一个键盘记录器（专门盗号的）

显示全部楼层 · 发表于 2009-1-28 12:36:14

C:\Documents and Settings\Administrator\桌面\新建文件夹\VIP网游木马生成器突破版(万能盗号木马).rar > RAR > 键盘记录器突破版(万能).exe - 可能是 Win32/Spy.KeyLogger.GO 特洛伊木马的变种 - 是已删除对象的一部分

http://virscan.org/report/9be1891f13d54c3adb374c05cfbc451a.html

Eset 轻松秒杀。。。。。貌似报的也比较多~~大家看看

MP也是轻松拦截：木马名称：Trojan-Spy.Win32.KeyLogger.ha
程序：
C:\SANDBOX\ADMINISTRATOR\DEFAULTBOX\USER\CURRENT\LOCAL SETTINGS\TEMP\RAR$EX00.407\键盘记录器突破版(万能).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

[ 本帖最后由 schumi小粉于 2009-1-28 12:37 编辑 ]

显示全部楼层 · 发表于 2009-1-28 12:40:22

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: http://bbs.kafan.cn/attachment.p ... 01&t=1233117600
Information: Is the TR/SPY.KeyLogger.FW.2 Trojan

Generated by AntiVir WebGuard 8.0.15.0, AVE 8.2.0.60, VDF 7.1.1.189

显示全部楼层 · 发表于 2009-1-28 12:42:15

请求的对象被感染，发现下列病毒 Trojan-Spy.Win32.KeyLogger.fw

显示全部楼层 · 发表于 2009-1-28 12:43:27

'TR/SPY.KeyLogger.FW.2' [trojan]

显示全部楼层 · 发表于 2009-1-28 13:05:51

显示全部楼层 · 发表于 2009-1-28 13:09:28

*\user\current\Cookies\index.dat
*\user\current\Local Settings
*\user\current\Local Settings\Application Data
*\user\current\Local Settings\Application Data\Microsoft
*\user\current\Local Settings\Application Data\Microsoft\Internet

Explorer
*\user\current\Local Settings\Application Data\Microsoft\Internet

Explorer\MSIMGSIZ.DAT
*\user\current\Local Settings\History
*\user\current\Local Settings\History\History.IE5
*\user\current\Local Settings\History\History.IE5\index.dat
*\user\current\Local Settings\Temp
*\user\current\Local Settings\Temp\Rar$EX00.390
*\user\current\Local Settings\Temporary Internet Files
*\user\current\Local Settings\Temporary Internet Files\Content.IE5
*\user\current\Local Settings\Temporary Internet Files\Content.IE5

