FakeAV

显示全部楼层 · 发表于 2009-11-22 16:53:17

NIS2010没有扫描出来，但是解压后被干掉了~~~~~~~~

显示全部楼层 · 发表于 2009-11-22 16:53:20

To KL

显示全部楼层 · 发表于 2009-11-22 16:57:32

kv主动防御报危险

e:\documents and settings\administrator\桌面\antimalware[1]\antimalware.exe    创建注册表键    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders    2009-11-22 17:00:26
e:\documents and settings\administrator\桌面\antimalware[1]\antimalware.exe    创建注册表键    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders    2009-11-22 17:00:57
e:\documents and settings\administrator\桌面\antimalware[1]\antimalware.exe    修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData = E:\Documents and Settings\All Users.WINT\Application Data    2009-11-22 17:00:57
e:\documents and settings\administrator\桌面\antimalware[1]\antimalware.exe    修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory = E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5    2009-11-22 17:01:00
e:\documents and settings\administrator\桌面\antimalware[1]\antimalware.exe    修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1\CachePath = E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1    2009-11-22 17:01:01
e:\documents and settings\administrator\桌面\antimalware[1]\antimalware.exe    修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2\CachePath = E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2    2009-11-22 17:01:01
e:\documents and settings\administrator\桌面\antimalware[1]\antimalware.exe    修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3\CachePath = E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3    2009-11-22 17:01:02
e:\documents and settings\administrator\桌面\antimalware[1]\antimalware.exe    修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4\CachePath = E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4    2009-11-22 17:01:03
e:\documents and settings\administrator\桌面\antimalware[1]\antimalware.exe    发现可疑程序
创建注册表键;
修改注册表;
创建文件;
创建进程(运行程序);    2009-11-22 17:01:18
e:\documents and settings\administrator\桌面\antimalware[1]\antimalware.exe    发现可疑程序
创建注册表键;
修改注册表;
创建文件;
创建进程(运行程序);
连接网络;    2009-11-22 17:01:24

[ 本帖最后由 adad2008 于 2009-11-22 17:02 编辑 ]

显示全部楼层 · 发表于 2009-11-22 17:34:02

New malicious software was found in the attached file. Its detection will be included in the next update.
Thank you for your help.

Trojan.Win32.FraudPack.aaul

显示全部楼层 · 发表于 2009-11-22 17:39:07

ESET
antimalware.exe - Win32/Kryptik.BBM 特洛伊木马的变种 - 通过删除清除 - 已隔离
to VB & PA

显示全部楼层 · 发表于 2009-11-22 17:56:01

Filename Result
antimalware.exe UNDER ANALYSIS

The file 'antimalware.exe' has been determined to be 'UNDER ANALYSIS'.

显示全部楼层 · 发表于 2009-11-22 18:37:42

360 miss

显示全部楼层 · 发表于 2009-11-22 21:32:42

McAfee 报了可疑月神。。

显示全部楼层 · 发表于 2009-11-23 12:13:14

Win32:Malware-gen

[病毒样本] FakeAV

本帖子中包含更多资源

本帖子中包含更多资源