资源区病毒检测报告专用帖
本帖最后由 xiaoket 于 2012-6-16 23:51 编辑近期Windows 7 资源分享区出现少数病毒资源帖,影响了资源区的环境。
为了避免病毒资源危害广大景友的电脑安全,希望各位会员积极参与,协助版主督察对可疑资源进行检测。
检测步骤:
1.下载帖子中的附件,进行手工检测并撰写检测报告(需附图),同等情况下应先检测那些受到大量会员投诉质疑的资源。
2.(可选)将文件上传至www.virscan.org或www.virustotal.com检测并加入检测报告中。
3.将检测报告及原帖地址回复至本帖中。
每检测一个资源,可获30~100PB币奖励。如果成功检测出恶性病毒则追加100PB以上的奖励。下载附件所花费的PB币可报销。对于长期作出贡献的会员将颁发“热心会员”勋章奖励!
本帖禁止回复任何与病毒检测无关的内容。
本帖最后由 黄金肾斗士 于 2012-4-28 21:36 编辑
https://bbs.pcbeta.com/viewthread-1021415-1-1.html
大致信息在下面
DefenseWall log file
04.28.201220:41:15,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option\ (资源隔离)
04.28.201220:41:15,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Srp\Gp\DLL\ (资源隔离)
04.28.201220:41:15,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:41:15,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:41:15,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots\ (资源隔离)
04.28.201220:41:15,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Session Manager\ (资源隔离)
04.28.201220:41:06,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option\ (资源隔离)
04.28.201220:41:06,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Srp\Gp\DLL\ (资源隔离)
04.28.201220:41:06,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:41:06,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:41:06,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots\ (资源隔离)
04.28.201220:41:06,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Session Manager\ (资源隔离)
04.28.201220:40:29,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option\ (资源隔离)
04.28.201220:40:29,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Srp\Gp\DLL\ (资源隔离)
04.28.201220:40:29,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:40:29,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:40:29,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots\ (资源隔离)
04.28.201220:40:29,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Session Manager\ (资源隔离)
04.28.201220:40:17,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option\ (资源隔离)
04.28.201220:40:17,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Srp\Gp\DLL\ (资源隔离)
04.28.201220:40:17,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:40:17,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:40:17,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots\ (资源隔离)
04.28.201220:40:17,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Session Manager\ (资源隔离)
04.28.201220:40:03,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option\ (资源隔离)
04.28.201220:40:03,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Srp\Gp\DLL\ (资源隔离)
04.28.201220:40:03,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:40:03,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:40:03,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots\ (资源隔离)
04.28.201220:40:03,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Session Manager\ (资源隔离)
04.28.201220:39:46,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKCU\SOFTWARE\Tencent\QQPinyin\ (资源隔离)
04.28.201220:39:46,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKCU\SOFTWARE\Tencent\QQPinyin\ (资源隔离)
04.28.201220:39:46,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKCU\SOFTWARE\Tencent\QQPinyin\ (资源隔离)
04.28.201220:39:46,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKCU\SOFTWARE\Tencent\QQPinyin\ (资源隔离)
04.28.201220:39:46,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKCU\ (资源隔离)
04.28.201220:39:46,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\ (资源隔离)
04.28.201220:39:46,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, Attempt to open protected key HKLM\SOFTWARE\Microsoft\CTF\KnownClasses\ (资源隔离)
04.28.201220:39:41,模块 F:\Program Files\Minilyrics\MiniLyrics.exe, 2:Process is running untrusted now (进程)
04.28.201220:34:28,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option\ (资源隔离)
04.28.201220:34:28,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Srp\Gp\DLL\ (资源隔离)
04.28.201220:34:28,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:34:28,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots\ (资源隔离)
04.28.201220:34:28,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Session Manager\ (资源隔离)
04.28.201220:34:23,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option\ (资源隔离)
04.28.201220:34:23,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Srp\Gp\DLL\ (资源隔离)
