自己机器上的

显示全部楼层 · 发表于 2008-7-18 16:39:25

2008.07.15 17:46:07 tempaq READONLY access to HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{06926B30-424E-4f1c-8EE3-543CD96573DC} (Registry)
2008.07.15 17:46:07 tempaq DENY access to C:\WINDOWS\system32\drivers\cmwavfypix.sys (File)
2008.07.15 17:46:09 tempaq READONLY access to HKLM\SYSTEM\ControlSet001\Services\cmwavfypix (Registry)
2008.07.15 17:46:09 tempaq DENY access to C:\WINDOWS\system32\drivers\ivcfyzpaf.sys (File)
2008.07.15 17:46:09 tempaq REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit (Registry)
2008.07.15 17:46:09 tempaq REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit (Registry)
2008.07.15 17:46:09 tempaq REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit (Registry)
2008.07.15 17:46:09 tempaq REDIRECT access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit (Registry)
2008.07.15 17:46:10 tempaq DENY access to C:\WINDOWS\system32\c0j5ja.dll (File)
2008.07.15 17:46:10 tempaq REDIRECT access to HKLM\SOFTWARE\Microsoft\IE4\Main (Registry)
2008.07.15 17:46:10 tempaq DENY C0A2 message to explorer.exe (Process)
2008.07.15 17:46:10 tempaq DENY C0A2 message to ctfmon.exe (Process)

显示全部楼层 · 发表于 2008-7-18 16:41:34

UG持续无视

显示全部楼层 · 发表于 2008-7-18 16:46:43

上报卡巴..

显示全部楼层 · 发表于 2008-7-18 16:48:03

反病毒引擎版本最後更新掃瞄結果
AhnLab-V3 2008.7.17.0 2008.07.18 -
AntiVir 7.8.0.68 2008.07.18 TR/Dropper.Gen
Authentium 5.1.0.4 2008.07.18 -
Avast 4.8.1195.0 2008.07.18 -
AVG 8.0.0.130 2008.07.17 -
BitDefender 7.2 2008.07.18 -
CAT-QuickHeal 9.50 2008.07.17 -
ClamAV 0.93.1 2008.07.18 -
DrWeb 4.44.0.09170 2008.07.18 -
eSafe 7.0.17.0 2008.07.17 Suspicious File
eTrust-Vet 31.6.5965 2008.07.18 -
Ewido 4.0 2008.07.17 -
F-Prot 4.4.4.56 2008.07.18 -
F-Secure 7.60.13501.0 2008.07.18 -
Fortinet 3.14.0.0 2008.07.18 -
GData 2.0.7306.1023 2008.07.18 -
Ikarus T3.1.1.34.0 2008.07.18 Trojan-Dropper.Farfli.C
Kaspersky 7.0.0.125 2008.07.18 -
McAfee 5341 2008.07.18 -
Microsoft 1.3704 2008.07.18 -
NOD32v2 3278 2008.07.18 -
Norman 5.80.02 2008.07.17 -
Panda 9.0.0.4 2008.07.17 -
Prevx1 V2 2008.07.18 -
Rising 20.53.41.00 2008.07.18 -
Sophos 4.31.0 2008.07.18 Mal/Horst-E
Sunbelt 3.1.1536.1 2008.07.17 -
Symantec 10 2008.07.18 -
TheHacker 6.2.96.381 2008.07.16 -
TrendMicro 8.700.0.1004 2008.07.18 -
VBA32 3.12.8.0 2008.07.17 -
VirusBuster 4.5.11.0 2008.07.17 -
Webwasher-Gateway 6.6.2 2008.07.18 Trojan.Dropper.Gen

显示全部楼层 · 发表于 2008-7-18 16:56:50

GeSWall果然是Mr Big牛X先生，防毒无形，要不是无意看见%windir%里这个文件，察看日志，还不知道病毒被无声无息防住了
就是不虚拟化文件创建有点让人不爽...

显示全部楼层 · 发表于 2008-7-18 16:56:57

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: http://bbs.kafan.cn/attachment.p ... f3&t=1216371402
Information: Is the TR/Dropper.Gen Trojan

Generated by AntiVir WebGuard 8.0.15.0, AVE 8.1.1.9, VDF 7.0.5.137

显示全部楼层 · 发表于 2008-7-18 19:18:22

2008-7-18 JAY19:15:39 tempaq.exe Placed in group Low Restricted
2008-7-18 JAY19:15:39 tempaq.exe Process start C:\DOCUMENTS AND SETTINGS\OWNER\桌面\tempaq.exe
2008-7-18 JAY19:15:39 tempaq.exe Process exit C:\DOCUMENTS AND SETTINGS\OWNER\桌面\tempaq.exe

显示全部楼层 · 发表于 2008-7-18 20:03:27

"不虚拟文件创建" 是不是直接 deny 而不重定向?

显示全部楼层 · 发表于 2008-7-18 20:05:14

被红伞秒杀！！

显示全部楼层 · 发表于 2008-7-18 20:07:00

McAfee miss

[病毒样本] 自己机器上的

本帖子中包含更多资源

回复 5楼 solcroft 的帖子