黑色幽灵远控木马+活捉原凶文件

zhangcobi

黑色幽灵远控木马+活捉原凶文件
运行病毒程序后，会在进程中出现一个winlogo.exe进程，同时会进入注册表自动启动项。并在C:\windows\system32\产生三个exe文件。       附档如果有要密码为： cobi

woai_jolin

Scan Log
Version of virus signature database: 3303 (20080728)
Date: 2008-7-29  Time: 10:06:33
Scanned disks, folders and files: G:\v\黑色幽灵远控木马winlogon.exe
G:\v\黑色幽灵远控木马winlogon.exe - probably unknown NewHeur_PE virus [7]
Number of scanned objects: 1
Number of threats found: 1
Number of cleaned objects: 0
Time of completion: 10:06:34  Total scanning time: 1 sec (00:00:01)

Notes:
[7] Object is probably infected with an unknown virus.

woai_jolin

Scan Log
Version of virus signature database: 3303 (20080728)
Date: 2008-7-29  Time: 10:11:00
Scanned disks, folders and files: G:\v\agentsvr.exe;G:\v\upgrdhlp.exe;G:\v\winlogon.exe;G:\v\PINTLGRB.EXE;G:\v\黑色幽灵远控木马winlogon.exe;G:\v\kernet32.EXE;G:\v\chkfat32.EXE;G:\v\sovles.exe
G:\v\agentsvr.exe - probably unknown NewHeur_PE virus [7] - deleted - quarantined
G:\v\upgrdhlp.exe - is OK
G:\v\winlogon.exe - probably unknown NewHeur_PE virus [7] - deleted - quarantined
G:\v\PINTLGRB.EXE - probably unknown NewHeur_PE virus [7] - deleted - quarantined
G:\v\黑色幽灵远控木马winlogon.exe - probably unknown NewHeur_PE virus [7] - deleted - quarantined
G:\v\kernet32.EXE - probably unknown NewHeur_PE virus [7] - deleted - quarantined
G:\v\chkfat32.EXE - probably unknown NewHeur_PE virus [7] - deleted - quarantined
G:\v\sovles.exe - probably unknown NewHeur_PE virus [7] - deleted - quarantined
Number of scanned objects: 8
Number of threats found: 7
Number of cleaned objects: 7
Time of completion: 10:11:02  Total scanning time: 2 sec (00:00:02)

Notes:
[7] Object is probably infected with an unknown virus.

kkgh

费尔  Keylog.gen.tlyw

hj5abc

应该都是一样的.

TR/Crypt.FKM.Gen

雨宫优子

微点砍掉
红伞：
C:\Documents and Settings\***.18F12FE200FB45E\桌面\Anti-Virus lab\Run virus lab\黑色幽灵远控木马winlogon.exe
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE]      The file was moved to 'a70c1a59.qua'!


End of the scan: 2008年7月29日  12:09
Used time: 00:07 Minute(s)

The scan has been done completely.

      0 Scanning directories
      1 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      0 Archives were scanned
      0 Warnings
      1 Notes

wangjay1980

TO KL

[ 本帖最后由 wangjay1980 于 2008-7-29 12:16 编辑 ]

barbara

柳残阳

我的卡巴直接通过，哭！！！！

6677

Suspicious program detected               Protection against unknown...   2008-7-29 3:53:24 PM  Closed                File: C:\DOCUMENTS AND SETTINGS\M6TTL\桌面\黑色幽灵远控木马\黑色幽灵远控木马WINLOGON.EXE

[ 本帖最后由 6677 于 2008-7-29 15:55 编辑 ]