收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 (0904.24-25)卡饭论坛被挂—样本及下载物+分析(9日更新 ...
12345678下一页
返回列表 发新帖
楼主: Sherry.ai
 收起左侧

[病毒样本] (0904.24-25)卡饭论坛被挂—样本及下载物+分析(9日更新38X-Update6)

[复制链接]
Anycall-D908
发表于 2009-4-25 02:00:35 | 显示全部楼层
可能是某个热心的网友,本来想上传这个木马到病毒样本区。可是卡饭最近很卡,上传不成功,所以干脆给网站挂马,让大家能有样本测试而已..........纯粹本人YY,如有雷霆纯粹ORZ
回复

举报

幸福的猪猪
发表于 2009-4-25 06:00:08 | 显示全部楼层

回复 1楼 935623508 的帖子

kaba miss 3x ,heur 1x ,to kill !


Hello,


12days.dll - Trojan-GameThief.Win32.OnLineGames.uwvh
L6.exe,
12days.exe - Trojan-Dropper.Win32.Agent.anjj
PkVyCX5kHnftC7BXjt.dll - Trojan-GameThief.Win32.Magania.aznj


New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.



[ 本帖最后由 幸福的猪猪 于 2009-4-25 13:51 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Sherry.ai
 楼主| 发表于 2009-4-25 06:58:26 | 显示全部楼层
楼上的辛苦了

评分

参与人数 2人气 +6 收起 理由
Super.TR + 3 加分鼓励
一休再休接着休 + 3 加分鼓励

查看全部评分

回复

举报

1688388728
发表于 2009-4-25 07:15:02 | 显示全部楼层
我的DW里隔离了6只.
回复

举报

kalynn84
发表于 2009-4-25 09:23:31 | 显示全部楼层
Win32:Trojan-gen {Other}2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\12days.dll" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\12days.exe" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\2742513_xeex.exe" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\56BC86C7.dll\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\704C3595.dll\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:BHO-VA [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\a2.exe\$[32]\15.exe" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\a8.exe\[ASPack]\[ASPack]\[Embedded_R#12660]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\efc0c52cc1.dll\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\GrTZqH5SnRhAt.dll\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\JBn2ypqY23vWX.dll" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\jxsystem.gif" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\L1.exe" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\L3.exe" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\L4.exe" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\L5.exe" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\L6.exe" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M15.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M15.exe\[Embedded_Ix#2210]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M23.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M23.exe\[Embedded_Ix#2210]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M24.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M24.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M25.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M25.exe\[Embedded_Ix#1a10]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M33.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M33.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M35.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M35.exe\[Embedded_Ix#2210]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M37.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M37.exe\[Embedded_Ix#2210]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M39.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M39.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M4.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M4.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M5.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\M5.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\Nj4gYd3rUbJ57.dll\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\peV7mS4gcukR.dll\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\PkVyCX5kHnftC7BXjt.dll\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S1.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S1.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S10.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S10.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S11.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S11.exe\[Embedded_Ix#2210]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S11.exe" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S12.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S12.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S13.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S13.exe\[Embedded_Ix#2210]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S14.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S14.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S15.exe\[UPX]" file.  
2009-4-25 9:21:50 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S15.exe\[Embedded_Ix#2210]\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S16.exe\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S16.exe\[Embedded_Ix#2210]\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S17.exe\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S17.exe\[Embedded_Ix#2210]\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S2.exe\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S2.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S20.exe\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S20.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S21.exe\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S21.exe\[Embedded_Ix#2210]\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S8.exe\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Agent-ACMH [Drp]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\S8.exe\[Embedded_Ix#1a10]\[UPX]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\scvhost.exe\[UPX]\[Embedded_Ra#14110]" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\xcsystem.gif" file.  
2009-4-25 9:21:51 帆        Ivan        2684        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\木马群.rar\木马群\zxsystem.gif" file.
回复

举报

左手
发表于 2009-4-25 09:53:22 | 显示全部楼层
2009-04-25 09:50:20    创建文件      操作:阻止
进程路径:D:\Program Files\Greenbrowser\GreenBrowser.exe
文件路径:E:\virus\木马群.rar:Zone.Identifier
触发规则:高优先规则->A02…禁止创建的文件->?:\*:*


2009-04-25 09:50:28    创建文件      操作:阻止
进程路径:E:\virus\木马群\12days.exe
文件路径:C:\WINDOWS\System32\12days.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:29    创建文件      操作:阻止并结束进程
进程路径:E:\virus\木马群\a1.exe
文件路径:C:\WINDOWS\~DFCC16.tmp
触发规则:应用程序规则->A04…常见修改程序组->*.*->%windir%\*


2009-04-25 09:50:30    创建文件      操作:阻止
进程路径:E:\virus\木马群\a8.exe
文件路径:C:\WINDOWS\npptools.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:30    创建文件      操作:阻止
进程路径:E:\virus\木马群\a8.exe
文件路径:C:\WINDOWS\npptools.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:30    创建文件      操作:阻止
进程路径:E:\virus\木马群\a8.exe
文件路径:C:\WINDOWS\wpcap.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:30    创建文件      操作:阻止
进程路径:E:\virus\木马群\a8.exe
文件路径:C:\WINDOWS\wpcap.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:30    创建文件      操作:阻止
进程路径:E:\virus\木马群\a8.exe
文件路径:C:\WINDOWS\WanPacket.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:30    创建文件      操作:阻止
进程路径:E:\virus\木马群\a8.exe
文件路径:C:\WINDOWS\WanPacket.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:30    创建文件      操作:阻止
进程路径:E:\virus\木马群\a8.exe
文件路径:C:\WINDOWS\Packet.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:30    创建文件      操作:阻止
进程路径:E:\virus\木马群\a8.exe
文件路径:C:\WINDOWS\Packet.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:30    创建文件      操作:阻止并结束进程
进程路径:E:\virus\木马群\a8.exe
文件路径:C:\WINDOWS\system32\drivers\E.tmp
触发规则:应用程序规则->A04…常见修改程序组->*.*->%windir%\*


