CCTV8.exe （7/42）

显示全部楼层 · 发表于 2010-7-31 00:48:07

http://www.virustotal.com/analisis/16e312ee9963982f44e6cc313766bd9ac03c06ff6b44868701c6cb1cadb1de1a-1280508298

MD5:9bbff5923c3b965d218f095b0f1cbecd

显示全部楼层 · 发表于 2010-7-31 00:52:26

KIS2011依然被过……

显示全部楼层 · 发表于 2010-7-31 00:57:10

CCTV8.exe - Backdoor.Win32.Cinkel.an

以上文件包含恶意代码，下次更新后即可查杀。

显示全部楼层 · 发表于 2010-7-31 01:03:00

过NOD

显示全部楼层 · 发表于 2010-7-31 01:15:59

过ESCAN

显示全部楼层 · 发表于 2010-7-31 06:45:51

to eset

http://samples.nod32.com.hk/inde ... 65d218f095b0f1cbecd

显示全部楼层 · 发表于 2010-7-31 06:47:43

to xandora(panda)

显示全部楼层 · 发表于 2010-7-31 07:59:16

本帖最后由 a369258147 于 2010.7.31 16:49 编辑

样本名称：CCTV8.exe
文件MD5：9bbff5923c3b965d218f095b0f1cbecd
鉴定结果：危险
金山PC120病毒鉴定中心
http://www.pc120.com/fileident/

显示全部楼层 · 发表于 2010-7-31 08:35:30

Submit to MSE

Avira

显示全部楼层 · 发表于 2010-7-31 09:17:46

本帖最后由 ssama 于 2010.7.31 09:21 编辑

to avast!
Executing: e:\testvirus\cctv8\cctv8.exe
SetWindowsHookEx()
CreateEvent(OleDfRootBD464642EDF82FB7)
CreateProcess((null),libeay32.dll,(null))
CreateProcess((null),msvcr80.dll,(null))
CreateToolhelp32Snapshot()
CreateFile(C:\2010\7\31.txt)
[ceDirectory(C:\WINDOWS\Winsows Publsnx)
CreateFile(E:\TestVirus\CCTV8\CCTV8.exe)
Creolor=#FF0000]CreateProcess((null),E:\TestVirus\CCTV8\CCTV8.exe,(null))
CreateFile(C:\Windows\system32\2.txt)
CreateDirectory(C:\Program Files\Winsows Publsnx)
CreatateFile(C:\Program Files\Winsows Publsnx\services.exe.txt) Move(C:\Program Files\Winsows Publsnx\services.exe.txt->C:\Program Files\Winsows Publsnx\services.exe)
CreateFile(C:\WINDOWS\Winsows Publsnx\services.exe.txt)
Move(C:\WINDOWS\Winsows Publsnx\services.exe.txt->C:\WINDOWS\Winsows Publsnx\services.exe)
RegSetValue(HKLM\SOFTWARE\ws NT\CurrentVersion\LanguagePack\SurrogateFallback\.inl,fileinl)
RegSetValueEx(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\(null), REG_SZ: fileinl)
RegSetValue(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\fileinl\DefaultIcon,%SystemRoot%\System32\shell32.dll,-151)
RegSetValueEx(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\(null), REG_SZ: %SystemRoot%\System32\shell32.dll,-151)
RegSetValue(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\fileinl\Shell\read,打开)
RegSetValueEx(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\(null), REG_SZ: 打开)
RegSetValue(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\fileinl\Shell\read\Command,C:\WINDOWS\Winsows Publsnx\services.exe "%1")
RegSetValueEx(HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\(null), REG_SZ: C:\WINDOWS\Winsows Publsnx\services.exe "%1")
CreateFile(C:\Users\Shamrock\「开始」菜单\程序\启动\win.inl)
CreateFile(C:\Users\Shamrock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\win.inl)
CreateFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat)
CreateFile(C:\Users\Shamrock\AppData\Roaming\Microsoft\Windows\Cookies\index.dat)
CreateFile(C:\Users\Shamrock\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat)
RegDeleteValue(HKCU\Software\Microsoft\Internet Explorer\LowRegistry\AddToFavoritesInitialSelection)
RegDeleteValue(HKCU\Software\Microsoft\Internet Explorer\LowRegistry\AddToFeedsInitialSelection)
DeleteFile(C:\Users\Shamrock\AppData\Local\Temp\~DFECE1.tmp)

[病毒样本] CCTV8.exe （7/42）

浏览过的版块