Work.exe-过主流（第41-42次更新）

显示全部楼层 · 发表于 2009-4-4 15:20:14

XE的图标
MD5省去...已验证不会重复

[ 本帖最后由 Sherry.ai 于 2009-6-28 08:39 编辑 ]

显示全部楼层 · 发表于 2009-4-4 15:25:31

改写Host文件，改写注册表
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system, 值 ConsentPromptBehaviorAdmin, 数据0x00000001 (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system, 值 ConsentPromptBehaviorAdmin, 数据0x00000001 (1)
然后添加自启动项并请求出站，一眼看上去就不是好货

[ 本帖最后由 saga3721 于 2009-4-4 15:42 编辑 ]

显示全部楼层 · 发表于 2009-4-4 15:39:00

红伞飘过

显示全部楼层 · 发表于 2009-4-4 15:42:39

0002BACC 0042BACC    0 Delete
0002BAD4 0042BAD4    0 NoRemove
0002BAE0 0042BAE0    0 ForceRemove
0002BB04 0042BB04    0 DEFAULT_PCID
0002BB14 0042BB14    0 SystemDrive
0002BB50 0042BB50    0 wvVista
0002BB58 0042BB58    0 APPDATA
0002BB68 0042BB68    0 del.bat
0002BB70 0042BB70    0 :Repeat
0002BB7C 0042BB7C    0 del "%s"
0002BB88 0042BB88    0 if exist "%s" goto Repeat
0002BBA4 0042BBA4    0 /c "%s"  >> NUL
0002BBB4 0042BBB4    0 ComSpec
0002BBBC 0042BBBC    0 \SYSTEM32\DRIVERS\ETC\hosts
0002BBD8 0042BBD8    0 \hosts
0002BBE0 0042BBE0    0 \SYSTEM32\DRIVERS\ETC\hosts.o1d
0002BC00 0042BC00    0 \hosts.o1d
0002BC0C 0042BC0C    0 /F /IM iexpl* /IM firefox* /IM mozi* /IM opera* /IM safar*
0002BC48 0042BC48    0 taskkill.exe
0002BC60 0042BC60    0 SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
0002BC9C 0042BC9C    0 ConsentPromptBehaviorAdmin
0002BCB8 0042BCB8    0 ConsentPromptBehaviorUser
0002BCD4 0042BCD4    0 EnableLUA
0002BCE0 0042BCE0    0 wvUnKnown
0002BCEC 0042BCEC    0 C:\WINDOWS
0002BCF8 0042BCF8    0 DnsFlushResolverCache
0002BD10 0042BD10    0 dnsapi.dll
0002BD20 0042BD20    0 78.159.118.165 google.ae
0002BD39 0042BD39    0 78.159.118.165 google.as
0002BD52 0042BD52    0 78.159.118.165 google.at
0002BD6B 0042BD6B    0 78.159.118.165 google.az
0002BD84 0042BD84    0 78.159.118.165 google.ba
0002BD9D 0042BD9D    0 78.159.118.165 google.be
0002BDB6 0042BDB6    0 78.159.118.165 google.bg
0002BDCF 0042BDCF    0 78.159.118.165 google.bs
0002BDE8 0042BDE8    0 78.159.118.165 google.ca
0002BE01 0042BE01    0 78.159.118.165 google.cd
0002BE1A 0042BE1A    0 78.159.118.165 google.com.gh
0002BE37 0042BE37    0 78.159.118.165 google.com.gi
0002BE54 0042BE54    0 78.159.118.165 google.com.hk
0002BE71 0042BE71    0 78.159.118.165 google.com.jm
0002BE8E 0042BE8E    0 78.159.118.165 google.com.ly
0002BEAB 0042BEAB    0 78.159.118.165 google.com.mx
0002BEC8 0042BEC8    0 78.159.118.165 google.com.my
0002BEE5 0042BEE5    0 78.159.118.165 google.com.na
0002BF02 0042BF02    0 78.159.118.165 google.com.nf
0002BF1F 0042BF1F    0 78.159.118.165 google.com.ng
0002BF3C 0042BF3C    0 78.159.118.165 google.ch
0002BF55 0042BF55    0 78.159.118.165 google.com.np
