Donna
2008-05-26, 02:22 AM
自己打的,不知到要不要打轉貼阿~~
http://billtu2002.spaces.live.com/blog/cns!603EF3171860DA53!145.entry
贊助商連結
http://billtu2002.spaces.live.com/blog/cns!603EF3171860DA53!145.entry
贊助商連結
【病毒】會關閉小紅傘的病毒 [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QD 贊助商連結 Donna 2008-05-26, 02:22 AM 自己打的,不知到要不要打轉貼阿~~ http://billtu2002.spaces.live.com/blog/cns!603EF3171860DA53!145.entry 贊助商連結 Donna 2008-05-26, 03:41 PM 病毒樣本 下載 http://cid-603ef3171860da53.skydrive.live.com/browse.aspx/VirusSample 共有三個rar 壓縮檔案,因為 上傳檔案大小限制,所以切割檔案。 第二層壓縮檔案 virus.rar 解壓縮密碼 123 ,請小心服用。 Donna 2008-05-27, 12:08 AM 今天花了點時間,重新找到讓我中毒的源檔,有興趣可以下載看看。 Virus_Password123.rar 密碼 123 請務必小心。 然後試試看小紅傘掃的到掃不到 Avira AntiVir Personal Report file date: 2008年5月26日 23:49 Scanning for 1292650 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: Administrator Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 2008/4/9 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008/3/18 03:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008/2/7 02:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2008/2/28 02:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2008/2/21 02:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007/7/18 04:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008/3/7 07:08:58 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008/5/17 12:39:34 ANTIVIR3.VDF : 7.0.4.93 240128 Bytes 2008/5/26 12:38:10 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008/2/25 03:58:21 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008/5/24 12:40:10 AESCN.DLL : 8.1.0.18 119156 Bytes 2008/5/24 12:40:09 AERDL.DLL : 8.1.0.20 418165 Bytes 2008/5/24 12:40:08 AEPACK.DLL : 8.1.1.5 364918 Bytes 2008/5/24 12:40:04 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008/5/24 12:40:00 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008/5/24 12:39:57 AEHELP.DLL : 8.1.0.14 115063 Bytes 2008/5/24 12:39:50 AEGEN.DLL : 8.1.0.21 303477 Bytes 2008/5/24 12:39:48 AEEMU.DLL : 8.1.0.6 430451 Bytes 2008/5/24 12:39:44 AECORE.DLL : 8.1.0.29 168311 Bytes 2008/5/24 12:39:41 AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008/1/23 11:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2008/2/18 04:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 2007/4/16 07:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 2008/1/23 11:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008/2/12 02:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008/2/28 02:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008/1/22 11:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008/1/23 11:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 2008/1/25 06:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008/3/10 08:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008/3/6 06:02:11 Configuration settings for the scan: Jobname..........................: My Documents Configuration file...............: c:\program files\avira\antivir personaledition classic\mydocs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008年5月26日 23:49 The scan of running processes will be started [刪除部分] Starting the file scan: Begin scan in 'C:\Documents and Settings\Administrator\My Documents' End of the scan: 2008年5月26日 23:52 Used time: 03:11 min The scan has been done completely. 161 Scanning directories 4602 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 0 Files cannot be scanned 4602 Files not concerned 1 Archives were scanned 0 Warnings 0 Notes 耶~~~~ 還是掃不到 更新病毒碼 26.05.2008 23:54:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.4.93 < 7.0.4.95 Avira AntiVir Personal Report file date: 2008年5月26日 23:56 Scanning for 1292849 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: Administrator Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 2008/4/9 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008/3/18 03:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008/2/7 02:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2008/2/28 02:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2008/2/21 02:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007/7/18 04:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008/3/7 07:08:58 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008/5/17 12:39:34 ANTIVIR3.VDF : 7.0.4.95 243712 Bytes 2008/5/26 15:54:46 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008/2/25 03:58:21 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008/5/24 12:40:10 AESCN.DLL : 8.1.0.18 119156 Bytes 2008/5/24 12:40:09 AERDL.DLL : 8.1.0.20 418165 Bytes 2008/5/24 12:40:08 AEPACK.DLL : 8.1.1.5 364918 Bytes 2008/5/24 12:40:04 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008/5/24 12:40:00 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008/5/24 12:39:57 AEHELP.DLL : 8.1.0.14 115063 Bytes 2008/5/24 12:39:50 AEGEN.DLL : 8.1.0.21 303477 Bytes 2008/5/24 12:39:48 AEEMU.DLL : 8.1.0.6 430451 Bytes 2008/5/24 12:39:44 AECORE.DLL : 8.1.0.29 168311 Bytes 2008/5/24 12:39:41 AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008/1/23 11:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2008/2/18 04:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 2007/4/16 07:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 2008/1/23 11:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008/2/12 02:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008/2/28 02:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008/1/22 11:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008/1/23 11:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 2008/1/25 06:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008/3/10 08:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008/3/6 06:02:11 Configuration settings for the scan: Jobname..........................: My Documents Configuration file...............: c:\program files\avira\antivir personaledition classic\mydocs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008年5月26日 23:56 The scan of running processes will be started [刪除部分] Starting the file scan: Begin scan in 'C:\Documents and Settings\Administrator\My Documents' C:\Documents and Settings\Administrator\My Documents\USB_Monitor_2.37\USB_Monitor_2.37.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QJ [WARNING] The file was ignored! End of the scan: 2008年5月26日 23:57 Used time: 01:25 min The scan has been done completely. 161 Scanning directories 4602 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 0 Files cannot be scanned 4601 Files not concerned 1 Archives were scanned 1 Warnings 0 Notes 呵呵 ~~ 終於掃到了:lovely: ㄚ一 2008-05-28, 09:20 AM 隱藏安裝驅動後會破壞當前的AV http://farm4.static.flickr.com/3034/2529903126_2f9650cb14_o.jpg http://farm3.static.flickr.com/2342/2529903178_2c6c7ebeb2_o.jpg 2008/5/28 W 09:16:09 Setting debug privileges Denied: KLPrivileges/KLPermissionSystem/KLPermissionPrivileges/KLSetDbgPrivilege 2008/5/28 W 09:16:09 Modification hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system Denied: KLSystemData/KLSystemSecRegKeys/Policies_System 2008/5/28 W 09:16:09 Modification hkey_users\S-1-5-21-796845957-220523388-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Denied: KLSystemData/KLSystemSecRegKeys/Policies_Explorer2 2008/5/28 W 09:16:11 Create C:\WINDOWS\system32\drivers\mdelk.exe Denied: KLSystemData/KLSystemFiles/SystemExe 2008/5/28 W 09:16:17 Create C:\WINDOWS\system32\drivers\hldrrr.exe Denied: KLSystemData/KLSystemFiles/SystemExe noeleon930 2008-05-31, 12:18 AM 真是凶悍啊,我的小紅傘也是有同樣的情況,把這問題回報給小紅傘官方吧! chilee 2008-06-04, 10:13 PM 我的小紅傘剛更新完病毒碼, 依然是偵測不到.:confused: Appreciate 2008-06-05, 09:39 PM avira解壓縮時,可掃到:) |
|