keygen

显示全部楼层 · 发表于 2010-12-12 17:07:57

Kaspersky Internet Security 2011，
掃瞄偵測為{Backdoor.Win32.Agent.bcyi}，
已進行隔離/刪除動作。

掃瞄偵測到6個可疑檔案，--個 Kaspersky Cloud，--個啟發，1個特徵碼，一隻病毒一條特徵碼，傻眼，囧rz，
剩餘--個文件MISS，無威脅可疑，已提交至 Kaspersky。

显示全部楼层 · 发表于 2010-12-12 17:35:51

2010-12-12 17:33:46 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.crack.45064.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cache

2010-12-12 17:33:47 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.crack.45064.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cookies

2010-12-12 17:33:48 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.crack.45064.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; History

2010-12-12 17:33:48 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.crack.45064.exe
目标: TCP [本机 : 1233] ->  [69.10.39.21 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:33:48 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.crack.45064.exe
目标: TCP [本机 : 1234] ->  [91.217.153.51 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:33:49 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.crack.45064.exe
目标: TCP [本机 : 1235] ->  [77.120.109.3 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:33:50 创建文件阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.crack.45064.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Ukb..bat
规则: [文件组]文件安全读写规则(询问创建) -> [文件]*temp\*; *.bat

2010-12-12 17:34:01 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cache

2010-12-12 17:34:02 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cookies

2010-12-12 17:34:02 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; History

2010-12-12 17:34:03 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064.exe
目标: TCP [本机 : 1236] ->  [69.10.39.21 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:03 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064.exe
目标: TCP [本机 : 1237] ->  [91.217.153.51 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:03 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064.exe
目标: TCP [本机 : 1238] ->  [77.120.109.3 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:03 创建文件阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Ukb..bat
规则: [文件组]文件安全读写规则(询问创建) -> [文件]*temp\*; *.bat

2010-12-12 17:34:09 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064(2).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cache

2010-12-12 17:34:10 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064(2).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cookies

2010-12-12 17:34:11 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064(2).exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; History

2010-12-12 17:34:11 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064(2).exe
目标: TCP [本机 : 1239] ->  [69.10.39.21 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:11 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064(2).exe
目标: TCP [本机 : 1240] ->  [91.217.153.51 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:11 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064(2).exe
目标: TCP [本机 : 1241] ->  [77.120.109.3 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:11 创建文件阻止
进程: c:\documents and settings\administrator\桌面\keygen\faceshop.pro.5.01.keygen.45064(2).exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Ukb..bat
规则: [文件组]文件安全读写规则(询问创建) -> [文件]*temp\*; *.bat

2010-12-12 17:34:20 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.aiseesoft_blu-ray_to_mp4_ripper_for_mac_3.1.10.45303.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cache

2010-12-12 17:34:20 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.aiseesoft_blu-ray_to_mp4_ripper_for_mac_3.1.10.45303.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cookies

2010-12-12 17:34:21 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.aiseesoft_blu-ray_to_mp4_ripper_for_mac_3.1.10.45303.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; History

2010-12-12 17:34:21 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.aiseesoft_blu-ray_to_mp4_ripper_for_mac_3.1.10.45303.exe
目标: TCP [本机 : 1242] ->  [69.10.39.21 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:21 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.aiseesoft_blu-ray_to_mp4_ripper_for_mac_3.1.10.45303.exe
目标: TCP [本机 : 1243] ->  [91.217.153.51 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:21 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.aiseesoft_blu-ray_to_mp4_ripper_for_mac_3.1.10.45303.exe
目标: TCP [本机 : 1244] ->  [77.120.109.3 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:22 创建文件阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.aiseesoft_blu-ray_to_mp4_ripper_for_mac_3.1.10.45303.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Ukb..bat
规则: [文件组]文件安全读写规则(询问创建) -> [文件]*temp\*; *.bat

2010-12-12 17:34:29 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.microsoft_windows_7_home_premium_x64_dn_originals.45303.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cache

2010-12-12 17:34:29 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.microsoft_windows_7_home_premium_x64_dn_originals.45303.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cookies

