病毒安全知识,电脑网络技术,手工杀毒方法,答疑解决笔记

导航

« 清除wvps.dll、Win0ym.dll、AutoRun.dll病毒清除cmdbcs.exe、winform.exe等病毒 »

sys28.exe病毒

  sys28.exe传到Norman上,分析结果如下,虽然报NO MALWARE(只能说Norman没查出来),但看报告内容,明显是病毒无疑:

sys28.exe : Not detected by Sandbox (Signature: W32/Smalltroj.BPDH)

 [ DetectionInfo ]
    * Sandbox name: NO_MALWARE
    * Signature name: W32/Smalltroj.BPDH
    * Compressed: YES
    * TLS hooks: NO
    * Executable type: Application
    * Executable file structure: OK

 [ General information ]
    * **Locates window "金山毒霸 [class #32770]" on desktop.找金山毒霸(怎么只找金山?)

 [ Changes to filesystem ]
    * Creates file C:\WINDOWS\SYSTEM32\del.bat.(释放文件)

 [ Changes to registry ](修改注册表)
    * Creates key "HKLM\System\CurrentControlSet\Services\FC5B1166".
    * Sets value "ImagePath"="C:\WINDOWS\SYSTEM32\16BF120E.EXE -k" in key "HKLM\System\CurrentControlSet\Services\FC5B1166".
    * Sets value "DisplayName"="FC5B1166" in key "HKLM\System\CurrentControlSet\Services\FC5B1166".
    * Sets value "Description"="C9C972BA" in key "HKLM\System\CurrentControlSet\Services\FC5B1166".
    * Creates key "HKCU\Software\SYSTEM\CurrentControlSet\Services\FC5B1166".
    * Sets value "Description"="C9C972BA" in key "HKCU\Software\SYSTEM\CurrentControlSet\Services\FC5B1166".
    * Sets value "DisplayName"="FC5B1166" in key "HKCU\Software\SYSTEM\CurrentControlSet\Services\FC5B1166".
    * Sets value "ErrorControl"="" in key "HKLM\System\CurrentControlSet\Services\FC5B1166".
    * Sets value "ImagePath"="C:\WINDOWS\SYSTEM32\16BF120E.EXE -k" in key "HKCU\Software\SYSTEM\CurrentControlSet\Services\FC5B1166".
    * Sets value "ObjectName"="LocalSystem" in key "HKLM\System\CurrentControlSet\Services\FC5B1166".
    * Sets value "ObjectName"="LocalSystem" in key "HKCU\Software\SYSTEM\CurrentControlSet\Services\FC5B1166".
    * Sets value "Start"="" in key "HKLM\System\CurrentControlSet\Services\FC5B1166".
    * Sets value "Type"="" in key "HKLM\System\CurrentControlSet\Services\FC5B1166".

 [ Process/window information ]
    * Enumerates running processes.
    * Attempts to access service "FC5B1166".
    * Creates service "FC5B1166 (FC5B1166)" as "C:\WINDOWS\SYSTEM32\16BF120E.EXE -k".(创建一个服务)

 [ Signature Scanning ]
    * C:\WINDOWS\SYSTEM32\del.bat (97 bytes) : no signature detection.  


>> 除非说明均为原创,如转载请注明来源于http://www.stormcn.cn/post/39.html

发表评论(无须注册,所有评论在审核通过后显示):

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

  • 微信订阅号
    微信订阅

最新发表

最新评论及回复

本站出现的所有广告均不代表本人及本站观点立场 | 关于我 | 网站地图 | 联系邮箱 | 返回顶部
Copyright 2008-2020 www.stormcn.cn. All Rights Reserved. Powered By Z-Blog.

闽公网安备 35010202000133号