帖最后由 aarwwefdds 于 2008-6-9 15:13 编辑 ]