2010-12-12 17:34:30 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.microsoft_windows_7_home_premium_x64_dn_originals.45303.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; History

2010-12-12 17:34:30 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.microsoft_windows_7_home_premium_x64_dn_originals.45303.exe
目标: TCP [本机 : 1245] ->  [69.10.39.21 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:30 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.microsoft_windows_7_home_premium_x64_dn_originals.45303.exe
目标: TCP [本机 : 1246] ->  [91.217.153.51 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:30 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.microsoft_windows_7_home_premium_x64_dn_originals.45303.exe
目标: TCP [本机 : 1247] ->  [77.120.109.3 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:30 创建文件阻止
进程: c:\documents and settings\administrator\桌面\keygen\keygen.microsoft_windows_7_home_premium_x64_dn_originals.45303.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Ukb..bat
规则: [文件组]文件安全读写规则(询问创建) -> [文件]*temp\*; *.bat

2010-12-12 17:34:36 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\x64).45057.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cache

2010-12-12 17:34:37 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\x64).45057.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cookies

2010-12-12 17:34:37 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\keygen\x64).45057.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; History

2010-12-12 17:34:38 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\x64).45057.exe
目标: TCP [本机 : 1248] ->  [69.10.39.21 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:38 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\x64).45057.exe
目标: TCP [本机 : 1249] ->  [91.217.153.51 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:38 访问网络阻止
进程: c:\documents and settings\administrator\桌面\keygen\x64).45057.exe
目标: TCP [本机 : 1250] ->  [77.120.109.3 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2010-12-12 17:34:38 创建文件阻止
进程: c:\documents and settings\administrator\桌面\keygen\x64).45057.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temp\Ukb..bat
规则: [文件组]文件安全读写规则(询问创建) -> [文件]*temp\*; *.bat

显示全部楼层 · 发表于 2010-12-12 21:10:41

卡巴：
2010-12-12 21:02:32 Firefox 检测到威胁: Backdoor.Win32.Agent.bcyi http://bbs.kafan.cn/forum-attach ... .01.crack.45064.exe
2010-12-12 21:02:33 Firefox 检测到威胁: Backdoor.Win32.Agent.bcyi http://bbs.kafan.cn/forum-attach ... o.5.01.keygen.45064(2).exe
2010-12-12 21:02:34 Firefox 检测到威胁: Backdoor.Win32.Agent.bcyi http://bbs.kafan.cn/forum-attach ... 01.keygen.45064.exe
2010-12-12 21:02:35 Firefox 检测到威胁: Backdoor.Win32.Agent.bcyi http://bbs.kafan.cn/forum-attach ... ac_3.1.10.45303.exe
2010-12-12 21:02:36 Firefox 检测到威胁: Backdoor.Win32.Agent.bcyi http://bbs.kafan.cn/forum-attach ... ORIGINALS.45303.exe
2010-12-12 21:02:37 Firefox 检测到威胁: Backdoor.Win32.Agent.bcyi http://bbs.kafan.cn/forum-attach ... xMQ%3D%3D.html//x64).45057.exe
金山：2010-12-12 21:04:39 c:\documents and settings\123\桌面\keygen.rar<a:rar>faceshop.pro.5.01.crack.45064.exe Win32.Malware.Heur_Generic.B.(kcloud) 处理成功（操作：删除）

显示全部楼层 · 发表于 2010-12-12 21:31:55

360 SD Kill ALL

显示全部楼层 · 发表于 2010-12-12 21:36:12

红伞，S正式版，通过，无任何反应

显示全部楼层 · 发表于 2010-12-12 21:41:25

已上報趨勢~

显示全部楼层 · 发表于 2010-12-12 22:52:53

360网盾报毒，红伞就不试了

显示全部楼层 · 发表于 2010-12-13 10:34:21

1x Trj/CI.A
5x启发

显示全部楼层 · 发表于 2010-12-15 11:47:11

还有microsoft版权，不死才怪。

[病毒样本] keygen

浏览过的版块