[病毒样本] 1

显示全部楼层 · 发表于 2009-7-12 11:56:35

TO KL KV RS MP

瑞星2010木马行为不报
查询编号：RS20090712111129578125
文件名称：newqqxwwg.exe
文件MD5：7A4E32051F82370063309F55F43787F2
文件状态：病毒文件
病毒名称：Trojan.Win32.Generic.51EA6C45
解决版本：22.03.06.04

KIS2010HIPS拦截

显示全部楼层 · 发表于 2009-7-12 12:02:41

Avira
PCK/FSG

显示全部楼层 · 发表于 2009-7-12 12:04:35

Watching C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
Watching C:\WINDOWS
Watching C:\Program Files
Modifed: C:\WINDOWS\system32\CatRoot2\dberr.txt
Created: C:\WINDOWS\security\mspump.exe
Modifed: C:\WINDOWS\security\mspump.exe
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET1A31.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET3.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET3.tmp
Deteled: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET1A31.tmp
Created: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF909D.tmp
Modifed: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF909D.tmp
71a274df    RegOpenKeyExA (HKLM\System\CurrentControlSet\Services\WinSock2\Parameters)
71a280c4    RegOpenKeyExA (Protocol_Catalog9)
71a2777e    RegOpenKeyExA (00000009)
71a2764d    RegOpenKeyExA (Catalog_Entries)
71a27cea    RegOpenKeyExA (000000000001)
71a27cea    RegOpenKeyExA (000000000002)
71a27cea    RegOpenKeyExA (000000000003)
71a27cea    RegOpenKeyExA (000000000004)
71a27cea    RegOpenKeyExA (000000000005)
71a27cea    RegOpenKeyExA (000000000006)
71a27cea    RegOpenKeyExA (000000000007)
71a27cea    RegOpenKeyExA (000000000008)
71a27cea    RegOpenKeyExA (000000000009)
71a27cea    RegOpenKeyExA (000000000010)
71a27cea    RegOpenKeyExA (000000000011)
71a27cea    RegOpenKeyExA (000000000012)
71a27cea    RegOpenKeyExA (000000000013)
71a22623    WaitForSingleObject(798,0)
71a287c6    RegOpenKeyExA (NameSpace_Catalog5)
71a2777e    RegOpenKeyExA (00000004)
71a2835b    RegOpenKeyExA (Catalog_Entries)
71a284ef    RegOpenKeyExA (000000000001)
71a284ef    RegOpenKeyExA (000000000002)
71a284ef    RegOpenKeyExA (000000000003)
71a22623    WaitForSingleObject(790,0)
71a11af2    RegOpenKeyExA (HKLM\System\CurrentControlSet\Services\Winsock2\Parameters)
71a1198e    GlobalAlloc()
7c80b72f    ExitThread()
4001c9    LoadLibraryA(KERNEL32.dll)=7c800000
4001c9    LoadLibraryA(USER32.dll)=77d10000
5d173344    GetVersionExA()
5d1733ab    GetCommandLineA()
5d174952    GetVersionExA()
5d1754e8    GetCurrentProcessId()=1344
5d175742    GetVersionExA()
7d5f708b    GetVersionExA()
4001c9    LoadLibraryA(SHELL32.dll)=7d590000
4001c9    LoadLibraryA(SHLWAPI.dll)=77f40000
40314b    GetVersionExA()
40164d    GetCommandLineA()
40115d    WriteFile(h=784)

[ 本帖最后由 ghj89100062 于 2009-7-12 12:07 编辑 ]

显示全部楼层 · 发表于 2009-7-12 12:17:44

2009-07-12 12:17:19 应用程序保护(运行应用程序)    操作:阻止并结束进程
进程路径:C:\Documents and Settings\Administrator\桌面\newqqxwwg.exe
文件路径:C:\WINDOWS\System32\cmd.exe
命令行:/c del C:\DOCUME~1\ADMINI~1\桌面\NEWQQX~1.EXE > nul
2009-07-12 12:17:19 文件保护(创建文件)    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\newqqxwwg.exe
文件路径:C:\WINDOWS\security\mspump.exe
2009-07-12 12:17:19 文件保护(创建文件)    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\newqqxwwg.exe
文件路径:C:\WINDOWS\security\mspump.exe

显示全部楼层 · 发表于 2009-7-12 13:24:43

瑞星2010
Trojan.Win32.Generic.11EA6C45

显示全部楼层 · 发表于 2009-7-12 17:10:47

KL还没回信
MS还没入库
谁再去上报下

显示全部楼层 · 发表于 2009-7-12 17:15:08

卡巴不报

显示全部楼层 · 发表于 2009-7-12 20:46:33

显示全部楼层 · 发表于 2009-7-12 21:25:48

http://www.virustotal.com/zh-tw/ ... 30af3006-1247372642

显示全部楼层 · 发表于 2009-7-13 23:06:45

入库

2009/7/13 23:04:16 已清除木马程序 Trojan.Win32.Agent.cpws G:\Temp\Virus\newqqxwwg.rar/newqqxwwg.exe

[病毒样本] 1

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块