0002BF72 0042BF72    0 78.159.118.165 google.com.om
0002BF8F 0042BF8F    0 78.159.118.165 google.com.pa
0002BFAC 0042BFAC    0 78.159.118.165 google.com.pr
0002BFC9 0042BFC9    0 78.159.118.165 google.com.qa
0002BFE6 0042BFE6    0 78.159.118.165 google.com.sg
0002C003 0042C003    0 78.159.118.165 google.com.tj
0002C020 0042C020    0 78.159.118.165 google.com.tr
0002C03D 0042C03D    0 78.159.118.165 google.com.tw
0002C05A 0042C05A    0 78.159.118.165 google.com.ua
0002C077 0042C077    0 78.159.118.165 google.dj
0002C090 0042C090    0 78.159.118.165 google.com.vc
0002C0AD 0042C0AD    0 78.159.118.165 google.it.ao
0002C0C9 0042C0C9    0 78.159.118.165 google.de
0002C0E2 0042C0E2    0 78.159.118.165 google.dk
0002C0FB 0042C0FB    0 78.159.118.165 google.dm
0002C114 0042C114    0 78.159.118.165 google.dz
0002C12D 0042C12D    0 78.159.118.165 google.ee
0002C146 0042C146    0 78.159.118.165 google.fi
0002C15F 0042C15F    0 78.159.118.165 google.fm
0002C178 0042C178    0 78.159.118.165 google.fr
0002C191 0042C191    0 78.159.118.165 google.ge
0002C1AA 0042C1AA    0 78.159.118.165 google.gg
0002C1C3 0042C1C3    0 78.159.118.165 google.gm
0002C1DC 0042C1DC    0 78.159.118.165 google.gr
0002C1F5 0042C1F5    0 78.159.118.165 google.gy
0002C20E 0042C20E    0 78.159.118.165 google.ht
0002C227 0042C227    0 78.159.118.165 google.ie
0002C240 0042C240    0 78.159.118.165 google.im
0002C259 0042C259    0 78.159.118.165 google.in
0002C272 0042C272    0 78.159.118.165 google.it
0002C28B 0042C28B    0 78.159.118.165 google.ki
0002C2A4 0042C2A4    0 78.159.118.165 google.kz
0002C2BD 0042C2BD    0 78.159.118.165 google.la
0002C2D6 0042C2D6    0 78.159.118.165 google.li
0002C2EF 0042C2EF    0 78.159.118.165 google.lk
0002C308 0042C308    0 78.159.118.165 google.lv
0002C321 0042C321    0 78.159.118.165 google.ma
0002C33A 0042C33A    0 78.159.118.165 google.md
0002C353 0042C353    0 78.159.118.165 google.ms
0002C36C 0042C36C    0 78.159.118.165 google.mu
0002C385 0042C385    0 78.159.118.165 google.mv
0002C39E 0042C39E    0 78.159.118.165 google.mw
0002C3B7 0042C3B7    0 78.159.118.165 google.nl
0002C3D0 0042C3D0    0 78.159.118.165 google.no
0002C3E9 0042C3E9    0 78.159.118.165 google.nr
0002C402 0042C402    0 78.159.118.165 google.nu
0002C41B 0042C41B    0 78.159.118.165 google.pl
0002C434 0042C434    0 78.159.118.165 google.pn
0002C44D 0042C44D    0 78.159.118.165 google.pt
0002C466 0042C466    0 78.159.118.165 google.ro
0002C47F 0042C47F    0 78.159.118.165 google.ru
0002C498 0042C498    0 78.159.118.165 google.rw
0002C4B1 0042C4B1    0 78.159.118.165 google.sc
0002C4CA 0042C4CA    0 78.159.118.165 google.se
0002C4E3 0042C4E3    0 78.159.118.165 google.sh
0002C4FC 0042C4FC    0 78.159.118.165 google.si