04.28.201220:34:23,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:34:23,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots\ (资源隔离)
04.28.201220:34:23,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Session Manager\ (资源隔离)
04.28.201220:34:07,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option\ (资源隔离)
04.28.201220:34:07,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Srp\Gp\DLL\ (资源隔离)
04.28.201220:34:07,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ (资源隔离)
04.28.201220:34:07,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots\ (资源隔离)
04.28.201220:34:07,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\Session Manager\ (资源隔离)
也没设得太严,部分动作没去管,改注册表有点多,呵呵!{:7_428:}用我的钛合金狗眼认为不是病毒,,,,图没有、、、 https://www.virustotal.com/file/9f9ed5fb765717511cbdfde7ed535fd1eb6c4fdf28a9a59f214765e3122e1304/analysis/
这是www.virustotal.com的检测结果,病毒类型每个都不一样,很可能是误报 我只对注册表方面看了看动作,竟然它在碰QQ拼音的注册表,可疑,等我再看看它在文件方面动了哪些文件,真不该偷懒不检测文件。大家小心。 我可以吗? 我想应该没有什么很大的资源来判别是否有病毒吧,否则小水管伤不起... 我想报名,但是不知道能不能完全胜任 zcarcadia 发表于 2012-5-8 16:22 static/image/common/back.gif
我想报名,但是不知道能不能完全胜任
目前尚未设立这个职务,仅以活动的形式欢迎广大热心会员参与检测分析,你可以按照要求分析可疑资源并把报告提交至本帖中。 迅雷离线下载器3.8绿色版(2012迅雷离线下载器不再受限) | https://bbs.pcbeta.com/forum.php?mod=viewthread&tid=1036860
检测报告:
2012-05-22 21:54:32 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 访问COM接口 C:\Windows\System32\svchost.exe
2012-05-22 21:54:38 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe Sandbox中运行 部分限制
2012-05-22 21:54:46 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 修改注册表项 HKUS\S-1-5-21-2075873201-3688207157-3603091580-1000\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
2012-05-22 21:54:46 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 修改注册表项 HKUS\S-1-5-21-2075873201-3688207157-3603091580-1000\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
2012-05-22 21:55:23 C:\Windows\System32\taskhost.exe 发送消息 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-05-22 21:56:33 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe Sandbox中运行 部分限制
2012-05-22 21:56:35 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 修改注册表项 HKUS\S-1-5-21-2075873201-3688207157-3603091580-1000\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
2012-05-22 21:56:35 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 修改注册表项 HKUS\S-1-5-21-2075873201-3688207157-3603091580-1000\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
2012-05-22 21:56:39 C:\Windows\System32\taskhost.exe 发送消息 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-05-22 21:56:46 C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
2012-05-22 22:00:25 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 修改注册表项 HKUS\S-1-5-21-2075873201-3688207157-3603091580-1000\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
2012-05-22 22:00:34 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 修改注册表项 HKUS\S-1-5-21-2075873201-3688207157-3603091580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
2012-05-22 22:00:49 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 修改注册表项 HKUS\S-1-5-21-2075873201-3688207157-3603091580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
2012-05-22 22:00:51 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 修改注册表项 HKUS\S-1-5-21-2075873201-3688207157-3603091580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
2012-05-22 22:00:53 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 修改注册表项 HKUS\S-1-5-21-2075873201-3688207157-3603091580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
2012-05-22 22:00:56 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
2012-05-22 22:01:03 C:\Users\Auto1\Desktop\XL离线下载器v3.8.exe 访问COM接口 C:\Windows\System32\svchost.exe
修改部分注册表键值,但很可能出于软件需要,不一定是病毒。
黄金肾斗士 发表于 2012-4-28 20:44 static/image/common/back.gif
https://bbs.pcbeta.com/viewthread-1021415-1-1.html
大致信息在下面
钛合金狗眼略不准
04.28.201220:41:06,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
04.28.201220:40:29,模块 F:\Users\PIU\Desktop\Minilyrics 7.4.8\_MiniLyrics.exe, Attempt to open protected key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option\
--------------------------------------------------------------
第一个表项不认识,但看起来危险。
但第二个,你觉得一个正常软件有必要改安全模式boot类键值?怎么看这个行为都是准备在你进安全模式的时候改为应该的系统行为的样子……看着软件的名字似乎不需要这么做……
至少这个文件有很大嫌疑……不过光看注册表也不知道了
当然这是我的狗眼的观察结果……或许其实眼光比你更差…… 本帖最后由 阿伯才的风格 于 2012-5-26 07:23 编辑
zhangjf05 发表于 2012-5-22 22:04 static/image/common/back.gif
迅雷离线下载器3.8绿色版(2012迅雷离线下载器不再受限) | https://bbs.pcbeta.com/forum.php?mod=viewthread ...
