来三个(都是流氓软件)........

显示全部楼层 · 发表于 2009-12-22 11:54:26

本帖最后由流清泉于 2009-12-24 10:41 编辑

看来都是流氓软件
还有这个流氓包,就不上传样本了

http://tele.dianwanbox.com/vip/dianwangames_38.rar

提取自这个安装包里...
http://duba.wishdown.com/wishdown/soft/kksoft.exe

显示全部楼层 · 发表于 2009-12-22 12:10:04

本帖最后由牧羊老汉于 2009-12-22 12:24 编辑

全过小红伞
全过卡巴斯基特征码库，
卡巴启发式扫描发现2个威胁，SrDownloader-1008.exe过卡巴启发式扫描

显示全部楼层 · 发表于 2009-12-22 12:11:29

多引擎扫了扫,报的是木马
提取自这个安装包里...
http://duba.wishdown.com/wishdown/soft/kksoft.exe

显示全部楼层 · 发表于 2009-12-22 12:18:02

瑞星2010
Trojan.Win32.Generic.11F4356D

显示全部楼层 · 发表于 2009-12-22 12:26:31

schose.exe
改主页到www.51721.net
添加启动项
shouye.exe
改主页到www.51721.net
添加启动项
改ie快捷方式
添加一堆东西到收藏夹开始菜单桌面
SrDownloader-1008.exe
下载真的超级兔子回来安装，但完全不经用户同意

显示全部楼层 · 发表于 2009-12-22 12:29:01

我家大蛛蛛发现里面有个一个是病毒

显示全部楼层 · 发表于 2009-12-22 12:29:13

卡巴斯基拦截了，下载都没法下载，还是不试了

显示全部楼层 · 发表于 2009-12-22 12:30:42

drweb found 1, missed 2, to
SrDownloader-1008.exe：Trojan.DownLoad1.17795

显示全部楼层 · 发表于 2009-12-22 12:31:57

回复 1# 流清泉

小红伞没有查到。

显示全部楼层 · 发表于 2009-12-22 12:33:12

本帖最后由 adad2008 于 2009-12-22 12:47 编辑

kksoft.exe kv主防报报的是释放的流氓软件未知扫描报了可疑

kksoft.exe

创建注册表键    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer

创建进程(运行程序)    E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\schose.exe /S

创建进程(运行程序)    E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\wanwan2009_10456.exe /S

创建进程(运行程序)    E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\shouye.exe /S

创建进程(运行程序)    E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\SrDownloader-1008.exe /S

srdownloader-1008.exe

修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory = E:\Documents and Settings\Administrator.2659D33C369A4DD\Local Settings\Temporary Internet Files\Content.IE5

修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1\CachePath = E:\Documents and Settings\Administrator.2659D33C369A4DD\Local Settings\Temporary Internet Files\Content.IE5\Cache1

修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2\CachePath = E:\Documents and Settings\Administrator.2659D33C369A4DD\Local Settings\Temporary Internet Files\Content.IE5\Cache2

修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3\CachePath = E:\Documents and Settings\Administrator.2659D33C369A4DD\Local Settings\Temporary Internet Files\Content.IE5\Cache3

修改注册表    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4\CachePath = E:\Documents and Settings\Administrator.2659D33C369A4DD\Local Settings\Temporary Internet Files\Content.IE5\Cache4

e:\documents and settings\administrator.2659d33c369a4dd\桌面\wanwan2009_10456.exe    发现可疑程序
创建文件;
创建注册表键;
e:\documents and settings\administrator.2659d33c369a4dd\桌面\srdownloader-1008.exe    发现可疑程序
修改注册表;
创建注册表键;

e:\documents and settings\administrator.2659d33c369a4dd\桌面\schose.exe

创建项    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

e:\documents and settings\administrator.2659d33c369a4dd\桌面\shouye.exe

设置键值    HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

e:\documents and settings\administrator.2659d33c369a4dd\桌面\schose.exe

设置键值    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\程序启动项

e:\documents and settings\administrator.2659d33c369a4dd\桌面\schose.exe

设置键值    HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

[病毒样本] 来三个(都是流氓软件)........

本帖子中包含更多资源