收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 1
12下一页
返回列表 发新帖
查看: 2947|回复: 13
收起左侧

[病毒样本] 1

[复制链接]
tonger2003
发表于 2008-9-16 22:22:21 | 显示全部楼层 |阅读模式

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Kitman
发表于 2008-9-16 22:26:08 | 显示全部楼层
Requested URL:        http://bbs.kafan.cn/attachment.p ... 9a&t=1221575150
Information:        Contains HEUR/Crypted suspicious code
Generated by AntiVir WebGuard 8.0.15.0, AVE 8.1.1.28, VDF 7.0.6.165
回复

举报

91343
头像被屏蔽
发表于 2008-9-16 22:33:40 | 显示全部楼层
2008-09-16 22:33:33        注册表保护(修改注册表内容)     操作:阻止并结束进程
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.219\vbvbvbv.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\360Safe\safemon
注册表名称:LeakShowed
回复

举报

Palkia
发表于 2008-9-16 22:44:58 | 显示全部楼层
金山 0
回复

举报

wangjay1980
发表于 2008-9-16 22:47:48 | 显示全部楼层
2008-9-16 JAY22:33:20 WinRAR 压缩文件管理器  Create C:\Documents and Settings\Owner\桌面\vbvbvbv.exe
2008-9-16 JAY22:34:07 vbvbvbv.exe  Placed in group High Restricted
2008-9-16 JAY22:34:07 vbvbvbv.exe  Process start C:\Documents and Settings\Owner\桌面\vbvbvbv.exe
2008-9-16 JAY22:34:07 vbvbvbv.exe Denied: KLPrivileges/KLPermissionSystem/KLPermissionPrivileges/KLSetDbgPrivilege Setting debug privileges  
2008-9-16 JAY22:34:07 vbvbvbv.exe Denied: KLSystemData/KLSystemFiles/Drivers Create C:\WINDOWS\system32\drivers\sbl.sys
2008-9-16 JAY22:34:32 vbvbvbv.exe Denied: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLWMSend Send windows messages to another process c:\program files\maxthon\maxthon.exe
2008-9-16 JAY22:34:32 vbvbvbv.exe Denied: KLSystemData/KLSystemFiles/SystemExe Create C:\WINDOWS\system32StopAor.exe
2008-9-16 JAY22:34:33 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN
2008-9-16 JAY22:34:33 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/Explorer_Run Modification hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
2008-9-16 JAY22:34:33 vbvbvbv.exe Denied: KLSystemData/FD-C/ Create C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2008-9-16 JAY22:34:33 vbvbvbv.exe Denied: KLSystemData/FD-C/ Create C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat
2008-9-16 JAY22:34:33 vbvbvbv.exe Denied: KLSystemData/FD-1/ Read C:\autoexec.bat
2008-9-16 JAY22:34:33 vbvbvbv.exe  Modification HKEY_USERS\S-1-5-21-1292428093-706699826-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections/SavedLegacySettings
2008-9-16 JAY22:35:12 vbvbvbv.exe Denied: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\program files\internet explorer\iexplore.exe
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLSystemSecRegKeys/Policies_Explorer2 Modification hkey_users\S-1-5-21-1292428093-706699826-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLSystemSecRegKeys/Policies_Explorer3 Modification hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360SAFE.EXE
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360TRAY.EXE
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ADAM.EXE
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGRSSVC.EXE
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.COM
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCENTER.EXE
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCSVCHST.EXE
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FILEDSTY.EXE
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe
2008-9-16 JAY22:35:13 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FTCLEANERSHELL.EXE
2008-9-16 JAY22:35:13 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe
2008-9-16 JAY22:35:14 vbvbvbv.exe  Create HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE
/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe
2008-9-16 JAY22:35:56 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe
2008-9-16 JAY22:35:56 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe
2008-9-16 JAY22:35:56 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe
2008-9-16 JAY22:35:56 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe
2008-9-16 JAY22:35:56 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe
2008-9-16 JAY22:35:56 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR
2008-9-16 JAY22:35:56 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe
2008-9-16 JAY22:35:56 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe
2008-9-16 JAY22:35:56 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe
2008-9-16 JAY22:36:16 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe
2008-9-16 JAY22:36:16 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe
2008-9-16 JAY22:36:16 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe
2008-9-16 JAY22:36:16 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe
2008-9-16 JAY22:36:16 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR
2008-9-16 JAY22:36:17 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe
2008-9-16 JAY22:36:17 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe
2008-9-16 JAY22:36:17 vbvbvbv.exe Denied: KLSystemData/KLStartupRegKeys/ImageFileExecutionOptions Modification hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

无尽藏海
发表于 2008-9-17 00:12:24 | 显示全部楼层
Hello,

vbvbvbv.exe_ - Trojan-Dropper.Win32.Agent.wwo

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Ilya Tolstikhin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/
回复

举报

v_ww
头像被屏蔽
发表于 2008-9-17 09:58:20 | 显示全部楼层
ess3.0
E:\Sandbox\wei\virus\user\current\桌面\vbvbvbv.rar > RAR > vbvbvbv.exe - Win32/TrojanDownloader.Delf.OHD 特洛伊木马
回复

举报

啊弥陀佛
发表于 2008-9-17 10:37:46 | 显示全部楼层
微点拦截

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

barbara
发表于 2008-9-17 14:02:44 | 显示全部楼层
norton 09 认得。
回复

举报

ljh3737
发表于 2008-9-17 15:02:12 | 显示全部楼层

让你们见识AVG8.0的强大

不废话看图,还没下下来就被网页监控做掉,安全省心

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-11-10 15:05 , Processed in 0.111985 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表