无语发给金山和EVA都分析了几天了结果还没出来！

显示全部楼层 · 发表于 2010-8-13 18:20:24

本帖最后由 cghzzz 于 2010.8.13 20:12 编辑

好像就9款杀软报了
http://virscan.org/report/d5b91300f727a07dfe66db5991330157.html

分析报告
http://anubis.iseclab.org/?action=result&task_id=17773b3500070b574fd90a4ef6e4b12a3&format=txt

___ __ _ + /- / | ____ __ __/ /_ (_)____ -\ + /s h- / /| | / __ \/ / / / __ \/ / ___/ -h s\ oh-:d/ / ___ |/ / / / /_/ / /_/ / (__ ) /d:-ho shh+hy- /_/ |_/_/ /_/\__,_/_.___/_/____/ -yh+hhs -:+hhdhyys/- -\syyhdhh+:- -//////dhhhhhddhhyss- Analysis Report -ssyhhddhhhhhd\\\\\\- /++/////oydddddhhyys/ ooooooooooooooooooooo \syyhhdddddyo\\\\\++\ -+++///////odh/- -+hdo\\\\\\\+++- +++++++++//yy+/: :\+yy\\+++++++++ /+soss+sys//yyo/os++o+: :+o++so\oyy\\sys+ssos+\+oyyyys++o/+yss/+/oyyyy: :yyyyo\+\ssy+\o++syyyyo++oyyyyyyso+os/o/+yyyyyy/ \yyyyyy+\o\so+osyyyyyyo+[#############################################################################] Analysis Report for Setup.exe MD5: 7a76ff46dc65ae5daaaf0384a947e7e0[#############################################################################]Summary: - Performs File Modification and Destruction: The executable modifiesand destructs files which are not temporary. - Performs Registry Activities: The executable reads and modifies registry values. It also creates and monitors registry keys.[=============================================================================] Table of Contents[=============================================================================]- General information- Setup.exe a) Registry Activities b) File Activities[#############################################################################] 1. General Information[#############################################################################][=============================================================================] Information about Anubis' invocation[=============================================================================] Time needed: 241 s Report created: 08/13/10, 12:01:32 UTC Termination reason: Timeout Program version: 1.74.3110[#############################################################################] 2. Setup.exe[#############################################################################][=============================================================================] General information about this executable[=============================================================================] Analysis Reason: Primary Analysis Subject Filename: Setup.exe MD5: 7a76ff46dc65ae5daaaf0384a947e7e0 SHA-1: cf4fa8a12443570371309134fd9d34e89fa958cb File Size: 285488 Bytes Command Line: "C:\Setup.exe" Process-status at analysis end: alive Exit Code: 0[=============================================================================] Load-time Dlls[=============================================================================] Module Name: [ C:\WINDOWS\system32\ntdll.dll ], Base Address: [0x7C900000 ], Size: [0x000AF000 ] Module Name: [ C:\WINDOWS\system32\kernel32.dll ], Base Address: [0x7C800000 ], Size: [0x000F6000 ] Module Name: [ C:\WINDOWS\system32\USER32.dll ], Base Address: [0x7E410000 ], Size: [0x00091000 ] Module Name: [ C:\WINDOWS\system32\GDI32.dll ], Base Address: [0x77F10000 ], Size: [0x00049000 ] Module Name: [ C:\WINDOWS\system32\SHELL32.dll ], Base Address: [0x7C9C0000 ], Size: [0x00817000 ] Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ], Base Address: [0x77DD0000 ], Size: [0x0009B000 ] Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ], Base Address: [0x77E70000 ], Size: [0x00092000 ] Module Name: [ C:\WINDOWS\system32\Secur32.dll ], Base Address: [0x77FE0000 ], Size: [0x00011000 ] Module Name: [ C:\WINDOWS\system32\msvcrt.dll ], Base Address: [0x77C10000 ], Size: [0x00058000 ] Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ], Base Address: [0x77F60000 ], Size: [0x00076000 ] Module Name: [ C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ], Base Address: [0x773D0000 ], Size: [0x00103000 ] Module Name: [ C:\WINDOWS\system32\ole32.dll ], Base Address: [0x774E0000 ], Size: [0x0013D000 ] Module Name: [ C:\WINDOWS\system32\VERSION.dll ], Base Address: [0x77C00000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\ShimEng.dll ], Base Address: [0x5CB70000 ], Size: [0x00026000 ] Module Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ], Base Address: [0x6F880000 ], Size: [0x001CA000 ] Module Name: [ C:\WINDOWS\system32\WINMM.dll ], Base Address: [0x76B40000 ], Size: [0x0002D000 ] Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ], Base Address: [0x77120000 ], Size: [0x0008B000 ] Module Name: [ C:\WINDOWS\system32\MSACM32.dll ], Base Address: [0x77BE0000 ], Size: [0x00015000 ] Module Name: [ C:\WINDOWS\system32\USERENV.dll ], Base Address: [0x769C0000 ], Size: [0x000B4000 ] Module Name: [ C:\WINDOWS\system32\UxTheme.dll ], Base Address: [0x5AD70000 ], Size: [0x00038000 ][=============================================================================] Run-time Dlls[=============================================================================] Module Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx4.tmp\System.dll ], Base Address: [0x10000000 ], Size: [0x00006000 ] Module Name: [ C:\WINDOWS\system32\MSCTF.dll ], Base Address: [0x74720000 ], Size: [0x0004C000 ] Module Name: [ C:\WINDOWS\system32\SHFOLDER.dll ], Base Address: [0x76780000 ], Size: [0x00009000 ] Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ], Base Address: [0x77920000 ], Size: [0x000F3000 ][=============================================================================] SigBuster Output[=============================================================================] NullSoft_PiMP_SFX vna SN: 1724[=============================================================================] 2.a) Setup.exe - Registry Activities[=============================================================================][=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Modified:[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1094da8-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ BaseClass ], New Value: [ Drive ] Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1094daa-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ BaseClass ], New Value: [ Drive ][=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Read:[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\INPROCSERVER32 ], Value Name: [ ], Value: [ %SystemRoot%\system32\SHELL32.dll ], 1 time Key: [ HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\FOLDEREXTENSIONS\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} ], Value Name: [ DriveMask ], Value: [ 32 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], Value Name: [ CUAS ], Value: [ 0 ], 1 time Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time Key: [ HKLM\SYSTEM\Setup ], Value Name: [ OsLoaderPath ], Value: [ \ ], 2 times Key: [ HKLM\SYSTEM\Setup ], Value Name: [ SystemPartition ], Value: [ \Device\HarddiskVolume1 ], 2 times Key: [ HKLM\SYSTEM\Setup ], Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time Key: [ HKLM\SYSTEM\WPA\MediaCenter ], Value Name: [ Installed ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000204000014000000 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], Value Name: [ cFilterTags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], Value Name: [ cFormatTags ], Value: [ 2 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], Value Name: [ fdwSupport ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000001100000014000000 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], Value Name: [ cFilterTags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], Value Name: [ cFormatTags ], Value: [ 2 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], Value Name: [ fdwSupport ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000550000001e000000 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], Value Name: [ cFilterTags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], Value Name: [ cFormatTags ], Value: [ 2 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], Value Name: [ fdwSupport ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000200000032000000 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], Value Name: [ cFilterTags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], Value Name: [ cFormatTags ], Value: [ 2 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], Value Name: [ fdwSupport ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], Value Name: [ aFormatTagCache ], Value: [ 0x01000000120000006001000016000000610100001c000000 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], Value Name: [ cFilterTags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], Value Name: [ cFormatTags ], Value: [ 3 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], Value Name: [ fdwSupport ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], Value Name: [ aFormatTagCache ], Value: [ 0x010000001000000006000000120000000700000012000000 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], Value Name: [ cFilterTags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], Value Name: [ cFormatTags ], Value: [ 3 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], Value Name: [ fdwSupport ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000420000001c000000 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], Value Name: [ cFilterTags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], Value Name: [ cFormatTags ], Value: [ 2 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], Value Name: [ fdwSupport ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003100000014000000 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], Value Name: [ cFilterTags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], Value Name: [ cFormatTags ], Value: [ 2 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], Value Name: [ fdwSupport ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003001000016000000 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], Value Name: [ cFilterTags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], Value Name: [ cFormatTags ], Value: [ 2 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], Value Name: [ fdwSupport ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000002200000032000000 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], Value Name: [ cFilterTags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], Value Name: [ cFormatTags ], Value: [ 2 ], 1 time Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], Value Name: [ fdwSupport ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ midimapper ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ msacm.iac2 ], Value: [ C:\WINDOWS\system32\iac25_32.ax ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ msacm.imaadpcm ], Value: [ ], 3 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ msacm.l3acm ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ msacm.msadpcm ], Value: [ msadp32.acm ], 3 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ msacm.msaudio1 ], Value: [ ], 3 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ msacm.msg711 ], Value: [ ], 3 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ msacm.msg723 ], Value: [ ], 3 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ msacm.msgsm610 ], Value: [ msgsm32.acm ], 3 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ msacm.sl_anet ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ msacm.trspch ], Value: [ ], 3 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.I420 ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.M261 ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.M263 ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.cvid ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.iv31 ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.iv32 ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.iv41 ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.iv50 ], Value: [ ], 1 time Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.iyuv ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.mrle ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.msvc ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.uyvy ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.yuy2 ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.yvu9 ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ vidc.yvyu ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], Value Name: [ wavemapper ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], Value Name: [ DevicePath ], Value: [ %SystemRoot%\inf ], 1 time Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], Value Name: [ DriverCachePath ], Value: [ %SystemRoot%\Driver Cache ], 2 times Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], Value Name: [ LogLevel ], Value: [ 0 ], 2 times Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], Value Name: [ ServicePackCachePath ], Value: [ c:\windows\ServicePackFiles\ServicePackCache ], 2 times Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], Value Name: [ ServicePackSourcePath ], Value: [ D:\ ], 2 times Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], Value Name: [ SourcePath ], Value: [ D:\ ], 2 times Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ], Value Name: [ ComputerName ], Value: [ PC ], 2 times Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ], Value Name: [ wheel ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ], Value Name: [ ProductType ], Value: [ WinNT ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ], Value Name: [ Domain ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ], Value Name: [ Hostname ], Value: [ pc ], 1 time Key: [ HKLM\System\Setup ], Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time Key: [ HKLM\System\WPA\PnP ], Value Name: [ seed ], Value: [ 1274198464 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Multimedia\Audio ], Value Name: [ SystemFormats ], Value: [ CD Quality,Radio Quality,Telephone Quality ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094da8-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ Data ], Value: [ 0x000000005c005c003f005c0049004400450023004300640052006f006d00 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094da8-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ Generation ], Value: [ 1 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ Data ], Value: [ 0x000000005c005c003f005c00530054004f00520041004700450023005600 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ Generation ], Value: [ 1 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time[=============================================================================] 2.b) Setup.exe - File Activities[=============================================================================][=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Deleted:[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr2.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx4.tmp ][=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Created:[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr2.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr3.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx4.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx4.tmp\System.dll ][=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Read:[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr3.tmp ] File Name: [ C:\Setup.exe ] File Name: [ PIPE\lsarpc ][=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Modified:[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr3.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx4.tmp\System.dll ] File Name: [ MountPointManager ] File Name: [ PIPE\lsarpc ][=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Directories Created:[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Directory: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx4.tmp ][=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File System Control Communication:[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 6 times[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Device Control Communication:[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times File: [ IDE#CdRomQEMU_QEMU_CD-ROM________________________0.9.____#4d51303030302033202020202020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} ], Control Code: [ 0x004D0008 ], 1 time File: [ MountPointManager ], Control Code: [ 0x006D0008 ], 2 times File: [ STORAGE#Volume#1&30a96598&0&SignatureB15FB15FOffset7E00Length13F291800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} ], Control Code: [ 0x004D0008 ], 1 time File: [ MountPointManager ], Control Code: [ 0x006D0034 ], 4 times[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Memory Mapped Files:[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx4.tmp\System.dll ] File Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ] File Name: [ C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ] File Name: [ C:\WINDOWS\WindowsShell.Manifest ] File Name: [ C:\WINDOWS\system32\MSACM32.dll ] File Name: [ C:\WINDOWS\system32\MSCTF.dll ] File Name: [ C:\WINDOWS\system32\SETUPAPI.dll ] File Name: [ C:\WINDOWS\system32\SHELL32.dll ] File Name: [ C:\WINDOWS\system32\SHFOLDER.dll ] File Name: [ C:\WINDOWS\system32\ShimEng.dll ] File Name: [ C:\WINDOWS\system32\UxTheme.dll ] File Name: [ C:\WINDOWS\system32\WINMM.dll ] File Name: [ C:\WINDOWS\system32\imm32.dll ] File Name: [ C:\WINDOWS\system32\rpcss.dll ] File Name: [ C:\Windows\AppPatch\sysmain.sdb ][#############################################################################] International Secure Systems Lab http://www.iseclab.org Vienna University of Technology Eurecom France UC Santa Barbarahttp://www.tuwien.ac.at http://www.eurecom.fr http://www.cs.ucsb.edu Contact: anubis@iseclab.org

