刚刚卡巴讨论区的Keygen！

显示全部楼层 · 发表于 2007-2-13 16:34:58

刚刚有一会员在卡巴讨论区发了一个Keygen，卡巴主动防御提示木马行为。现发上请各位会员和版主测试一下。手上工具不多！

[ 本帖最后由曲中求于 2007-2-13 16:41 编辑 ]

显示全部楼层 · 发表于 2007-2-13 16:44:53

瑞星再次放过

显示全部楼层 · 发表于 2007-2-13 16:54:02

bd报了是后门，飞塔报可疑

显示全部楼层 · 发表于 2007-2-13 16:54:42

红伞解压缩报，扫描不报

显示全部楼层 · 发表于 2007-2-13 16:55:26

Antivirus Version Update Result
AntiVir 7.3.1.36 02.13.2007  no virus found
Authentium 4.93.8 02.12.2007  no virus found
Avast 4.7.936.0 02.12.2007  no virus found
AVG 386 02.12.2007  no virus found
BitDefender 7.2 02.13.2007 MemScan:Backdoor.VB.EV
CAT-QuickHeal 9.00 02.13.2007  no virus found
ClamAV devel-20060426 02.12.2007  no virus found
DrWeb 4.33 02.13.2007  no virus found
eSafe 7.0.14.0 02.12.2007  no virus found
eTrust-Vet 30.4.3394 02.13.2007  no virus found
Ewido 4.0 02.12.2007  no virus found
Fortinet 2.85.0.0 02.13.2007 suspicious
F-Prot 4.2.1.29 02.12.2007  no virus found
F-Secure 6.70.13030.0 02.13.2007  no virus found
Ikarus T3.1.0.31 02.13.2007  no virus found
Kaspersky 4.0.2.24 02.13.2007  no virus found
McAfee 4961 02.12.2007  no virus found
Microsoft 1.2204 02.13.2007  no virus found
NOD32v2 2056 02.12.2007  no virus found
Norman 5.80.02 02.12.2007  no virus found
Panda 9.0.0.4 02.13.2007  no virus found
Prevx1 V2 02.13.2007  no virus found
Sophos 4.13.0 02.12.2007  no virus found
Sunbelt 2.2.907.0 02.09.2007  no virus found
Symantec 10 02.13.2007  no virus found
TheHacker 6.1.6.056 02.11.2007  no virus found
UNA 1.83 02.09.2007  no virus found
VBA32 3.11.2 02.12.2007 suspected of Backdoor.Hupigon.5 (paranoid heuristics)

显示全部楼层 · 发表于 2007-2-13 17:15:29

kill/

HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\ RUN C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ (Default) C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ (Default) C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ (Default) C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ (Default) C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ ANTIVIR C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ ANTIVIR C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ ANTIVIR C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ANTIVIR C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ UPDATE CHECKER C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ UPDATE CHECKER C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ UPDATE CHECKER C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ UPDATE CHECKER C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ ICQ LITE C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ ICQ LITE C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ ICQ LITE C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ICQ LITE C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ MSCONFIG C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ MSCONFIG C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ MSCONFIG C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ MSCONFIG C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ WINDOWS UPDATE C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ WINDOWS UPDATE C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ WINDOWS UPDATE C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:39 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ WINDOWS UPDATE C:\WINDOWS\SCVHOST.EXE C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\ RUN  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ (Default)  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ (Default)  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ (Default)  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ (Default)  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ ANTIVIR  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ ANTIVIR  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ ANTIVIR  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ANTIVIR  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ UPDATE CHECKER  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ UPDATE CHECKER  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ UPDATE CHECKER  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ UPDATE CHECKER  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ ICQ LITE  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ ICQ LITE  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ ICQ LITE  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ICQ LITE  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ MSCONFIG  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ MSCONFIG  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ MSCONFIG  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ MSCONFIG  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX\ WINDOWS UPDATE  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ WINDOWS UPDATE  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ WINDOWS UPDATE  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:31 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ WINDOWS UPDATE  C:\WINDOWS\SCVHOST.EXE D:\TEMP\IXP000.TMP\KEY-GE~1.EXE
2007-02-13 17:11:26 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ WEXTRACT_CLEANUP0  RUNDLL32.EXE C:\WINDOWS\SYSTEM32\ADVPACK.DLL,DELNODERUNDLL32 "D:\TEMP\IXP000.TMP\" E:\MR.A'S BOX\SOFTKILLER\KASPERSKY KEYGEN ANTIVIR+INTERNET SECURITY WORKED\KAV-KEYGEN.EXE

显示全部楼层 · 发表于 2007-2-13 17:31:31

从楼上微点的日志看
的确不是好东西

加启动项都加到ICQ上去了
看来是国外的血统！
飘洋过海不容易啊

接下去的添加服务那一步就很明显是恶意程序了。
不用看了，一个字……杀！！！

显示全部楼层 · 发表于 2007-2-13 17:43:02

感谢几位帮忙测试，何其恶劣啊。。。。。

显示全部楼层 · 发表于 2007-2-13 17:55:50

费尔右键扫描报带壳程序，唉

显示全部楼层 · 发表于 2007-2-13 17:57:04

BackDoor-ASB 咖啡报的！

[病毒样本] 刚刚卡巴讨论区的Keygen！

本帖子中包含更多资源

本帖子中包含更多资源