随便说两句吧,希望能给你一些启发性的思路。我比较懒……
这个软件本身就联网才能工作,所以这方面上确实不能看出什么。而且因为你本身就需要运行它,估计也不会对系统文件做太多的修改(也可以看看,改了就是神作了),那么要判断这个软件是否恶意在我看来还剩两种比较可行的方法。要么反向工程,这个太不靠谱了……
还有就是找个网络监控软件,在关闭迅雷P2P选项和镜像服务器加速这一类加速的情况下,下一个离线看看这个软件到底还有什么其他的链接没有。(已经正常运行时的联接情况)
但是,就算一切看起来正常,还有一个最后的隐风险,就是软件本身目的是盗取迅雷帐号什么的……那就估计很难知道了
当然我没实际运行这个软件,只是看了你的报告给我这样的感觉而已
阿伯才的风格 发表于 2012-5-26 07:21 static/image/common/back.gif
随便说两句吧,希望能给你一些启发性的思路。我比较懒……
这个软件本身就联网才能工作,所以这方面上确 ...
确实,像这类的软件的确有盗号风险,但是想要使用hips去证明其有盗号行为确实不容易,目前我还在寻找更有效的检测方法。 zhangjf05 发表于 2012-5-26 17:59 static/image/common/back.gif
确实,像这类的软件的确有盗号风险,但是想要使用hips去证明其有盗号行为确实不容易,目前我还在寻找更有 ...
找个网络监控的软件看看发送的数据包。
一般来说盗号软件都是往邮箱发帐号和密码的。因为这个软件我没用过,不知道到底是这个软件在下载,还是迅雷在下载。但既然是离线下载,如果是这个软件在下载,那么反馈应到都是TCP协议,如果不是这也软件在下载,应该一般来说不太会有发送出去的数据包。
如果有出现其他协议,或者发送的数据包指向了某个邮件服务器,就很可疑了。 阿伯才的风格 发表于 2012-5-26 18:04 static/image/common/back.gif
找个网络监控的软件看看发送的数据包。
一般来说盗号软件都是往邮箱发帐号和密码的。因为这个软件我没 ...
目前我还没有能力通过协议来进行分析,不过我会努力的。我看你对这方面比较在行,希望你也能多多支持检测活动,分析那些受会员质疑的资源,并撰写报告发至本贴中,可获得大量PBB奖励 zhangjf05 发表于 2012-5-26 18:08 static/image/common/back.gif
目前我还没有能力通过协议来进行分析,不过我会努力的。我看你对这方面比较在行,希望你也能多多支持检测 ...
表示我是个懒人,不想专门开虚拟机做分析……
但我不不介意在有空的时候帮忙看一下你们贴出来的“注册表“,”文件行为”等……只要你们愿意贴出来的话。虽然其实也不是特别会看……
至于网络抓包,我其实也不是特别的懂,而且多数软件都是有不同行为也不能一概而论,就这个软件而已我也只是这么分析的而已,既不权威也不是绝对正确。
至于基于网络通信的分析,因为不是做专业测试的,所以平时只是用cfs自带的连接查看来看而已……不过只是粗浅分析的话,其实系统自带的资源监视器网络选项卡还是能提供不少有用的信息的。 https://bbs.pcbeta.com/viewthread-1045213-1-1.html
【5.28修正版】迅雷vip尊享版7.3.1.56 (本地VIP6)优化版--星空不寂寞
https://ekvx0q.sn2.livefilestore.com/y1plB2j1MPqx4nE-_S88MbnSA_Kq3upFa4kxpBrdQ7V4ezpJ1dHBAZjckrXAYpdwVD0BYzr-3m5S-ajOaqEzJd02nSlOEUsMdaX/Unnamed%20QQ%20Screenshot20120617061407.jpg 本帖最后由 zhangjf05 于 2012-6-17 08:46 编辑
花哥是偶像 发表于 2012-6-17 06:10 static/image/common/back.gif
https://bbs.pcbeta.com/viewthread-1045213-1-1.html
【5.28修正版】迅雷vip尊享版7.3.1.56 (本地VIP6)优化 ...