显示全部楼层 · 发表于 2010-8-13 18:21:27

显示全部楼层 · 发表于 2010-8-13 18:26:19

回复 2楼 langzi2009 的帖子

显示全部楼层 · 发表于 2010-8-13 18:31:28

估计是误报吧

显示全部楼层 · 发表于 2010-8-13 18:36:51

回复 4楼 8073176430 的帖子
金山这样说正在人工分析请几个小时或一个工作日后查询

显示全部楼层 · 发表于 2010-8-13 18:43:40

你上报给卡巴吧

显示全部楼层 · 发表于 2010-8-13 18:45:18

回复 6楼 8073176430 的帖子

不知道地址 EVA 怎么查结果啊我是用软件直接上传的

显示全部楼层 · 发表于 2010-8-13 18:47:43

右键上报当然没用，看此贴http://bbs.kafan.cn/thread-743004-1-6.html，建议邮件上报

显示全部楼层 · 发表于 2010-8-13 18:48:25

NERV和SEELE也管病毒啊

显示全部楼层 · 发表于 2010-8-13 18:52:21

MSE AND AVIRA MISS

[病毒样本] 无语发给金山和EVA都分析了几天了结果还没出来！

浏览过的版块

[病毒样本] 无语 发给金山和EVA都分析了几天了 结果还没出来！

浏览过的版块

[病毒样本] 无语发给金山和EVA都分析了几天了结果还没出来！