2009-04-25 09:50:30    修改文件      操作:阻止并结束进程
进程路径:E:\virus\木马群\a8.exe
文件路径:C:\WINDOWS\system32\drivers\
触发规则:所有程序规则->A05…禁止创建文件的目录(黑名单)->%WinDir%\system32\*


2009-04-25 09:50:34    创建文件      操作:阻止
进程路径:E:\virus\木马群\L6.exe
文件路径:C:\WINDOWS\System32\12days.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:36    运行应用程序      操作:阻止
进程路径:E:\virus\木马群\2742513_xeex.exe
文件路径:C:\WINDOWS\system32\cmd.exe
命令行:/c cacls C:\WINDOWS\system32 /e /p everyone:f
触发规则:应用程序规则->A04…禁止的程序操作->*.*->*\cmd.exe


2009-04-25 09:50:36    运行应用程序      操作:阻止
进程路径:E:\virus\木马群\2742513_xeex.exe
文件路径:C:\WINDOWS\system32\cmd.exe
命令行:/c cacls "C:\DOCUME~1\cc\LOCALS~1\Temp\" /e /p everyone:f
触发规则:应用程序规则->A04…禁止的程序操作->*.*->*\cmd.exe


2009-04-25 09:50:45    创建注册表值      操作:阻止
进程路径:E:\virus\木马群\2742513_xeex.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
注册表名称:RsTray
触发规则:所有程序规则->A02…注册表启动项保护(黑名单)增强->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*


2009-04-25 09:50:47    创建文件      操作:阻止并结束进程
进程路径:E:\virus\木马群\a2.exe
文件路径:C:\WINDOWS\Temp\nslF.tmp
触发规则:应用程序规则->A04…常见修改程序组->*.*->%windir%\*


2009-04-25 09:50:47    创建文件      操作:阻止并结束进程
进程路径:E:\virus\木马群\a2.exe
文件路径:C:\WINDOWS\Temp\nsl10.tmp
触发规则:应用程序规则->A04…常见修改程序组->*.*->%windir%\*


2009-04-25 09:50:54    创建文件      操作:阻止
进程路径:E:\virus\木马群\L3.exe
文件路径:C:\Documents and Settings\cc\Local Settings\Temp\elementzx.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:54    创建文件      操作:阻止并结束进程
进程路径:E:\virus\木马群\M4.exe
文件路径:C:\WINDOWS\FOnts\S8a8cnEuaydPJGg8.ttf
触发规则:应用程序规则->A04…常见修改程序组->*.*->%windir%\*


2009-04-25 09:50:55    创建文件      操作:阻止并结束进程
进程路径:E:\virus\木马群\M15.exe
文件路径:C:\WINDOWS\FOnts\cD9KArZZUHxCqnyM.ttf
触发规则:应用程序规则->A04…常见修改程序组->*.*->%windir%\*


2009-04-25 09:50:56    创建文件      操作:阻止
进程路径:E:\virus\木马群\L5.exe
文件路径:C:\Documents and Settings\cc\Local Settings\Temp\xccs.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:50:56    创建文件      操作:阻止并结束进程
进程路径:E:\virus\木马群\S8.exe
文件路径:C:\WINDOWS\FOnts\PACNkAWTwg4Cyb3e.ttf
触发规则:应用程序规则->A04…常见修改程序组->*.*->%windir%\*


2009-04-25 09:50:58    创建文件      操作:阻止并结束进程
进程路径:E:\virus\木马群\S21.exe
文件路径:C:\WINDOWS\FOnts\2knxWtVjbWXmUdGG.ttf
触发规则:应用程序规则->A04…常见修改程序组->*.*->%windir%\*


2009-04-25 09:50:59    创建文件      操作:阻止
进程路径:E:\virus\木马群\scvhost.exe
文件路径:C:\WINDOWS\system32\killdll.dll
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.dll


2009-04-25 09:51:33    创建文件      操作:阻止并结束进程
进程路径:E:\virus\木马群\scvhost.exe
文件路径:C:\WINDOWS\2646703_xeex.exe
触发规则:应用程序规则->A04…常见修改程序组->*.*->*\*.exe
回复

举报

小v可
发表于 2009-4-25 10:03:44 | 显示全部楼层
群啊!
回复

举报

theboyfromchina
发表于 2009-4-25 10:06:26 | 显示全部楼层
额……我还是裸奔的……应该没 中招吧
回复

举报

solag
发表于 2009-4-25 10:09:53 | 显示全部楼层
昨天没在公司机器上  错过了 遗憾。
回复

举报

fandely
发表于 2009-4-25 10:46:21 | 显示全部楼层
我用25号的RX,竟然还留下2个

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

下一页 »
12345678下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-25 12:52 , Processed in 0.098262 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表