國外木馬大發威-過一堆-卡巴已知守住

显示全部楼层 · 发表于 2007-5-27 13:56:12

删了COOKIES

显示全部楼层 · 发表于 2007-5-27 14:00:28

nod过了

显示全部楼层 · 发表于 2007-5-27 14:06:17

看来还是有动作的，你的EQ没用吗。

显示全部楼层 · 发表于 2007-5-27 14:08:55

原帖由 scottxzt 于 2007-5-27 14:06 发表
看来还是有动作的，你的EQ没用吗。

没开EQ
开着SSM

显示全部楼层 · 发表于 2007-5-27 19:40:54

给大家参考..

----------------------------------
增加值:2
----------------------------------
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"

----------------------------------
修改值:6
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 7A 9A 52 12 67 B3 EC FD 6D 5C 30 50 DE 8B 58 74 E5 0C C4 BC 8D 56 95 98 AF EB 62 90 3D F7 0F F4 B9 90 E8 57 AA 40 45 A4 4A AF 96 01 E7 3F 23 9F A9 BD F3 BF 01 6B 96 9B 3D FE 4D 53 0D 51 95 42 5A CC BC C4 AD C6 33 C3 F8 00 6C 26 24 14 67 12
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: A1 F0 6D BB AA 39 D5 B5 03 54 65 FC 8D E7 10 45 8C E6 2A 4D 46 27 92 99 F0 FC C4 61 31 13 4F 66 E4 B4 0C DB ED E0 DB 3C 3F 97 0A 0F 66 DE 73 6A 22 B7 69 73 04 46 05 B2 10 85 23 43 39 19 7E 81 AD 28 A5 1A A5 59 A7 8C 52 A1 2E CF 6E 9D 38 BA
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000001

----------------------------------
文件删除:15
----------------------------------
C:\Documents and Settings\user\Cookies\user@2o7[2].txt
C:\Documents and Settings\user\Cookies\user@c.tw.msn[1].txt
C:\Documents and Settings\user\Cookies\user@cgi-bin[1].txt
C:\Documents and Settings\user\Cookies\user@live[1].txt
C:\Documents and Settings\user\Cookies\user@m.webtrends[2].txt
C:\Documents and Settings\user\Cookies\user@messenger.msn[1].txt
C:\Documents and Settings\user\Cookies\user@microsoft[1].txt
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@msn[1].txt
C:\Documents and Settings\user\Cookies\user@rad.msn[2].txt
C:\Documents and Settings\user\Cookies\user@search.microsoft[2].txt
C:\Documents and Settings\user\Cookies\user@update.microsoft[1].txt
C:\Documents and Settings\user\Cookies\user@www.avira[1].txt
C:\Documents and Settings\user\Cookies\user@www.kaspersky[1].txt
C:\Documents and Settings\user\Cookies\user@yahoo[1].txt

[ 本帖最后由 playx 于 2007-5-27 19:43 编辑 ]

显示全部楼层 · 发表于 2007-5-27 19:47:11

原帖由 playx 于 2007-5-27 19:40 发表
给大家参考..

----------------------------------
增加值:2
----------------------------------
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B3 ...

增加值和删除值都被规则阻止了
果然和我预料的一样，删了COOKIES
谁叫SSM没有FD

显示全部楼层 · 发表于 2007-5-27 19:52:56

原帖由 playx 于 2007-5-27 19:40 发表
给大家参考..

----------------------------------
增加值:2
----------------------------------
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B3 ...

这个..是用工具看的吗?? sandbox??

显示全部楼层 · 发表于 2007-5-27 19:58:48

mcafee本身可以用..我是使用regshot

显示全部楼层 · 发表于 2007-5-27 20:04:14

趋势杀了

显示全部楼层 · 发表于 2007-5-27 20:17:19

有点惊讶！！

[Scan path] C:\Documents and Settings\Administrator\桌面\ieschedule.rar
>>>C:\Documents and Settings\Administrator\桌面\ieschedule.rar\ieschedule.exe infected with BackDoor.Generic.1397
C:\Documents and Settings\Administrator\桌面\ieschedule.rar - archive contains infected objects

[病毒样本] 國外木馬大發威-過一堆-卡巴已知守住

回复 #11 promised 的帖子

本帖子中包含更多资源