收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 Inst.exe——VBS/StartPage.FP
12下一页
返回列表 发新帖
查看: 4706|回复: 13
收起左侧

[病毒样本] Inst.exe——VBS/StartPage.FP

[复制链接]
O(∩_∩)O哈哈~
发表于 2010-7-30 08:09:20 | 显示全部楼层 |阅读模式
本帖最后由 O(∩_∩)O哈哈~ 于 2010.7.30 08:14 编辑


回复

举报

jayavira
发表于 2010-7-30 08:16:18 | 显示全部楼层
ess kill

   VBS/StartPage.FP 特洛伊木马
回复

举报

gbs0856
发表于 2010-7-30 08:28:09 | 显示全部楼层
Submit to MSE
Avira



回复

举报

rasis
发表于 2010-7-30 08:47:39 | 显示全部楼层
ks

病毒        2010-07-30  08:47:24        d:\download\inst.rar<a:rar>inst.exe        Win32.Troj.Delf.a.(kcloud)        处理成功(操作:删除)       
回复

举报

中邪
发表于 2010-7-30 11:05:11 | 显示全部楼层
AVG AntiVirus 9.0
URL: bbs.kafan.cn/forum.php?mod=attachment&aid=OTA1MjE2fDJmMTA1NTVjfDEyODA0NTkwNTR8NDMzMjYx
名称: 发现病毒 JS/StartPage
回复

举报

大肚而为
发表于 2010-7-30 11:28:13 | 显示全部楼层
过小A5,红伞扫描威胁
回复

举报

njjsxy
发表于 2010-7-30 17:22:46 | 显示全部楼层
您好,

Inst.exe_ - Trojan-Dropper.Win32.NSIS.so

以上文件包含恶意代码,下次更新后即可查杀。感谢您的上报。

回复时请引用全部邮件。


--

卡巴斯基中国病毒实验室
中文主页:http://www.kaspersky.com.cn
病毒上报邮箱:viruslab@kaspersky.com.cn
技术支持邮箱:support@kaspersky.com.cn

评分

参与人数 1人气 +1 收起 理由
尤金卡巴斯基 + 1

查看全部评分

回复

举报

ssama
发表于 2010-7-30 17:33:29 | 显示全部楼层
本帖最后由 ssama 于 2010.7.30 18:09 编辑

to avast!

