办公室电脑中找到一个！

tian832

费尔杀

kkgh

费尔   TrojanSpy.Zbot.dxb.hgfc

啊弥陀佛

微点拦截

solcroft

C:\Documents and Settings\Limited User\Desktop\Pctool.rar:\Pctool.exe; Virus found Win32/PolyCrypt; Moved to Virus Vault

Love=卡巴+费尔

lx1234

TF的分析   Trojan-Spy.Zbot
The following files were created in the system:

#        Filename(s)        File Size        File MD5
1         %System%\ntos.exe         642,048 bytes         0x976EB96EDC6658867E47E418AB4C9EFD
2         [file and pathname of the sample #1]         525,312 bytes         0x6ADA70439118A4446481DDF88070AD23
3         %System%\wsnpoem\audio.dll         410 bytes         0x91CDF0695DD8D1C1EE73C6D79B369E67
4         %System%\wsnpoem\video.dll         0 bytes         0xD41D8CD98F00B204E9800998ECF8427E

    * The newly created Registry Values are:
          o [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network]
                + UID = "%ComputerName%_001FA997"
          o [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer]
                + {F710FA10-2031-3106-8872-93A2B5C5C620} = F7 09 F2 0D

    * The following Registry Values were modified:
          o [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
                + Userinit = "%System%\userinit.exe,%System%\ntos.exe,"

          o so that ntos.exe runs every time Windows starts [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
                + Cookies = "%System%\config\systemprofile\Cookies"
                + Cache = "%System%\config\systemprofile\Local Settings\Temporary Internet Files"
                + History = "%System%\config\systemprofile\Local Settings\History"

    * The data identified by the following URL was then requested from the remote web server:
          o hXXp://58.65.235.41/llll/tadm/cfg.bin

cxgkings

kis 2009  报

will

qigang

RS20.57.32未杀！

BING126

McAfee  miss