[病毒样本] 2

显示全部楼层 · 发表于 2008-10-31 21:56:41

http://facaizhifuok.cn/root/svcos.exe
http://zhichibjoy.cn/root/svcos.exe

显示全部楼层 · 发表于 2008-10-31 22:07:01

kaspersky kill all
trojan-tropper

显示全部楼层 · 发表于 2008-11-1 00:04:09

Avira
TR/Crypt.XDR.Gen X2

显示全部楼层 · 发表于 2008-11-1 00:35:16

火狐：
位于 facaizhifuok.cn 的站点已经被报告为攻击网站，而且已根据您的安全首选项而阻止。

ESET
2008-11-01 0:34:58 HTTP filter file http://zhichibjoy.cn/root/svcos.exe probably a variant of Win32/Genetik trojan connection terminated - quarantined CHINESE-GUNDAM\GUNDAM Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
2008-11-01 0:34:36 HTTP filter file http://facaizhifuok.cn/root/svcos.exe probably a variant of Win32/Genetik trojan connection terminated - quarantined CHINESE-GUNDAM\GUNDAM Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.

显示全部楼层 · 发表于 2008-11-1 04:17:42

HB系列

C:\DOCUMENTS AND SETTINGS\TOM\桌面\SVCOS.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\TOM\LOCAL SETTINGS\TEMP\316640_EX.TMP
2) C:\DOCUMENTS AND SETTINGS\TOM\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\YPY38Z0H\0[1].EXE
3) C:\DOCUMENTS AND SETTINGS\TOM\LOCAL SETTINGS\TEMP\CHO1.TMP
4) C:\WINDOWS\SYSTEM32\HBMHLY.DLL
5) C:\WINDOWS\SYSTEM32\SYSTEM.EXE
是否删除木马程序及其衍生物?

[病毒样本] 2

回复 1楼 dearhaoji 的帖子