鸽子

显示全部楼层 · 发表于 2008-6-24 22:04:56

Win32:Delf-HME [Trj]

显示全部楼层 · 发表于 2008-6-24 22:13:24

灭

2008-6-24 JAY22:08:13 Win32 Cabinet Self-Extractor  Process exit C:\Documents and Settings\Owner\桌面\Chinese Simplifiedlang.exe
2008-6-24 JAY22:08:13 Win32 Cabinet Self-Extractor Denied: KLSystemData/KLStartupRegKeys/Main_Run Delete hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
2008-6-24 JAY22:08:13 Win32 Cabinet Self-Extractor Denied: KLSystemData/FD-C/ Delete C:\Documents and Settings\Owner\Local Settings\Temp\IXP000.TMP
2008-6-24 JAY22:08:13 Win32 Cabinet Self-Extractor Denied: KLSystemData/FD-C/ Delete C:\Documents and Settings\Owner\Local Settings\Temp\IXP000.TMP\100.exe
2008-6-24 JAY22:08:13 Win32 Cabinet Self-Extractor Denied: KLSystemData/FD-C/ Delete C:\Documents and Settings\Owner\Local Settings\Temp\IXP000.TMP\100.exe
2008-6-24 JAY22:07:57 Win32 Cabinet Self-Extractor Denied: KLSystemData/KLStartupRegKeys/Main_Run Modification hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
2008-6-24 JAY22:07:57 Win32 Cabinet Self-Extractor  Create C:\Documents and Settings\Owner\Local Settings\Temp\IXP000.TMP\100.exe
2008-6-24 JAY22:07:57 Win32 Cabinet Self-Extractor : KLSystemData/FD-C/ Create C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\100.exe
2008-6-24 JAY22:07:57 Win32 Cabinet Self-Extractor : KLSystemData/FD-C/ Create C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\TMP4351$.TMP
2008-6-24 JAY22:07:57 Win32 Cabinet Self-Extractor  Process start C:\Documents and Settings\Owner\桌面\Chinese Simplifiedlang.exe
2008-6-24 JAY22:07:57 Win32 Cabinet Self-Extractor  Placed in group Low Restricted
2008-6-24 JAY22:07:51 Windows Explorer  Rename C:\Documents and Settings\Owner\桌面\Chinese Simplifiedlang.exe
2008-6-24 JAY22:07:51 Windows Explorer  Create C:\Documents and Settings\Owner\桌面\Chinese Simplifiedlang.exe

2008-6-24 JAY22:08:13 100.exe  Process exit C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\100.exe
2008-6-24 JAY22:08:13 100.exe Denied: KLSystemData/KLStartupRegKeys/Main_Run Delete hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
2008-6-24 JAY22:08:13 100.exe Denied: KLSystemData/FD-C/ Delete C:\Documents and Settings\Owner\Local Settings\Temp\IXP001.TMP
2008-6-24 JAY22:08:13 100.exe Denied: KLSystemData/FD-C/ Delete C:\Documents and Settings\Owner\Local Settings\Temp\IXP001.TMP\4.exe
2008-6-24 JAY22:08:13 100.exe Denied: KLSystemData/FD-C/ Delete C:\Documents and Settings\Owner\Local Settings\Temp\IXP001.TMP\4.exe
2008-6-24 JAY22:08:00 100.exe Denied: KLSystemData/KLStartupRegKeys/Main_Run Modification hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
2008-6-24 JAY22:08:00 100.exe  Create C:\Documents and Settings\Owner\Local Settings\Temp\IXP001.TMP\4.exe
2008-6-24 JAY22:08:00 100.exe : KLSystemData/FD-C/ Create C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP001.TMP\4.exe
2008-6-24 JAY22:07:59 100.exe : KLSystemData/FD-C/ Create C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP001.TMP\TMP4351$.TMP
2008-6-24 JAY22:07:59 100.exe  Process start C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\100.exe
2008-6-24 JAY22:07:59 100.exe  Placed in group Low Restricted

[ 本帖最后由 wangjay1980 于 2008-6-24 22:34 编辑 ]

显示全部楼层 · 发表于 2008-6-24 22:25:15

RS20.50.10未杀！

显示全部楼层 · 发表于 2008-6-24 22:39:33

卡巴7.0没反映

显示全部楼层 · 发表于 2008-6-24 22:42:04

Tr/Dropper.Gen

显示全部楼层 · 发表于 2008-6-25 00:29:14

--> Chinese Simplified.lang.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was successfully wiped!

显示全部楼层 · 发表于 2008-6-25 00:32:12

显示全部楼层 · 发表于 2008-6-25 12:12:48

2008-06-25 12:04:18 文件保护(创建文件)    操作:使用隔离区操作
进程路径:D:\桌面\virus\Chinese Simplified.lang\4.exe
文件路径:C:\WINDOWS\system32\servicne.exe

2008-06-25 12:04:18 文件保护(修改文件)    操作:使用隔离区操作
进程路径:D:\桌面\virus\Chinese Simplified.lang\4.exe
文件路径:(隐藏文件)C:\EQSandBox\C\WINDOWS\system32\servicne.exe

2008-06-25 12:04:19 应用程序保护(访问服务管理器)    操作:使用隔离区操作
进程路径:D:\桌面\virus\Chinese Simplified.lang\4.exe

提出真毒

显示全部楼层 · 发表于 2008-6-25 12:19:06

F:\Chinese_Simplified.lang.rar>>Chinese Simplified.lang.exe TrojanDropper.Gen.jpam.arc 木马

[病毒样本] 鸽子

本帖子中包含更多资源

本帖子中包含更多资源

5/0

本帖子中包含更多资源