貌似过微点主防的远控马（测试过了一分钟微点提示杀）

显示全部楼层 · 发表于 2011-2-11 09:22:12

金山mis

显示全部楼层 · 发表于 2011-2-11 09:59:08

Norton 360 Sonar秒杀之

显示全部楼层 · 发表于 2011-2-11 11:12:53

AVAST MISS, 360 KILL

显示全部楼层 · 发表于 2011-2-11 11:23:50

2011-02-11 11:21:48 读文件夹阻止
进程: i:\virus\测试.exe
目标: I:\virus
规则: [文件]*

2011-02-11 11:21:48 读文件夹阻止
进程: i:\virus\测试.exe
目标: C:\WINDOWS
规则: [文件]*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Programs
值: C:\Documents and Settings\Administrator\「开始」菜单\程序
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal
值: C:\Documents and Settings\Administrator\My Documents
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Favorites
值: C:\Documents and Settings\Administrator\Favorites
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup
值: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Recent
值: C:\Documents and Settings\Administrator\Recent
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\SendTo
值: C:\Documents and Settings\Administrator\SendTo
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu
值: C:\Documents and Settings\Administrator\「开始」菜单
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Music
值: C:\Documents and Settings\Administrator\My Documents\My Music
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Video
值:
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop
值: C:\Documents and Settings\Administrator\桌面
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\NetHood
值: C:\Documents and Settings\Administrator\NetHood
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Fonts
值: C:\WINDOWS\Fonts
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Templates
值: C:\Documents and Settings\Administrator\Templates
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu
值: C:\Documents and Settings\All Users\「开始」菜单
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Programs
值: C:\Documents and Settings\All Users\「开始」菜单\程序
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup
值: C:\Documents and Settings\All Users\「开始」菜单\程序\启动
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop
值: C:\Documents and Settings\All Users\桌面
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\PrintHood
值: C:\Documents and Settings\Administrator\PrintHood
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
值: C:\Documents and Settings\Administrator\Local Settings\Application Data
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Favorites
值: C:\Documents and Settings\All Users\Favorites
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: H:\Local Settings\Temporary Internet Files
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
值: C:\Documents and Settings\All Users\Application Data
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Pictures
值: C:\Documents and Settings\Administrator\My Documents\My Pictures
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Templates
值: C:\Documents and Settings\All Users\Templates
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents
值: C:\Documents and Settings\All Users\Documents
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Administrative Tools
值: C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Administrative Tools
值: C:\Documents and Settings\Administrator\「开始」菜单\程序\管理工具
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonMusic
值: C:\Documents and Settings\All Users\Documents\My Music
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonPictures
值: C:\Documents and Settings\All Users\Documents\My Pictures
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonVideo
值: C:\Documents and Settings\All Users\Documents\My Videos
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:48 修改注册表值阻止
进程: i:\virus\测试.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CD Burning
值: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CD Burning
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2011-02-11 11:21:52 修改文件阻止
进程: i:\virus\测试.exe
目标: \Device\NamedPipe\wkssvc
规则: [应用程序]* -> [文件]\device\namedpipe\*

2011-02-11 11:21:52 修改文件阻止
进程: i:\virus\测试.exe
目标: \Device\NamedPipe\wkssvc
规则: [应用程序]* -> [文件]\device\namedpipe\*

2011-02-11 11:21:52 修改文件阻止
进程: i:\virus\测试.exe
目标: \Device\NamedPipe\wkssvc
规则: [应用程序]* -> [文件]\device\namedpipe\*

2011-02-11 11:21:52 修改文件阻止
进程: i:\virus\测试.exe
目标: \Device\NamedPipe\wkssvc
规则: [应用程序]* -> [文件]\device\namedpipe\*

显示全部楼层 · 发表于 2011-2-11 11:27:09

360网盾给力了这次

显示全部楼层 · 发表于 2011-2-11 12:15:50

微点其实不好用的，没感觉有什么作用

显示全部楼层 · 发表于 2011-2-11 12:22:14

to avast！

显示全部楼层 · 发表于 2011-2-11 13:07:34

晕死，卡巴没反应，金山卫士报毒。

显示全部楼层 · 发表于 2011-2-11 13:13:48

McAfee miss

显示全部楼层 · 发表于 2011-2-11 13:27:27

IK killed

[病毒样本] 貌似过微点主防的远控马（测试过了一分钟微点提示杀）