您的举报已收到,以下是我对此软件的病毒分析报告:
1.COMODO Defence+报告
COMODO Internet Security Premium - 日志查看器 日志表:Defense+ 事件日期创建:2012-06-17 08:24:11记录数:114日期应用程序行为目标
2012-06-17 08:15:19 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\BaseCommunity.dll
2012-06-17 08:15:29 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\DoctorServiceDLL.dll
2012-06-17 08:15:36 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\DownloadKernel.dll
2012-06-17 08:15:38 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\MediaFileHeaderFirst.dll
2012-06-17 08:15:40 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\MediaParser.dll
2012-06-17 08:15:44 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\SuperDownloadInfo.dll
2012-06-17 08:15:47 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\TA.dll
2012-06-17 08:15:50 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe
2012-06-17 08:15:51 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\ThunderPlatform.exe
2012-06-17 08:15:52 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\UACTool.dll
2012-06-17 08:15:58 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\Win7Trait.dll
2012-06-17 08:16:00 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XBrowser.exe
2012-06-17 08:16:02 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLBugHandler.dll
2012-06-17 08:16:03 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLCrypto.dll
2012-06-17 08:16:04 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLFSIO.dll
2012-06-17 08:16:06 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLGraphic.dll
2012-06-17 08:16:08 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLIPC.dll
2012-06-17 08:16:09 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLLuaRuntime.dll
2012-06-17 08:16:10 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLServicePlatform.dll
2012-06-17 08:16:11 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLTS.dll
2012-06-17 08:16:11 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLUE.dll
2012-06-17 08:16:12 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLUserAX.dll
2012-06-17 08:16:13 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\XLWebBrowser.dll
2012-06-17 08:16:14 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\al.dll
2012-06-17 08:16:15 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\asyn_download_interface.dll
2012-06-17 08:16:19 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll
2012-06-17 08:16:20 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\atl71.dll
2012-06-17 08:16:21 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\backend_agent.dll
2012-06-17 08:16:23 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\bt_kernel.dll
2012-06-17 08:16:24 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\dl_peer_id.dll
2012-06-17 08:16:25 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\dl_uac_tool.dll
2012-06-17 08:16:27 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\down_dispatcher.dll
2012-06-17 08:16:41 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\download_engine.dll
2012-06-17 08:16:45 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll
2012-06-17 08:17:03 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Program Files\Thunder Network\Thunder\BHO\BHOInstall.exe
2012-06-17 08:17:16 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Program Files\Thunder Network\Thunder\BHO\BHOInstall.exe
2012-06-17 08:17:21 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Program Files\Thunder Network\Thunder\Program\ThunderPlatform.exe
2012-06-17 08:17:23 C:\Program Files\Thunder Network\Thunder\Program\ThunderPlatform.exe 直接磁盘访问 PhysicalDrive0
2012-06-17 08:17:31 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe
2012-06-17 08:17:35 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Windows\explorer.exe
2012-06-17 08:17:40 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\al.dll
2012-06-17 08:17:45 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\asyn_download_interface.dll
