3个~~~~~~~~~~

显示全部楼层 · 发表于 2010-11-18 17:00:54

看看你的能杀不，金山是挂了
http://u.115.com/file/t7512aa60a
桌面.rar

显示全部楼层 · 发表于 2010-11-18 17:11:02

本帖最后由三生缘石于 2010-11-18 17:16 编辑

邮件上报eset
谁用eset再扫一下。贴出扫描结果

显示全部楼层 · 发表于 2010-11-18 17:15:42

to1个
另外二个实际上是同一个文件，没有发现可疑行为
应该不是病毒的

http://samples.eset.com.cn/index ... a33b59a772d30da984d

http://camas.comodo.com/cgi-bin/ ... b5f350f6ca523fdc3a1

显示全部楼层 · 发表于 2010-11-18 17:17:58

jayavira 发表于 2010-11-18 17:15
to1个
另外二个实际上是同一个文件，没有发现可疑行为
应该不是病毒的

我怎么感觉我的eset扫描出问题了。已经选中3个文件
样本还没上交。

显示全部楼层 · 发表于 2010-11-18 17:18:42

2010-11-18 17:16:29 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\WinRAR\rpm1
值: CodonfMArar1
规则: [注册表]*

2010-11-18 17:16:30 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
值: \??\C:\Program Files\WinRAR\winRarExt64.dat !\??\C:\WINDOWS\fxsst.dll
规则: [注册表组]注册表保护 -> [注册表]*\System\*ControlSet*\Control\Session Manager\*

2010-11-18 17:16:30 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\WinRAR\uid
值: 866
规则: [注册表]*

2010-11-18 17:16:30 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\WinRAR\uname
值: 456610(1)
规则: [注册表]*

2010-11-18 17:16:30 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\WinRAR\udate
值: 11_18
规则: [注册表]*

2010-11-18 17:16:30 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\WinRAR\hp
值: 68 74 74 70 3a 2f 2f 77 77 77 2e 77 7a 34 33 32 31 2e 63 6f 6d 2f 3f 31 30 30 30 30
规则: [注册表]*

2010-11-18 17:16:33 创建文件阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: C:\Program Files\WinRAR\winRarExt64.dat
规则: [文件组]文件保护 -> [文件]?:\program files\*

2010-11-18 17:16:33 创建新进程阻止
进程: c:\documents and settings\administrator\桌面\test\绝密播放器v2.exe
目标: c:\documents and settings\administrator\local settings\temp\is-miqo4.tmp\绝密播放器v2.tmp
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-MIQO4.tmp\绝密播放器V2.tmp" /SL5="$9083C,1861070,56832,C:\Documents and Settings\Administrator\桌面\test\绝密播放器V2.exe"
规则: [应用程序]*

2010-11-18 17:16:33 读文件阻止
进程: c:\documents and settings\administrator\桌面\test\绝密播放器v2.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-18 17:16:33 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\绝密播放器v2.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-18 17:16:34 修改文件阻止
进程: c:\documents and settings\administrator\桌面\test\绝密播放器v2.exe
目标: C:\Documents and Settings\Administrator\Application Data\Tencent\QQWubi\local.stat
规则: [文件]*

2010-11-18 17:16:36 创建新进程阻止
进程: c:\documents and settings\administrator\桌面\test\绝密播放器v36.exe
目标: c:\documents and settings\administrator\local settings\temp\is-47rk0.tmp\绝密播放器v36.tmp
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-47RK0.tmp\绝密播放器V36.tmp" /SL5="$B083C,1861070,56832,C:\Documents and Settings\Administrator\桌面\test\绝密播放器V36.exe"
规则: [应用程序]*

2010-11-18 17:16:38 读文件阻止
进程: c:\documents and settings\administrator\桌面\test\绝密播放器v36.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-18 17:16:38 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\绝密播放器v36.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-18 17:16:49 修改文件阻止
进程: c:\documents and settings\administrator\桌面\test\绝密播放器v36.exe
目标: C:\Documents and Settings\Administrator\Application Data\Tencent\QQWubi\local.stat
规则: [文件]*

2010-11-18 17:16:59 读文件阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: \Device\NamedPipe\wkssvc
规则: [文件]*

