收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 刚从机器里找到的
12
返回列表 发新帖
楼主: dreams521
 收起左侧

[病毒样本] 刚从机器里找到的

[复制链接]
wptyh73hm
发表于 2009-7-2 17:28:37 | 显示全部楼层
2009-7-2 17:26:07    创建新进程    允许
进程: f:\program files\7-zip\7zfm.exe
目标: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zO77.tmp\ci.exe"
规则: [应用程序]*

2009-7-2 17:26:10    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert0.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:11    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert1.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:12    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert2.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:13    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert3.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:14    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert4.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:16    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert5.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:18    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert6.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:19    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert7.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:19    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert8.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:21    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert9.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:22    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert10.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:22    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert11.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:23    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert12.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:24    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert13.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:25    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert14.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:26    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert15.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:27    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert16.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:28    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert17.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:29    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert18.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:30    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert19.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:31    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert20.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:32    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert21.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:33    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert22.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:34    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert23.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:35    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert24.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:36    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert25.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:36    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert26.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:37    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert27.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:38    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert28.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:39    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert29.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:39    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert30.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:40    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert31.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:41    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert32.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:41    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert33.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:42    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert34.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:43    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert35.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:43    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert36.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:44    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert37.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:45    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert38.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:45    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert39.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:46    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert40.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:47    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert41.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:47    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert42.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:48    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert43.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:49    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert44.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:49    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert45.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:50    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert46.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:26:51    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert47.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:27:07    创建文件    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\gert48.dll
规则: [文件组]所有执行文件 -> [文件]*; *.dll

2009-7-2 17:27:14    创建新进程    阻止
进程: c:\documents and settings\administrator\local settings\temp\7zo77.tmp\ci.exe
目标: c:\windows\system\ads.exe
命令行: "C:\WINDOWS\system\ads.exe"
规则: [应用程序]*

2009-7-2 17:27:24    删除文件    允许
进程: f:\program files\7-zip\7zfm.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\7zO77.tmp\ci.exe
规则: [文件组]所有执行文件 -> [文件]*; *.exe
回复

举报

红心王子
发表于 2009-7-2 17:39:26 | 显示全部楼层
2009-7-2        17:40:10        1246527610        Administrator        1468        Sign of "Win32:Flooder-BA [Trj]" has been found in "http://bbs.kafan.cn/attachment.php?aid=572213&k=5b638e018ac0ad225a33e656fa38682a&t=1246527506\ci.exe" file.
回复

举报

yulhun
发表于 2009-7-2 17:44:12 | 显示全部楼层
nod  IRC/Kelebek.NAB trojan
回复

举报

kingmuro
头像被屏蔽
发表于 2009-7-2 19:13:31 | 显示全部楼层

KAV6.0

已检测:木马程序 Backdoor.IRC.Kelebek.ak        URL:http://bbs.kafan.cn/attachment.p ... 8//ci.exe//mIRC.ini
回复

举报

xieyun
发表于 2009-7-2 19:42:11 | 显示全部楼层
AVG 8.5 MISS!!!!!!!!!
回复

举报

kalynn84
发表于 2009-7-2 19:59:46 | 显示全部楼层
Win32:Flooder-BA [Trj]
回复

举报

BING126
头像被屏蔽
发表于 2009-7-2 22:21:38 | 显示全部楼层
McAfee 报了可疑月神

PS:正在上报中。。
回复

举报

KK院长
发表于 2009-7-3 08:58:25 | 显示全部楼层
BD杀之
回复

举报

nor-ton
发表于 2009-7-7 09:34:00 | 显示全部楼层
诺顿报Infostealer.Bancos
回复

举报

schumi小粉
发表于 2009-7-7 09:44:20 | 显示全部楼层
TF安全社区以卡巴报毒方式报毒~~

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-9-18 18:55 , Processed in 0.087589 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表