Executing: e:\testvirus\inst.exe
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1441131e-985d-11df-a501-806e6f6e6963}\\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCR\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1441131e-985d-11df-a501-806e6f6e6963}\\BaseClass, REG_SZ: Drive)
RegCreateKeyEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1441131c-985d-11df-a501-806e6f6e6963}\,(null))
RegSetValueEx(HKCR\Drive\shellex\FolderExtensions\BaseClass, REG_SZ: Drive)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\nsyC3F2.tmp)
CreateFile(C:\Users\Shamrock\AppData\Local\Temp\nsnC402.tmp)
CreateFile(C:\Windows\system32\flash.scf)
CreateFile(C:\Program Files\Common Files\System\ado\myie.vbs)
CreateFile(C:\Program Files\Messenger\Messenger.kbb)
CreateFile(C:\Program Files\Messenger\taodwq.ico)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp)
CreateFile(C:\Users\Shamrock\AppData\Local\Temp\uninst.exe) [
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\{871C5380-42A0-1069-A2EA-08002B30309D}, REG_DWORD: 1)
RegSetValueEx(HKLM\Software\Microsoft\Windows Script Host\Settings\Enabled, REG_DWORD: 1)
RegSetValueEx(HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-30520, REG_SZ: Internet  Explorer)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon, REG_DWORD: 1)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\Favorites, REG_BINARY)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden, REG_DWORD: 2)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden, REG_DWORD: 0)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden, REG_DWORD: 0)
Copy(C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp\nsExec.dll->C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp\nsC54C.tmp)
CreateProcess((null),"C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp\nsC54C.tmp" "C:\Windows\system32\cscript.exe" "C:\Program Files\Common Files\System\ado\myie.vbs",(null))
Executing: d:\sandbox\shamrock\test\user\current\appdata\local\temp\nsdc461.tmp\nsc54c.tmp
OpenProcess(d:\sandbox\shamrock\test\user\current\appdata\local\temp\nsdc461.tmp\nsc54c.tmp)
CreateProcess((null),"C:\Windows\system32\cscript.exe" "C:\Program Files\Common Files\System\ado\myie.vbs",(null))
Executing: c:\windows\system32\cscript.exeRegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1441131b-985d-11df-a501-806e6f6e6963}\\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\BaseClass, REG_SZ: Drive) [
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\BaseClass, REG_SZ: Drive) [
RegSetValueEx(HKLM\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCR\Directory\BaseClass, REG_SZ: Drive
RegSetValueEx(HKCR\AllFilesystemObjects\BaseClass, REG_SZ: Drive)
Copy(C:\Program Files\Internet Explorer\iexplore.exe->C:\Program Files\Internet Explorer\MUI\iexplore.exe)
Copy(C:\Windows\system32\wscript.exe->C:\Program Files\Messenger\Ntype.exe)
RegDeleteKey(HKCU\Software\Microsoft\Windows\CurrentVersion\PropertySystem)
CreateFile(C:\Program Files\lnkfiles\15.txt)
CreateFile(C:\Program Files\lnkfiles\17.txt)
CreateFile(C:\Program Files\lnkfiles\19.txt)CreateFile(C:\Program Files\lnkfiles\21.txt)
CreateFile(C:\Program Files\lnkfiles\23.txt)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp\nsC54C.tmp)
Copy(C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp\nsExec.dll->C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp\nsF602.tmp)
CreateProcess((null),"C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp\nsF602.tmp" "C:\Windows\system32\wscript.exe" "C:\Program Files\Messenger\messenger.kbb",(null))
Executing: d:\sandbox\shamrock\test\user\current\appdata\local\temp\nsdc461.tmp\nsf602.tmp
CreateProcess((null),"C:\Windows\system32\wscript.exe" "C:\Program Files\Messenger\messenger.kbb",(null))
Executing: c:\windows\system32\wscript.exe
RegSetValueEx(HKCR\.79z\, REG_SZ: 79zfile)
RegSetValueEx(HKCR\79zfile\, REG_SZ: 快捷方式)
RegSetValueEx(HKCR\79zfile\IsShortcut, REG_SZ: )
RegSetValueEx(HKCR\79zfile\NeverShowExt, REG_SZ: )
RegSetValueEx(HKCR\79zfile\DefaultIcon\, REG_EXPAND_SZ: %SystemRoot%\system32\url.dll,0)
RegSetValueEx(HKCR\79zfile\CLSID\, REG_SZ: {FBF23B40-E3F0-101B-8488-00AA003E56F8}) [
RegSetValueEx(HKCR\79zfile\shell\, REG_SZ: open) [c:\windows\system32\wscript.exe]
RegSetValueEx(HKCR\79zfile\shell\open\CLSID, REG_SZ: {FBF23B40-E3F0-101B-8488-00AA003E56F8})
RegSetValueEx(HKCR\79zfile\shell\open\command\, REG_SZ: C:\Program Files\Messenger\Ntype.exe "C:\Program Files\Messenger\Messenger.kbb" "%1")
RegSetValueEx(HKCR\79zfile\shellex\IconHandler\, REG_SZ: {FBF23B40-E3F0-101B-8488-00AA003E56F8})
RegSetValueEx(HKCR\79zfile\shellex\ContextMenuHandlers\, REG_SZ: )
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1441131b-985d-11df-a501-806e6f6e6963}\\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCR\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCR\Drive\shellex\FolderExtensions\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1441131d-985d-11df-a501-806e6f6e6963}\\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1072757026-2187543342-3542138938-1000\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCR\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\BaseClass, REG_SZ: Drive)
CreateFile(C:\Users\Public\Desktop\Internet  Explorer.79z)
CreateFile(C:\Program Files\lnkfiles\\15.79z)
Copy(C:\Program Files\lnkfiles\\15.79z->C:\Users\Public\Desktop\谷歌浏览器.79z)
DeleteFile(C:\Program Files\lnkfiles\\15.79z)
CreateFile(C:\Program Files\lnkfiles\\17.79z)
Copy(C:\Program Files\lnkfiles\\17.79z->C:\Users\Public\Desktop\谷歌浏览器.79z)
DeleteFile(C:\Program Files\lnkfiles\\17.79z)
CreateFile(C:\Program Files\lnkfiles\\19.79z)
Copy(C:\Program Files\lnkfiles\\19.79z->C:\Users\Shamrock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.79z)
DeleteFile(C:\Program Files\lnkfiles\\19.79z)
CreateFile(C:\Program Files\lnkfiles\\21.79z)
Copy(C:\Program Files\lnkfiles\\21.79z->C:\Users\Shamrock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).79z)
DeleteFile(C:\Program Files\lnkfiles\\21.79z)
CreateFile(C:\Program Files\lnkfiles\\23.79z)
Copy(C:\Program Files\lnkfiles\\23.79z->C:\ProgramData\Microsoft\Windows\Start Menu\Programs\谷歌浏览器\谷歌浏览器.79z)
DeleteFile(C:\Program Files\lnkfiles\\23.79z)
RegDeleteValue(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProxyBypass)
RegDeleteValue(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\IntranetName)
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\UNCAsIntranet, REG_DWORD: 0)