2010-11-18 17:16:59 读文件阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: C:\Documents and Settings\Administrator\My Documents
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-18 17:16:59 读文件阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-18 17:16:59 读文件阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1312a2-42ee-11df-9422-806d6172696f}\BaseClass
值: Drive
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1312a3-42ee-11df-9422-806d6172696f}\BaseClass
值: Drive
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1312a5-42ee-11df-9422-806d6172696f}\BaseClass
值: Drive
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1312a4-42ee-11df-9422-806d6172696f}\BaseClass
值: Drive
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1312a6-42ee-11df-9422-806d6172696f}\BaseClass
值: Drive
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
值: C:\Documents and Settings\Administrator\桌面
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop
值: C:\Documents and Settings\All Users\桌面
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
值: 0x00000001(1)
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
值: 0x00000001(1)
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000001(1)
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
值: 0x00000001(1)
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
值: 0x00000001(1)
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000001(1)
规则: [注册表]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\run_dws_file.bat
值: run_dws_file
规则: [注册表]*

2010-11-18 17:16:59 创建新进程阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: c:\windows\system32\cmd.exe
命令行: cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\run_dws_file.bat" "
规则: [应用程序]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Favorites
值: C:\Documents and Settings\Administrator\Favorites
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp_ext_favurl_cab.bat
值: tmp_ext_favurl_cab
规则: [注册表]*

2010-11-18 17:16:59 创建新进程阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: c:\windows\system32\cmd.exe
命令行: cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp_ext_favurl_cab.bat" "
规则: [应用程序]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp_ext_deskurl_cab.bat
值: tmp_ext_deskurl_cab
规则: [注册表]*

2010-11-18 17:16:59 创建新进程阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: c:\windows\system32\cmd.exe
命令行: cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp_ext_deskurl_cab.bat" "
规则: [应用程序]*

2010-11-18 17:16:59 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-18 17:16:59 创建文件阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: C:\Documents and Settings\Administrator\Application Data\elink.skin2.ini
规则: [文件]*

2010-11-18 17:17:00 创建新进程阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: c:\program files\tencent\tt\bin\ttraveler.exe
命令行: "C:\Program Files\Tencent\TT\bin\ttraveler.exe" http://jump2.35638.com:27889/rep ... mp;uid=13729&t=
规则: [应用程序]*

2010-11-18 17:17:00 创建新进程阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: c:\program files\tencent\tt\bin\ttraveler.exe
命令行: "C:\Program Files\Tencent\TT\bin\ttraveler.exe" http://tc.58816.com/
规则: [应用程序]*

2010-11-18 17:17:00 创建新进程阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: c:\program files\tencent\tt\bin\ttraveler.exe
命令行: "C:\Program Files\Tencent\TT\bin\ttraveler.exe" http://www.38522.com/bhy.html?popup
规则: [应用程序]*

2010-11-18 17:17:00 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\cmd.exe
值: Windows Command Processor
规则: [注册表]*

2010-11-18 17:17:00 创建新进程阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: c:\windows\system32\cmd.exe
命令行: "C:\WINDOWS\system32\cmd.exe" /c del C:\DOCUME~1\ADMINI~1\桌面\test\免费看~1.EXE > nul
规则: [应用程序]*

2010-11-18 17:17:00 读文件阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-18 17:17:02 修改文件阻止
进程: c:\documents and settings\administrator\桌面\test\免费看毛片_866_456610(1).exe
目标: C:\Documents and Settings\Administrator\Application Data\Tencent\QQWubi\local.stat
规则: [文件]*

显示全部楼层 · 发表于 2010-11-18 17:22:45

回复 4楼三生缘石的帖子

我也是一样啊，看来是这个文件有问题吧

D:\下载文件夹\桌面.rar > RAR > 绝密播放器V36.exe > INNO > setup.data - 正常
D:\下载文件夹\桌面.rar > RAR > 绝密播放器V36.exe > INNO > files.info - 正常
D:\下载文件夹\桌面.rar > RAR > 绝密播放器V36.exe > INNO > - 不支持的选项
D:\下载文件夹\桌面.rar > RAR > 绝密播放器V2.exe > INNO > setup.data - 正常
D:\下载文件夹\桌面.rar > RAR > 绝密播放器V2.exe > INNO > files.info - 正常
D:\下载文件夹\桌面.rar > RAR > 绝密播放器V2.exe > INNO > - 不支持的选项

显示全部楼层 · 发表于 2010-11-18 17:24:57

本帖最后由 F-secure2009 于 2010-11-18 17:25 编辑

360网盾杀了

显示全部楼层 · 发表于 2010-11-18 17:29:43

360 主防拦截

显示全部楼层 · 发表于 2010-11-18 17:32:44

貌似是流氓软件？大蜘蛛clean，已上报求真相。

显示全部楼层 · 发表于 2010-11-18 17:41:34

回复 4楼三生缘石的帖子

会不会是eset的扫描器不行？

[病毒样本] 3个~~~~~~~~~~

本帖子中包含更多资源