PpDowN.exe

显示全部楼层 · 发表于 2008-8-9 04:10:30

没见过这么无耻的流氓

显示全部楼层 · 发表于 2008-8-9 07:45:10

2008/8/9 7:43:12 Detected: Heur.Downloader C:\Users\Niya\Downloads\PpDowN\PpDowN.exe/stream/data0002/uu.exe

显示全部楼层 · 发表于 2008-8-9 07:59:51

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}]
"CLSID"="{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
"Default Visible"="Yes"
"ButtonText"="66免费电影-6d6d.net"
"Exec"="http://www.6d6d.net"
"HotIcon"="%windir%\\system32\\66.ICO"
"Icon"="%windir%\\system32\\66.ICO"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://www.6d6d.net"
"Use_DlgBox_Colors"="yes"
"Search Page"="http://www.6d6d.net"
"FullScreen"="no"
"Enable AutoImageResize"="yes"
"CNSMenu"=dword:de809d5c
"CNSHint"=dword:00000001
"CNSReset"=dword:de809d5c
"CNSEnable"=dword:00000001
"CNSList"=dword:00000001
"CNSAutoUpdate"=dword:00000001
"Use Search Asst"="no"
"Search Bar"="http://www.6d6d.net"
"Enable Browser Extensions"="yes"
"NotifyDownloadComplete"="yes"
"Use FormSuggest"="yes"
"ShowedCheckBrowser"="Yes"
"Check_Associations"="Yes"
"Error Dlg Displayed On Every Error"="no"
"AddToFavoritesExpanded"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=dword:1
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName"="name"
"Source"="http://www.6d6d.net"
"SubscribedURL"="http://www.6d6d.net"
"OriginalStateInfo"=hex:18,00,00,00,64,ff,ff,ff,03,00,00,00,9d,00,00,00,0f,00,00,00,01,00,00,40
"Position"=hex:2c,00,00,00,64,ff,ff,ff,03,00,00,00,9d,00,00,00,0f,00,00,00,ec,03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00
"RestoredStateInfo"=hex:01,40,6c,74,00,00,00,00,01,00,0c,3b,30,bc,10,00,34,2d,93,7c,a4,6c,07,00
"CurrentState"=dword:40000001
"Flags"=dword:00002002

显示全部楼层 · 发表于 2008-8-9 08:32:59

2008-8-9 8:30:40 http://mtv3gp.com/PpDowN.exe//stream//data0002/p.exe 检测到: Heur.Downloader

显示全部楼层 · 发表于 2008-8-9 09:30:08

The file 'PpDowN.exe' has been determined to be 'UNDER ANALYSIS'.

显示全部楼层 · 发表于 2008-8-9 10:36:23

avast Win32:Lmir-RH [Trj]

显示全部楼层 · 发表于 2008-8-9 11:06:12

McAfee miss

显示全部楼层 · 发表于 2008-8-9 11:20:30

金山 0

显示全部楼层 · 发表于 2008-8-9 15:28:13

上报卡巴,PCSL

显示全部楼层 · 发表于 2008-8-9 16:47:40

Hello.
No malicious software was found in the attached file.

Please quote all when answering.

-----------------
Regards, Kirill Erakhtin
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.
http://www.kaspersky.com/trials - trial version

[病毒样本] PpDowN.exe