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\AutoDetect, REG_DWORD: 1)RegDeleteValue(HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProxyBypass) [c:\windows\system32\wscript.exe]
RegDeleteValue(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\IntranetName) [c:\windows\system32\wscript.exe]
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\UNCAsIntranet, REG_DWORD: 0) [c:\windows\system32\wscript.exe]
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\AutoDetect, REG_DWORD: 1
Executing: c:\windows\explorer.exe
RegSetValueEx(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedUserData\UsedDrives\d, REG_BINARY)
RegSetValueEx(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedUserData\UsedDrives\MRUList, REG_SZ: dcba)
RegSetValueEx(HKLM\Software\Classes\NodeSlots, REG_BINARY)
CreateMutex(Local\Shell.CMruPidlList)
RegSetValueEx(HKLM\Software\Classes\MRUListEx, REG_BINARY)
RegSetValueEx(HKLM\Software\Classes\NodeSlots, REG_BINARY)
RegSetValueEx(HKLM\Software\Classes\MRUListEx, REG_BINARY)
RegDeleteKey(HKCU\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertySchema)
RegDeleteKey(HKCU\Software\Microsoft\Windows\CurrentVersion\PropertySystem)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKLM\Software\Microsoft\Windows\Shell\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\BaseClass, REG_SZ: Drive) [
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\BaseClass, REG_SZ: Drive) [c:\windows\explorer.exe]
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NodeSlots, REG_BINARY) [
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MRUListEx, REG_BINARY)
GetKeyState()
OpenService(Csc)
OpenService(CscService)
RegSetValueEx(HKCU\Software\Microsoft\Internet Explorer\Toolbar\Locked, REG_DWORD: 1)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp\nsF602.tmp)
CreateProcess((null),"C:\Users\Shamrock\AppData\Local\Temp\uninst.exe",(null))
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp\nsExec.dll)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\nsdC461.tmp\nsProcess.dll)
Executing: d:\sandbox\shamrock\test\user\current\appdata\local\temp\uninst.exe
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NodeSlots, REG_BINARY)
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MRUListEx, REG_BINARY)
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\UNCAsIntranet, REG_DWORD: 0)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AutoDetect, REG_DWORD: 1
RegSetValueEx(HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\BaseClass, REG_SZ: Drive)
RegDeleteValue(HKCR\Directory\ProxyBypass) [
RegDeleteValue(HKCR\AllFilesystemObjects\ProxyBypass)
RegDeleteValue(HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\IntranetName)
RegSetValueEx(HKCR\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\UNCAsIntranet, REG_DWORD: 0)
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings\AutoDetect, REG_DWORD: 1)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\nsq3C10.tmp)
CreateFile(C:\Users\Shamrock\AppData\Local\Temp\nsv3C30.tmp)
RegDeleteValue(HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProxyBypass)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Au_.exe)
Copy(C:\Users\Shamrock\AppData\Local\Temp\uninst.exe->C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Au_.exe)
RegDeleteValue(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProxyBypass) [c:\windows\explorer.exe]
RegDeleteValue(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\IntranetName) [c:\windows\explorer.exe]
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\UNCAsIntranet, REG_DWORD: 0) [c:\windows\explorer.exe]
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\AutoDetect, REG_DWORD: 1) [c:\windows\explorer.exe]
CreateProcess((null),"C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=C:\Users\Shamrock\AppData\Local\Temp\,(null))
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Bu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Cu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Du_.exe)
Executing: d:\sandbox\shamrock\test\user\current\appdata\local\temp\~nsu.tmp\au_.exe
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Eu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Fu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Gu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Hu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Iu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Ju_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Ku_.exe) ]
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Lu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Mu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Nu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Ou_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Pu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Qu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Ru_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Su_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Tu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Uu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Vu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Wu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Xu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Yu_.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~nsu.tmp\Zu_.exe)
WNetOpenEnum()RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKCR\Drive\shellex\FolderExtensions\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings\BaseClass, REG_SZ: Drive)
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\BaseClass, REG_SZ: Drive)
CreateMutex(Global\C::Users:Shamrock:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer)
CreateMutex(Global\C::Users:Shamrock:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer)
CreateMutex(Global\C::Users:Shamrock:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer)
CreateMutex(Global\C::Users:Shamrock:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer)
CreateMutex(Global\C::Users:Shamrock:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit)
CreateMutex(Global\C::Users:Shamrock:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs)
DeleteFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db)
DeleteFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db)
DeleteFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db)
DeleteFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db)
DeleteFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db)
DeleteFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db)
CreateFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db)
CreateFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db)
CreateFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db)
CreateFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db)
CreateFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db)
CreateFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db)
CreateFile(C:\Users\Shamrock\AppData\Local\Temp\nsf6F36.tmp) [
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\uninst.exe)
DeleteFile(E:\TestVirus\Inst.exe)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\sogou.ini)
RegSetValueEx(HKCR\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\LangID, REG_BINARY)
RegSetValueEx(HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\Order, REG_BINARY)Executing: c:\windows\system32\dllhost.exe
Executing: c:\windows\system32\rundll32.exe
CreateMutex(Global\C::Users:Shamrock:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!218)
CreateMutex(Global\C::Users:Shamrock:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!294)
CreateMutex(Global\C::Users:Shamrock:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!2d2)
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NodeSlots, REG_BINARY) ]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MRUListEx, REG_BINARY)
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MinPos1440x900(1).x, REG_DWORD: -1) []
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MinPos1440x900(1).y, REG_DWORD: -1) [
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MaxPos1440x900(1).x, REG_DWORD: -1) []
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MaxPos1440x900(1).y, REG_DWORD: -1) ]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WinPos1440x900(1).left, REG_DWORD: 124)
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WinPos1440x900(1).top, REG_DWORD: 80)
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WinPos1440x900(1).right, REG_DWORD: 924) []
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WinPos1440x900(1).bottom, REG_DWORD: 683) ]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WFlags, REG_DWORD: 0)
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\ShowCmd, REG_DWORD: 1) ]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HotKey, REG_DWORD: 0)
CreateMutex(_SHuassist.mtx)
GetAsyncKeyState() RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Rev, REG_DWORD: 0) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\FFlags, REG_DWORD: 1075838977) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\HotKey, REG_DWORD: 0) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Buttons, REG_DWORD: 0) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Links, REG_DWORD: 0) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Address, REG_DWORD: 0) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Vid, REG_SZ: {65F125E5-7BE1-4810-BA9D-D271C8432CE3}) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Mode, REG_DWORD: 6) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\FFlags, REG_DWORD: 1075838977) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\ScrollPos1440x900(1).x, REG_DWORD: 0) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\ScrollPos1440x900(1).y, REG_DWORD: 0) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\IconSize, REG_DWORD: 48) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\LogicalViewMode, REG_DWORD: 2) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\GroupView, REG_DWORD: -1) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\FMTID:GroupByKey, REG_SZ: {B725F130-47EF-101A-A5F1-02608C9EEBAC}) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PID:GroupByKey, REG_DWORD: 4) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\GroupByGUID, REG_SZ: {00000000-0000-0000-0000-000000000000}) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\GroupByDirection, REG_DWORD: 1) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\ColInfo, REG_BINARY) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\GroupCollapseState, REG_BINARY) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Sort, REG_BINARY) [c:\windows\explorer.exe]
RegDeleteValue(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\ItemPos1440x900(1)) [c:\windows\explorer.exe]
RegDeleteValue(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\ItemOrder) [c:\windows\explorer.exe]
RegCreateKeyEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\GlobalSettings\ProperTreeModuleInner,(null)) [c:\windows\explorer.exe]
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\GlobalSettings\ProperTreeModuleInner\ProperTreeModuleInner, REG_BINARY)
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Mode, REG_DWORD: 6) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\FFlags, REG_DWORD: 1075838977) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ScrollPos1440x900(1).x, REG_DWORD: 0) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ScrollPos1440x900(1).y, REG_DWORD: 0) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\IconSize, REG_DWORD: 48) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\LogicalViewMode, REG_DWORD: 2) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\GroupView, REG_DWORD: -1) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\FMTID:GroupByKey, REG_SZ: {B725F130-47EF-101A-A5F1-02608C9EEBAC}) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\PID:GroupByKey, REG_DWORD: 4) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\GroupByGUID, REG_SZ: {00000000-0000-0000-0000-000000000000}) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\GroupByDirection, REG_DWORD: 1) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ColInfo, REG_BINARY) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\GroupCollapseState, REG_BINARY) [c:\windows\explorer.exe]
RegSetValueEx(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Sort, REG_BINARY) [c:\windows\explorer.exe]
RegDeleteValue(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ItemPos1440x900(1)) [c:\windows\explorer.exe]
RegDeleteValue(HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ItemOrder) [c:\windows\explorer.exe]
RegSetValueEx(HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\GlobalSettings\ProperTreeModuleInner\ProperTreeModuleInner, REG_BINARY)


然后就没了..



回复

举报

ablhr
发表于 2010-7-30 18:58:35 | 显示全部楼层
费尔杀
回复

举报

hklwk
发表于 2010-7-30 19:02:47 | 显示全部楼层
Inst.rar;已删除;Win32.Troj.Delf.a.(kcloud);2010-07-30 19: 02;
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-14 17:56 , Processed in 0.136298 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表