2012-06-17 08:17:47 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 修改文件 C:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll
2012-06-17 08:17:55 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Windows\System32\regsvr32.exe
2012-06-17 08:18:23 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Windows\System32\regsvr32.exe
2012-06-17 08:18:25 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Windows\System32\regsvr32.exe
2012-06-17 08:18:28 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Windows\System32\regsvr32.exe
2012-06-17 08:18:31 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Windows\System32\regsvr32.exe
2012-06-17 08:18:33 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Windows\System32\regsvr32.exe
2012-06-17 08:18:37 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Windows\System32\svchost.exe
2012-06-17 08:18:40 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载 2012-06-17 08:18:46 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\ 2012-06-17 08:18:48 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\Name
2012-06-17 08:18:49 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\Contexts
2012-06-17 08:18:51 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接
2012-06-17 08:18:53 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\
2012-06-17 08:18:55 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\Name
2012-06-17 08:19:00 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\Contexts
2012-06-17 08:19:10 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Program Files\Thunder Network\Thunder\BHO\XLNonIESvr.exe
2012-06-17 08:19:20 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Windows\System32\regsvr32.exe
2012-06-17 08:19:26 C:\Program Files\Thunder Network\Thunder\BHO\LinkSimulate.dll 修改注册表项 HKLM\SOFTWARE\Classes\AppID\{7381F8D4-93CB-4F11-8BFD-BFEA389708A7}
2012-06-17 08:19:39 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Program Files\Internet Explorer\iexplore.exe
2012-06-17 08:19:59 C:\Users\D.I\Desktop\Thunder7.3.1.56_VIP.exe 创建进程 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe
2012-06-17 08:20:03 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 直接键盘访问
2012-06-17 08:20:12 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 修改文件 C:\Windows\desktop.ini
2012-06-17 08:20:15 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 直接磁盘访问 PhysicalDrive0
2012-06-17 08:20:19 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe DNS/RPC 客户端访问 \RPC Control\DNSResolver
2012-06-17 08:20:24 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Windows\explorer.exe
2012-06-17 08:20:27 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 创建进程 C:\Program Files\Thunder Network\Thunder\Program\ThunderPlatform.exe
2012-06-17 08:20:31 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问COM接口 C:\Windows\System32\svchost.exe
2012-06-17 08:20:34 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
2012-06-17 08:20:37 C:\Program Files\Thunder Network\Thunder\Program\ThunderPlatform.exe 直接磁盘访问 PhysicalDrive0
2012-06-17 08:20:46 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:20:46 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:21:12 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:21:12 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
2012-06-17 08:21:12 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:21:17 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:21:22 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:21:27 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:21:32 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:21:37 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:21:42 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:21:47 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:21:52 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:21:57 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:22:03 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:22:08 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:22:13 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:22:18 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:22:23 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:22:37 C:\Windows\explorer.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:22:53 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 创建进程 C:\Program Files\Thunder Network\Thunder\Program\XBrowser.exe
