老外的autorun失效N久后又开始大规模爆发了

显示全部楼层 · 发表于 2009-3-26 23:43:46

Hello,

DigitalHQ.exe - Trojan.Win32.TDSS.vgj

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

LS 耐心的等候..

显示全部楼层 · 发表于 2009-3-26 23:51:24

检测到威胁病毒 HEUR:Trojan.Win32.Generic DigitalHQ.exe
启发^_^

显示全部楼层 · 发表于 2009-3-26 23:52:54

奇怪了，既然是新品种，为啥你的能查杀呢？

显示全部楼层 · 发表于 2009-3-27 00:13:06

to VB

显示全部楼层 · 发表于 2009-3-27 01:16:53

Warning

--------------------------------------------------------------------------------

In order not to compromise your security, this page will not be accessed

A virus or unwanted program has been detected
in the HTTP data on the requested page.

--------------------------------------------------------------------------------

Requested URL: http://bbs.kafan.cn/attachment.p ... 91&t=1238087796
Information Is the TR/Crypt.ZPACK.Gen Trojan

--------------------------------------------------------------------------------

Generated by AntiVir WebGuard 9.0.3.0, AVE 8.2.0.129, VDF 7.1.2.222

显示全部楼层 · 发表于 2009-3-27 07:14:42

生成文件:
c:\autorun.inf
%Temp%\tmp1.tmp
%Temp%\tmp2.tmp
c:\RECYCLER\S-4-6-53-100021982-100010000-100024378-4092.com
%Windir%\Temp\310203.tmp
%Windir%\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090327-175745-00.hdmp
%Windir%\pchealth\ERRORREP\UserDumps\spoolsv.exe.20090327-175745-00.mdmp

進程調用:
IEXPLORE.EXE %ProgramFiles%\internet explorer\iexplore.exe

建立註冊表:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoshow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoshow\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\UserFaults
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoshow\CLSID]
(Default) = "{6BF52A52-394A-11D3-B153-00C04F79FAA6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\UserFaults]
%Windir%\PCHealth\ErrorRep\UserDumps\spoolsv.exe.20090327-175745-00.mdmp = DA 00 00 00 60 00 00 00 60 00 00 00 A0 00 00 00 F4 1D 00 00 00 00 00 00 05 00 01 00 28 0A 84 08 00 00 00 00 00 00 00 00 00 00 00 00 D9 07 03 00 05 00 1B 00 11 00 39 00 2D 00 22 02 30 00 30 00 05 00 00 C0 31 00 38 00 00 00 00 00 00 00 00 00 B4 7E 10 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
UserFaultCheck = "%System%\dumprep 0 -u"
The following Registry Values were modified:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]
(Default) = 0x0000000D
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]
(Default) = 0x0000000D

試圖建立與遠程主機。連接
94.247.2.107 80

显示全部楼层 · 发表于 2009-3-27 07:48:53

kis8.0终于报杀了，真是羡慕2楼，不知道你的规则是如何设置的。我现在心里很怕怕

显示全部楼层 · 发表于 2009-3-27 08:34:37

卡巴 The requested URL http://bbs.kafan.cn/attachment.p ... e1&t=1238113885 is infected with Trojan.Win32.TDSS.vgj virus

[病毒样本] 老外的autorun失效N久后又开始大规模爆发了