0002C515 0042C515    0 78.159.118.165 google.sm
0002C52E 0042C52E    0 78.159.118.165 google.sn
0002C547 0042C547    0 78.159.118.165 google.st
0002C560 0042C560    0 78.159.118.165 google.tl
0002C579 0042C579    0 78.159.118.165 google.tm
0002C592 0042C592    0 78.159.118.165 google.tt
0002C5AB 0042C5AB    0 78.159.118.165 google.us
0002C5C4 0042C5C4    0 78.159.118.165 google.vg
0002C5DD 0042C5DD    0 78.159.118.165 google.vu
0002C5F6 0042C5F6    0 78.159.118.165 google.ws
0002C60F 0042C60F    0 78.159.118.165 google.co.bw
0002C62B 0042C62B    0 78.159.118.165 google.co.ck
0002C647 0042C647    0 78.159.118.165 google.co.id
0002C663 0042C663    0 78.159.118.165 google.co.il
0002C67F 0042C67F    0 78.159.118.165 google.co.in
0002C69B 0042C69B    0 78.159.118.165 google.co.jp
0002C6B7 0042C6B7    0 78.159.118.165 google.co.ke
0002C6D3 0042C6D3    0 78.159.118.165 google.co.kr
0002C6EF 0042C6EF    0 78.159.118.165 google.co.ls
0002C70B 0042C70B    0 78.159.118.165 google.co.ma
0002C727 0042C727    0 78.159.118.165 google.co.mz
0002C743 0042C743    0 78.159.118.165 google.co.nz
0002C75F 0042C75F    0 78.159.118.165 google.co.th
0002C77B 0042C77B    0 78.159.118.165 google.co.tz
0002C797 0042C797    0 78.159.118.165 google.co.ug
0002C7B3 0042C7B3    0 78.159.118.165 google.co.uk
0002C7CF 0042C7CF    0 78.159.118.165 google.co.za
0002C7EB 0042C7EB    0 78.159.118.165 google.co.zm
0002C807 0042C807    0 78.159.118.165 google.co.zw
0002C823 0042C823    0 78.159.118.165 google.com
0002C83D 0042C83D    0 78.159.118.165 google.com.af
0002C85A 0042C85A    0 78.159.118.165 google.com.ag
0002C877 0042C877    0 78.159.118.165 google.com.ai
0002C894 0042C894    0 78.159.118.165 google.com.ar
0002C8B1 0042C8B1    0 78.159.118.165 google.com.au
0002C8CE 0042C8CE    0 78.159.118.165 google.com.bn
0002C8EB 0042C8EB    0 78.159.118.165 google.com.br
0002C908 0042C908    0 78.159.118.165 google.com.by
0002C925 0042C925    0 78.159.118.165 google.com.bz
0002C942 0042C942    0 78.159.118.165 google.com.co
0002C95F 0042C95F    0 78.159.118.165 google.com.cu
0002C97C 0042C97C    0 78.159.118.165 google.com.ec
0002C999 0042C999    0 78.159.118.165 google.com.et
0002C9B6 0042C9B6    0 78.159.118.165 google.com.fj
0002C9D3 0042C9D3    0 78.159.118.165 www.google.ae
0002C9F0 0042C9F0    0 78.159.118.165 www.google.as
0002CA0D 0042CA0D    0 78.159.118.165 www.google.at
0002CA2A 0042CA2A    0 78.159.118.165 www.google.az
0002CA47 0042CA47    0 78.159.118.165 www.google.ba
0002CA64 0042CA64    0 78.159.118.165 www.google.be
0002CA81 0042CA81    0 78.159.118.165 www.google.bg
0002CA9E 0042CA9E    0 78.159.118.165 www.google.bs
0002CABB 0042CABB    0 78.159.118.165 www.google.ca
0002CAD8 0042CAD8    0 78.159.118.165 www.google.cd