2012-06-17 08:22:57 C:\Program Files\Thunder Network\Thunder\Program\XBrowser.exe 访问内存 C:\Windows\explorer.exe
2012-06-17 08:23:00 C:\Program Files\Thunder Network\Thunder\Program\XBrowser.exe 安装钩子 C:\Program Files\Thunder Network\Thunder\Program\.\XBrowser.exe
2012-06-17 08:23:02 C:\Program Files\Thunder Network\Thunder\Program\XBrowser.exe 访问COM接口 {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-06-17 08:23:03 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:23:03 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:23:03 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:23:06 C:\Program Files\Thunder Network\Thunder\Program\XBrowser.exe 访问COM接口 C:\Windows\explorer.exe
2012-06-17 08:23:08 C:\Program Files\Thunder Network\Thunder\Program\XBrowser.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
2012-06-17 08:23:08 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:23:13 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:23:14 C:\Program Files\Thunder Network\Thunder\Program\XBrowser.exe 修改注册表项 HKUS\S-1-5-21-834301855-58176525-753496506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
2012-06-17 08:23:19 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:23:24 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2012-06-17 08:23:38 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:23:44 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:23:44 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:23:49 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:23:54 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:23:59 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:24:04 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
2012-06-17 08:24:09 C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe 访问内存 C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe 报告结束
D+报告:
2.VirSCAN扫描报告
VirSCAN.org Scanned Report :
Scanned time : 2012/06/17 08:32:10 (CST)
Scanner results: 3%的杀软(1/36)报告发现病毒
File Name : Thunder7.3.1.56_VIP.exe
File Size : 14401984 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : de09ba19068534256053e9cddfcd75aa
SHA1 : ca9a68a9bc8d3d462af4adca303f41c194aeeef9
Online report: http://r.virscan.org/d6d79cd5558a3c7224d89ddaf76660e9
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120617042134 2012-06-173.78 -
安博士V3 ... .. -- 0.17 -
AntiVir 8.2.10.80 7.11.32.106 2012-06-090.18 -
安天 2.0.18 2.0.18. 0002-18-001.42 -
Arcavir 2011 201206041805 2012-06-044.41 -
Authentium 5.1.1 201206161827 2012-06-161.48 -
AVAST! 4.7.4 120616-1 2012-06-162.49 -
AVG 12.0.1787 2433/5073 2012-06-160.65 -
BitDefender 7.90123.7292519 7.42612 2012-06-164.21 -
ClamAV 0.97.3 15050 2012-06-166.36 PUA.Win32.Packer.SetupExeSection
Comodo 5.1 12640 2012-06-163.04 -
CP Secure 1.3.0.5 2012.06.17 2012-06-172.60 -
Dr.Web 7.0.2.4281 2012.06.17 2012-06-1727.14-
F-Prot 4.6.2.117 20120616 2012-06-160.92 -
F-Secure 7.02.73807 2012.06.16.06 2012-06-163.88 -
飞塔 4.3.392 15.706 2012-06-160.27 -
GData 22.5308 20120617 2012-06-177.79 -
ViRobot 20120616 2012.06.16 2012-06-160.40 -
Ikarus T3.1.32.20.0 2012.06.16.815132012-06-1612.78-
江民杀毒 13.0.900 2012.06.16 2012-06-162.12 -
卡巴斯基 5.5.10 2012.06.16 2012-06-160.00 -
金山毒霸 2009.2.5.15 2012.6.16.9 2012-06-161.11 -
迈克菲 5400.1158 6744 2012-06-1610.22-
Microsoft 1.8403 2012.06.17 2012-06-173.52 -
NOD32 3.0.21 7226 2012-06-160.23 -
熊猫卫士 9.05.01 2012.06.16 2012-06-162.48 -
趋势科技 9.500-1005 9.198.04 2012-06-160.48 -
Quick Heal 11.00 2012.06.16 2012-06-163.79 -