\index.dat

*\machine\software\microsoft\DirectDraw\MostRecentApplication\Name [1] = TheWorld.exe
*\machine\software\microsoft\DirectDraw\MostRecentApplication\ID [4] = 353A7549
*\machine\software\microsoft\ole\EnableDCOM [1] = N
*\machine\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket\NukeOnDelete [4] = 01000000
*\machine\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket\UseGlobalSettings [4] = 01000000
*\machine\software\microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents [1] = C:\Documents and Settings\All Users\Documents
*\machine\software\microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop [1] = C:\Documents and Settings\All Users\Lhb?
*\machine\software\microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData [1] = C:\Documents and Settings\All Users\Application Data
*\machine\software\microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory [1] = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
*\machine\software\microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths [4] = 04000000
*\machine\software\microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1\CachePath [1] = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1
*\machine\software\microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1\CacheLimit [4] = FFFFFFF57F0000
*\machine\software\microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2\CachePath [1] = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2
*\machine\software\microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2\CacheLimit [4] = FFFFFFF57F0000
*\machine\software\microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3\CachePath [1] = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3
*\machine\software\microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3\CacheLimit [4] = FFFFFFF57F0000
*\machine\software\microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4\CachePath [1] = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4
*\machine\software\microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4\CacheLimit [4] = FFFFFFF57F0000
*\machine\software\microsoft\windows nt\currentversion\winlogon\Shell [1] = x
*\user\current\software\classes\SymbolicLinkValue [6] = 5C00520045004700490053005400520059005C0055005300450052005C00530061006E00640062006F0078005F00410064006D0069006E006900730074007200610074006F0072005F00440065006600610075006C00740042006F0078005C0075007300650072005C00630075007200720065006E0074005F0063006C0061007300730065007300
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess\BrowseNewProcess [1] = yes
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f23f4ca-767d-11dd-a315-806d6172696f}\BaseClass [1] = Drive
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f23f4cb-767d-11dd-a315-806d6172696f}\BaseClass [1] = Drive
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f23f4cc-767d-11dd-a315-806d6172696f}\BaseClass [1] = Drive
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f23f4cd-767d-11dd-a315-806d6172696f}\BaseClass [1] = Drive
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f23f4ce-767d-11dd-a315-806d6172696f}\BaseClass [1] = Drive
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal [1] = C:\Documents and Settings\Administrator\My Documents
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop [1] = C:\Documents and Settings\Administrator\Lhb?
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData [1] = C:\Documents and Settings\Administrator\Application Data
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache [1] = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies [1] = C:\Documents and Settings\Administrator\Cookies
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History [1] = C:\Documents and Settings\Administrator\Local Settings\History
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Favorites [1] = C:\Documents and Settings\Administrator\Favorites
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData [1] = C:\Documents and Settings\Administrator\Local Settings\Application Data
*\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy [4] = 01000000
*\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings [3] = 3C000000740500000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
*\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass [4] = 01000000
*\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName [4] = 01000000
*\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet [4] = 01000000
*\user\current\software\Microsoft\Windows\ShellNoRoam\MUICache\C [1] = .曍v皨U_hV亃4xHr(N齹)
*\user\current\software\SandboxieAutoExec [3] = 31
*\user\current\software\WinRAR\ArcHistory\2 [1] = F:\new\sreng襝鯪.rar
*\user\current\software\WinRAR\ArcHistory\1 [1] = C:\Documents and Settings\Administrator\Lhb梊Yezsboxie.rar
*\user\current\software\WinRAR\ArcHistory\0 [1] = E:\駇?鹼邁N:S\VIPQ8n(gl?ubhV亃4xHr(N齹譾鱏(gl?.rar
*\user\current\software\WinRAR\FileList\ArcColumnWidths\name [4] = 78000000
*\user\current\software\WinRAR\FileList\ArcColumnWidths\size [4] = 50000000
*\user\current\software\WinRAR\FileList\ArcColumnWidths\psize [4] = 50000000
*\user\current\software\WinRAR\FileList\ArcColumnWidths\type [4] = 78000000
*\user\current\software\WinRAR\FileList\ArcColumnWidths\mtime [4] = 64000000
*\user\current\software\WinRAR\FileList\ArcColumnWidths\crc [4] = 46000000
*\user\current\software\WinRAR\FileList\FileColumnWidths\name [4] = 78000000
*\user\current\software\WinRAR\FileList\FileColumnWidths\size [4] = 50000000
*\user\current\software\WinRAR\FileList\FileColumnWidths\type [4] = 78000000
*\user\current\software\WinRAR\FileList\FileColumnWidths\mtime [4] = 64000000
*\user\current\software\WinRAR\General\LastFolder [1] = E:\駇?鹼邁N:S
*\user\current\software\WinRAR\General\Toolbar\Layout\Band0 [3] = 38000000730100000402000000000000FFFFFFF3FFFFFFF5FFFFFFF70000000000000000000000000076010C000000000039000000FFFFFFB40200000000000001000000
*\user\current\software\WinRAR\General\Toolbar\Layout\Band1 [3] = 38000000730100000500000000000000FFFFFFF3FFFFFFF5FFFFFFF70000000000000000000000000078010B000000000016000000280000000000000002000000
*\user\current\software\WinRAR\General\Toolbar\Layout\Band2 [3] = 38000000730100000400000000000000FFFFFFF3FFFFFFF5FFFFFFF7000000000000000000000000007E011F000000000016000000640000000000000003000000
*\user\current\software\WinRAR\General\Toolbar\Layout\Band3 [3] = 3800000073010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
*\user\current\software\WinRAR\Interface\MainWin\Placement [3] = 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF85000000FFFFFFFC000000FFFFFF98030000FFFFFF90020000

显示全部楼层 · 发表于 2009-1-28 13:11:01

BitDefender 2009

此网页已被 BitDefender 反病毒实时防护拦截！

被拦截的网页包含（可能）已被病毒感染的对象。您的系统未被感染。

显示全部楼层 · 发表于 2009-1-28 13:12:27

卡巴拒绝！

显示全部楼层 · 发表于 2009-1-28 13:27:49

我也拒绝

显示全部楼层 · 发表于 2009-1-28 22:13:03

费尔报木马！！

[病毒样本] 一个键盘记录器（专门盗号的）

本帖子中包含更多资源

本帖子中包含更多资源

评分