0002CAF5 0042CAF5    0 78.159.118.165 www.google.com.gh
0002CB16 0042CB16    0 78.159.118.165 www.google.com.gi
0002CB37 0042CB37    0 78.159.118.165 www.google.com.hk
0002CB58 0042CB58    0 78.159.118.165 www.google.com.jm
0002CB79 0042CB79    0 78.159.118.165 www.google.com.ly
0002CB9A 0042CB9A    0 78.159.118.165 www.google.com.mx
0002CBBB 0042CBBB    0 78.159.118.165 www.google.com.my
0002CBDC 0042CBDC    0 78.159.118.165 www.google.com.na
0002CBFD 0042CBFD    0 78.159.118.165 www.google.com.nf
0002CC1E 0042CC1E    0 78.159.118.165 www.google.com.ng
0002CC3F 0042CC3F    0 78.159.118.165 www.google.ch
0002CC5C 0042CC5C    0 78.159.118.165 www.google.com.np
0002CC7D 0042CC7D    0 78.159.118.165 www.google.com.om
0002CC9E 0042CC9E    0 78.159.118.165 www.google.com.pa
0002CCBF 0042CCBF    0 78.159.118.165 www.google.com.pr
0002CCE0 0042CCE0    0 78.159.118.165 www.google.com.qa
0002CD01 0042CD01    0 78.159.118.165 www.google.com.sg
0002CD22 0042CD22    0 78.159.118.165 www.google.com.tj
0002CD43 0042CD43    0 78.159.118.165 www.google.com.tr
0002CD64 0042CD64    0 78.159.118.165 www.google.com.tw
0002CD85 0042CD85    0 78.159.118.165 www.google.com.ua
0002CDA6 0042CDA6    0 78.159.118.165 www.google.dj
0002CDC3 0042CDC3    0 78.159.118.165 www.google.com.vc
0002CDE4 0042CDE4    0 78.159.118.165 www.google.it.ao
0002CE04 0042CE04    0 78.159.118.165 www.google.de
0002CE21 0042CE21    0 78.159.118.165 www.google.dk
0002CE3E 0042CE3E    0 78.159.118.165 www.google.dm
0002CE5B 0042CE5B    0 78.159.118.165 www.google.dz
0002CE78 0042CE78    0 78.159.118.165 www.google.ee
0002CE95 0042CE95    0 78.159.118.165 www.google.fi
0002CEB2 0042CEB2    0 78.159.118.165 www.google.fm
0002CECF 0042CECF    0 78.159.118.165 www.google.fr
0002CEEC 0042CEEC    0 78.159.118.165 www.google.ge
0002CF09 0042CF09    0 78.159.118.165 www.google.gg
0002CF26 0042CF26    0 78.159.118.165 www.google.gm
0002CF43 0042CF43    0 78.159.118.165 www.google.gr
0002CF60 0042CF60    0 78.159.118.165 www.google.gy
0002CF7D 0042CF7D    0 78.159.118.165 www.google.ht
0002CF9A 0042CF9A    0 78.159.118.165 www.google.ie
0002CFB7 0042CFB7    0 78.159.118.165 www.google.im
0002CFD4 0042CFD4    0 78.159.118.165 www.google.in
0002CFF1 0042CFF1    0 78.159.118.165 www.google.it
0002D00E 0042D00E    0 78.159.118.165 www.google.ki
0002D02B 0042D02B    0 78.159.118.165 www.google.kz
0002D048 0042D048    0 78.159.118.165 www.google.la
0002D065 0042D065    0 78.159.118.165 www.google.li
0002D082 0042D082    0 78.159.118.165 www.google.lk
0002D09F 0042D09F    0 78.159.118.165 www.google.lv
0002D0BC 0042D0BC    0 78.159.118.165 www.google.ma
0002D0D9 0042D0D9    0 78.159.118.165 www.google.md