瑞星 20.0 24.14.03.01 2012-06-143.22 -
Sophos 3.32.0 4.78 2012-06-174.80 -
Sunbelt 3.9.2539.2 12064 2012-06-162.98 -
赛门铁克 1.3.0.24 20120614.002 2012-06-140.16 -
nProtect 20120616.01 11466463 2012-06-161.40 -
The Hacker 6.8.0.0 v00038 2012-06-160.63 -
VBA32 3.12.16.8 20120615.0810 2012-06-1537.24-
VirusBuster 5.5.1.3 15.0.56.0/8964532 2012-06-150.22 -
综合分析,该资源有毒的可能性不大。
zhangjf05 发表于 2012-6-17 08:38 static/image/common/back.gif
您的举报已收到,以下是我对此软件的病毒分析报告:
1.COMODO Defence+报告
行 那我就信你了.希望乃不会让我失望 花哥是偶像 发表于 2012-6-17 11:14 static/image/common/back.gif
行 那我就信你了.希望乃不会让我失望
如果在使用过程中遇到任何问题可再联系我。
另外,举报应发在此帖中:《【资源有奖反馈】资源失效/不符/重复/图片不显示/病毒等情况请入内举报,可获PB币奖励》
本主题仅用于张贴病毒检测报告,以后注意一下
本帖最后由 zhangjf05 于 2012-6-25 22:35 编辑
Nero 11 Keygen | https://bbs.pcbeta.com/forum.php?mod=viewthread&tid=1049949
Comodo Instant Malware Analysis检测报告:
• File Info
NameValue
Size943104
MD5f0b5191dce3694bf793fea49ffbd7926
SHA1c060d170a608d2f698c727e1a3313bead613fb12
SHA256d6acab03769db4667c8d06c71ed6745d2a129f52628e88ecc7a82a2e72fc24c4
ProcessExited
• Keys Created• Keys Changed• Keys Deleted• Values Created• Values Changed• Values Deleted• Directories Created• Directories Changed• Directories Deleted• Files Created• Files Changed• Files Deleted• Directories Hidden• Files Hidden• Drivers Loaded• Drivers Unloaded• Processes Created• Processes Terminated• Threads Created• Modules Loaded• Windows Api Calls• DNS Queries• HTTP Queries• Verdict
Auto Analysis Verdict
Undetected
VirScan扫描报告:
VirSCAN.org Scanned Report :
Scanned time : 2012/06/24 23:20:00 (CST)
Scanner results: 67%的杀软(24/36)报告发现病毒
File Name : ***file name has been blocked***
File Size : 943104 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono
MD5 : f0b5191dce3694bf793fea49ffbd7926
SHA1 : c060d170a608d2f698c727e1a3313bead613fb12
Online report: http://r.virscan.org/31403fe6dc3970ca3cc624a189636db8Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120623140115 2012-06-230.35 Win32.SuspectCrc!IK
安博士V3 ... .. -- 0.16 -
AntiVir 8.2.10.80 7.11.32.106 2012-06-090.18 -
安天 2.0.18 2.0.18. 0002-18-000.27 Backdoor/Win32.DarkKomet.arj
Arcavir 2011 201206041805 2012-06-044.38 -
Authentium 5.1.1 201206240944 2012-06-241.53 -
AVAST! 4.7.4 120624-0 2012-06-240.31 MSIL:Agent-GG
AVG 12.0.1787 2433/5090 2012-06-240.23 BackDoor.Generic15.AVPM
BitDefender 7.90123.7321270 7.42709 2012-06-243.98 Gen:Variant.Kazy.69851
ClamAV 0.97.3 15074 2012-06-240.27 PUA.Win32.Packer.SetupExeSection
Comodo 5.1 12716 2012-06-242.44 UnclassifiedMalware
CP Secure 1.3.0.5 2012.06.24 2012-06-240.27 -
Dr.Web 7.0.2.4281 2012.06.24 2012-06-2413.72Trojan.Siggen.65131
F-Prot 4.6.2.117 20120623 2012-06-230.85 -
F-Secure 7.02.73807 2012.06.24.02 2012-06-242.79 Gen:Variant.Kazy.69851
飞塔 4.3.392 15.743 2012-06-230.20 W32/DarkKomet.ARJ!tr.bdr
GData 22.5395 20120624 2012-06-245.21 Gen:Variant.Kazy.69851
ViRobot 20120623 2012.06.23 2012-06-230.36 -
Ikarus T3.1.32.20.0 2012.06.24.815762012-06-246.74 Win32.SuspectCrc
江民杀毒 13.0.900 2012.06.24 2012-06-242.04 Backdoor/DarkKomet.dj
卡巴斯基 5.5.10 2012.06.24 2012-06-240.24 Backdoor.Win32.DarkKomet.arj
金山毒霸 2009.2.5.15 2012.6.24.9 2012-06-240.89 -
迈克菲 5400.1158 6750 2012-06-229.81 Generic BackDoor!1sk
Microsoft 1.8502 2012.06.24 2012-06-243.27 -
NOD32 3.0.21 7242 2012-06-220.25 a variant of MSIL/Injector.ADO trojan
熊猫卫士 9.05.01 2012.06.23 2012-06-232.52 Generic Malware
趋势科技 9.500-1005 9.214.04 2012-06-240.19 TROJ_SPNR.06EF12
Quick Heal 11.00 2012.06.23 2012-06-231.16 Backdoor.DarkKomet.arj
瑞星 20.0 24.15.03.01 2012-06-212.54 -
Sophos 3.32.0 4.78 2012-06-245.33 -
Sunbelt 3.9.2539.2 12105 2012-06-230.89 Trojan.Win32.Generic!BT
赛门铁克 1.3.0.24 20120623.009 2012-06-230.50 Trojan.Gen
nProtect 20120624.01 11510699 2012-06-241.41 -
The Hacker 6.8.0.0 v00042 2012-06-230.58 Backdoor/DarkKomet.arj
VBA32 3.12.18.0 20120622.1130 2012-06-223.61 Backdoor.DarkKomet.arj
VirusBuster 5.5.1.3 15.0.66.0/9024079 2012-06-240.17 Backdoor.DarkKomet!hx6j8nTG54A
本程序是破解器,存在误报的可能。
程序无法运行,未触发COMODO Defence+警报。手工分析失败