天琊(ya)V1.0 0228(增强保险箱)

显示全部楼层 · 发表于 2009-2-23 12:39:16

不是也许，是肯定。搞木马的话，如果想这样搞的话，不累死才怪。

显示全部楼层 · 发表于 2009-2-23 18:55:41

原帖由 hemahaha520 于 2009-2-23 11:44 发表
报告楼主,下了最新版,EAV报木马,也许是误报吧~~
支持楼主~~

发现报天琊是病毒的杀毒软件还真有不少了

显示全部楼层 · 发表于 2009-2-23 19:01:41

给你QQ留言了，呵呵有空看下吧。

显示全部楼层 · 发表于 2009-2-25 08:21:53

加载驱动失败。最新版和情人节版。（需要VB运行库?）标题写着VB版本？

显示全部楼层 · 发表于 2009-2-25 11:28:23

好象很厉害的工具！我需要进程管理！

显示全部楼层 · 发表于 2009-2-25 11:52:45

不需要VB运行库，应该是你的系统缺少文件吧。我用原版vol的系统测试，没问题。装的新系统后直接测试的。

显示全部楼层 · 发表于 2009-2-25 12:12:34

原帖由 wolfwalk888 于 2009-2-25 11:52 发表
不需要VB运行库，应该是你的系统缺少文件吧。我用原版vol的系统测试，没问题。装的新系统后直接测试的。

如何知道缺少哪几个文件？

显示全部楼层 · 发表于 2009-2-25 12:34:04

这个不清楚了，呵呵系统文件太多了

显示全部楼层 · 发表于 2009-2-25 12:56:14

“破坏进程文件”后蓝屏。

*******************************************************************************
*                                                                                              *
*                      Bugcheck Analysis                                        *
*                                                                                              *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80567f34, The address that the exception occurred at
Arg3: f62afb00, Trap Frame
Arg4: 00000000
Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
FAULTING_IP:
nt!ExpAllocateHandleTableEntry+1be
80567f34 8b4904       mov    ecx,dword ptr [ecx+4]
TRAP_FRAME:  f62afb00 -- (.trap 0xfffffffff62afb00)
Unable to read trap frame at f62afb00
CUSTOMER_CRASH_COUNT:  2
DEFAULT_BUCKET_ID:  DRIVER_FAULT
BUGCHECK_STR:  0x8E
LAST_CONTROL_TRANSFER:  from 80567fd1 to 80567f34
STACK_TEXT:
f62afb98 80567fd1 e1137cb8 f62afbb0 80f24900 nt!ExpAllocateHandleTableEntry+0x1be
f62afbb4 80573abb e1137cb8 f62afc98 00000000 nt!ExCreateHandle+0x19
f62afca8 80573bdb 80dba020 0000039c ffac93c0 nt!ObDuplicateObject+0x36a
f62afd14 f5e47ed1 000003c0 0000039c ffffffff nt!NtDuplicateObject+0xd0
WARNING: Stack unwind information not available. Following frames may be wrong.
f62afd40 804df7ec 000003c0 0000039c ffffffff Ch000001+0x13ed1
f62afd40 7c92eb94 000003c0 0000039c ffffffff nt!KiFastCallEntry+0xf8
0012e8a0 00000000 00000000 00000000 00000000 0x7c92eb94

STACK_COMMAND:  kb
FOLLOWUP_IP:
Ch000001+13ed1
f5e47ed1 ??             ???
SYMBOL_STACK_INDEX:  4
SYMBOL_NAME:  Ch000001+13ed1
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: Ch000001
IMAGE_NAME:  Ch000001.sys
DEBUG_FLR_IMAGE_TIMESTAMP:  0
FAILURE_BUCKET_ID:  0x8E_Ch000001+13ed1
BUCKET_ID:  0x8E_Ch000001+13ed1
Followup: MachineOwner
---------

显示全部楼层 · 发表于 2009-2-25 14:04:22

minidump，我这里只能生成核心的

[原创工具] 天琊(ya)V1.0 0228(增强保险箱)

回复 348楼 hemahaha520 的帖子

回复 351楼 chenhui530 的帖子

回复 353楼大少爷的帖子

回复 356楼大少爷的帖子

回复 358楼 dl123100 的帖子