收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 updater 请用hips测试下行为
返回列表 发新帖
查看: 2429|回复: 7
收起左侧

[病毒样本] updater 请用hips测试下行为

[复制链接]
jehovah_king
头像被屏蔽
发表于 2008-9-8 22:40:08 | 显示全部楼层 |阅读模式
File Error Notification Follow-up:

We contacted you last week, and we noticed that you hadn't run the
diagnostics test to check for any potentially harmful file errors located
in your registry.

Press below to launch the Diagnostics Test download:

Press HERE to begin:


Please read carefully to learn how to locate these potentially harmful
file errors located on your PC, and how to fix them.

Are you aware that over 95% of ALL PC's have file errors in Windows
that could cause your PC to crash, lose important memory, and cause other
software on your PC to fail or uninstall without your knowledge.

Protect Your PC From Annoying and Harmful File Errors and Major System
Problems today with a FREE PC Diagnostics Test and Report which will
hunt out & rectify even the smallest Windows problems on your PC.

Press below to launch the Diagnostics Test download:

Press HERE to begin:


If after completing the free Diagnostic Test it is brought to your
attention that your computer's registry does contain file "errors", then it
may be in your computer's best interest to fix the potentially harmful
file errors in your registry.

Once again, there are NO OBLIGATIONS for this FREE OFFER that includes
our FREE Software, FREE Analysis, FREE Report and 24 Hour Support !

Press below to launch the Diagnostics Test download now:

Press HERE to begin:




Copyright ?(C) 2002 - 2008 All Rights Reserved





To not receive future offers/promotions from "Error Nuker" please press
on
the below link:


Or send us a letter at:

6965 El Camino Real
Suite 105 - 698
La Costa, CA 92009





You will not get anymore of our emails if you go here
and enter
your email address ()

or write to:

PP Data
6965 El Camino Real
Suite 105-698
La Costa, CA 92009







TRCK:dd2;
;1;


包含我邮箱地址的连接已删除

[ 本帖最后由 jehovah_king 于 2008-9-8 22:54 编辑 ]
回复

举报

qigang
发表于 2008-9-8 22:40:55 | 显示全部楼层

2/0

RS20.61.02未杀!
回复

举报

无尽藏海
发表于 2008-9-8 22:43:46 | 显示全部楼层
看起来没啥问题……
回复

举报

wangjay1980
发表于 2008-9-8 22:53:11 | 显示全部楼层
带数字签名的软件
回复

举报

Palkia
发表于 2008-9-8 22:53:58 | 显示全部楼层
金山 -
回复

举报

htyhzd 该用户已被删除
发表于 2008-9-9 09:06:05 | 显示全部楼层

会在网上下载东西,被拒绝了,具体操作如下

DefenseWall HIPS log file

09.09.2008  09:02:40,模块 C:\Documents and Settings\htyhzd\桌面\ErrorNukerInstaller.exe, 企图 设置值 Cookies 在注册表键 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

09.09.2008  09:02:40,模块 C:\Documents and Settings\htyhzd\桌面\ErrorNukerInstaller.exe, 企图 设置值 History 在注册表键 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

09.09.2008  09:02:40,模块 C:\Documents and Settings\htyhzd\桌面\ErrorNukerInstaller.exe, 企图 设置值 Common AppData 在注册表键 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

09.09.2008  09:02:40,模块 C:\Documents and Settings\htyhzd\桌面\ErrorNukerInstaller.exe, 企图 设置值 AppData 在注册表键 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

09.09.2008  09:02:40,模块 C:\Documents and Settings\htyhzd\桌面\ErrorNukerInstaller.exe, 企图 设置值 AppData 在注册表键 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

09.09.2008  09:02:40,模块 C:\Documents and Settings\htyhzd\桌面\ErrorNukerInstaller.exe, 企图 设置值 ProxyEnable 在注册表键 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ (注册表)

09.09.2008  09:02:40,模块 C:\Documents and Settings\htyhzd\桌面\ErrorNukerInstaller.exe, 企图 设置值 Cache 在注册表键 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\ (注册表)

注册表键: HKLM\Software\Error Nuker\, 创建由 C:\Documents and Settings\htyhzd\桌面\ErrorNukerInstaller.exe 在 09.09.2008  09:02:39 时
文件: C:\Documents and Settings\htyhzd\桌面\ErrorNukerInstaller.exe.zip:Zone.Identifier 创建由 C:\Program Files\Maxthon2\Maxthon.exe 在 09.09.2008  09:02:21 时
文件: C:\Documents and Settings\htyhzd\桌面\ErrorNukerInstaller.exe.zip 创建由 C:\Program Files\Maxthon2\Maxthon.exe 在 09.09.2008  09:02:20 时
注册表键: HKU\S-1-5-21-1409082233-606747145-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip\, 创建由 C:\Program Files\Maxthon2\Maxthon.exe 在 09.09.2008  09:02:20 时
回复

举报

maozi778631
发表于 2008-9-9 20:35:22 | 显示全部楼层
C:\DOCUMENTS AND SETTINGS\MAOZI778631\LOCAL SETTINGS\TEMP\RAR$EX00.243\ERRORNUKERINSTALLER.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:2120
远端地址:72.44.67.7(美国)
远端端口:80

C:\DOCUMENTS AND SETTINGS\MAOZI778631\LOCAL SETTINGS\TEMP\RAR$EX00.243\ERRORNUKERINSTALLER.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:2140
远端地址:72.44.67.7(美国)
远端端口:80
回复

举报

爬墙找红杏
发表于 2008-9-9 20:43:27 | 显示全部楼层
e盾阻止了
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-11-10 16:42 , Processed in 0.265190 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表