0002D0F6 0042D0F6    0 78.159.118.165 www.google.ms
0002D113 0042D113    0 78.159.118.165 www.google.mu
0002D130 0042D130    0 78.159.118.165 www.google.mv
0002D14D 0042D14D    0 78.159.118.165 www.google.mw
0002D16A 0042D16A    0 78.159.118.165 www.google.nl
0002D187 0042D187    0 78.159.118.165 www.google.no
0002D1A4 0042D1A4    0 78.159.118.165 www.google.nr
0002D1C1 0042D1C1    0 78.159.118.165 www.google.nu
0002D1DE 0042D1DE    0 78.159.118.165 www.google.pl
0002D1FB 0042D1FB    0 78.159.118.165 www.google.pn
0002D218 0042D218    0 78.159.118.165 www.google.pt
0002D235 0042D235    0 78.159.118.165 www.google.ro
0002D252 0042D252    0 78.159.118.165 www.google.ru
0002D26F 0042D26F    0 78.159.118.165 www.google.rw
0002D28C 0042D28C    0 78.159.118.165 www.google.sc
0002D2A9 0042D2A9    0 78.159.118.165 www.google.se
0002D2C6 0042D2C6    0 78.159.118.165 www.google.sh
0002D2E3 0042D2E3    0 78.159.118.165 www.google.si
0002D300 0042D300    0 78.159.118.165 www.google.sm
0002D31D 0042D31D    0 78.159.118.165 www.google.sn
0002D33A 0042D33A    0 78.159.118.165 www.google.st
0002D357 0042D357    0 78.159.118.165 www.google.tl
0002D374 0042D374    0 78.159.118.165 www.google.tm
0002D391 0042D391    0 78.159.118.165 www.google.tt
0002D3AE 0042D3AE    0 78.159.118.165 www.google.us
0002D3CB 0042D3CB    0 78.159.118.165 www.google.vg
0002D3E8 0042D3E8    0 78.159.118.165 www.google.vu
0002D405 0042D405    0 78.159.118.165 www.google.ws
0002D422 0042D422    0 78.159.118.165 www.google.co.bw
0002D442 0042D442    0 78.159.118.165 www.google.co.ck
0002D462 0042D462    0 78.159.118.165 www.google.co.id
0002D482 0042D482    0 78.159.118.165 www.google.co.il
0002D4A2 0042D4A2    0 78.159.118.165 www.google.co.in
0002D4C2 0042D4C2    0 78.159.118.165 www.google.co.jp
0002D4E2 0042D4E2    0 78.159.118.165 www.google.co.ke
0002D502 0042D502    0 78.159.118.165 www.google.co.kr
0002D522 0042D522    0 78.159.118.165 www.google.co.ls
0002D542 0042D542    0 78.159.118.165 www.google.co.ma
0002D562 0042D562    0 78.159.118.165 www.google.co.mz
0002D582 0042D582    0 78.159.118.165 www.google.co.nz
0002D5A2 0042D5A2    0 78.159.118.165 www.google.co.th
0002D5C2 0042D5C2    0 78.159.118.165 www.google.co.tz
0002D5E2 0042D5E2    0 78.159.118.165 www.google.co.ug
0002D602 0042D602    0 78.159.118.165 www.google.co.uk
0002D622 0042D622    0 78.159.118.165 www.google.co.za
0002D642 0042D642    0 78.159.118.165 www.google.co.zm
0002D662 0042D662    0 78.159.118.165 www.google.co.zw
0002D682 0042D682    0 78.159.118.165 www.google.com
0002D6A0 0042D6A0    0 78.159.118.165 www.google.com.af
0002D6C1 0042D6C1    0 78.159.118.165 www.google.com.ag
0002D6E2 0042D6E2    0 78.159.118.165 www.google.com.ai
0002D703 0042D703    0 78.159.118.165 www.google.com.ar
0002D724 0042D724    0 78.159.118.165 www.google.com.au
0002D745 0042D745    0 78.159.118.165 www.google.com.bn
0002D766 0042D766    0 78.159.118.165 www.google.com.br
0002D787 0042D787    0 78.159.118.165 www.google.com.by
0002D7A8 0042D7A8    0 78.159.118.165 www.google.com.bz
0002D7C9 0042D7C9    0 78.159.118.165 www.google.com.co
0002D7EA 0042D7EA    0 78.159.118.165 www.google.com.cu
0002D80B 0042D80B    0 78.159.118.165 www.google.com.ec
0002D82C 0042D82C    0 78.159.118.165 www.google.com.et
0002D84D 0042D84D    0 78.159.118.165 www.google.com.fj
0002D86E 0042D86E    0 78.159.118.165 search.yahoo.com
0002D88E 0042D88E    0 78.159.118.165 www.search.yahoo.com
0002D8B2 0042D8B2    0 78.159.118.165 search.live.com
0002D8D1 0042D8D1    0 78.159.118.165 search.msn.com
0002D8EF 0042D8EF    0 78.159.118.165 googleads.g.doubleclick.net
0002D91A 0042D91A    0 78.159.118.165 www.googleads.g.doubleclick.net
0002D949 0042D949    0 78.159.118.165 pubads.g.doubleclick.net
0002D971 0042D971    0 78.159.118.165 www.pubads.g.doubleclick.net
0002D99D 0042D99D    0 78.159.118.165 partner.googleadservices.com
0002D9C9 0042D9C9    0 78.159.118.165 www.partner.googleadservices.com
0002D9F9 0042D9F9    0 78.159.118.165 www.partner.googleadservices.com
0002DA2C 0042DA2C    0 http://89.149.228.159/report/reports/working.php
0002DA60 0042DA60    0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
0002DAA8 0042DAA8    0 xSP_2
0002DAB4 0042DAB4    0 UserID=%s&wv=%s&res=%d&lng=%s
0002DAD8 0042DAD8    0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
0002DB34 0042DB34    0 general.useragent.extra.firefox
0002DB54 0042DB54    0 user_pref("general.useragent.extra.firefox", "%s");
0002DB8C 0042DB8C    0 shdocvw.dll
0002DB98 0042DB98    0 \Mozilla\Firefox\
0002DBAC 0042DBAC    0 profiles.ini
0002DBBC 0042DBBC    0 StartWithLastProfile
0002DBD4 0042DBD4    0 General
0002DBDC 0042DBDC    0 Profile%d
0002DBF0 0042DBF0    0 \prefs.js
0002DC00 0042DC00    0 Content-Type: application/x-www-form-urlencoded
0002DC30 0042DC30    0 Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914)
0002DC78 0042DC78    0 bad allocation
0002DCD0 0042DCD0    0 RSDSe
0002DCE8 0042DCE8    0 d:\Work\AdwareProjects\DeskTopWork\Podmena\Src\Substitution\Substitution\Release\Work.pdb
000312AE 004312AE    0 CreateStdAccessibleObject
000312CA 004312CA    0 LresultFromObject

显示全部楼层 · 发表于 2009-4-4 16:09:04

和google干上了。

显示全部楼层 · 发表于 2009-4-4 16:27:32

VirusBuster found nothing

显示全部楼层 · 发表于 2009-4-4 16:28:20

norman ikarus 全过了

显示全部楼层 · 发表于 2009-4-4 16:44:10

过卡巴

显示全部楼层 · 发表于 2009-4-4 17:09:15

过BD

显示全部楼层 · 发表于 2009-4-4 17:14:49

To KL

[病毒样本] Work.exe-过主流（第41-42次更新）

本帖子中包含更多资源

评分