终于测完了...不过大家别吓倒了..超级BT下载器..
我测了一半 测到最后一包就没办法了..直接死机 tiny 的记录没了..只能根据SSM 的报告得出一些病毒文件..
update.exe
释放
update.exe~.exe
http://www.game9988.cn/19790205.exe/PE_Patch.PECompact/PecBundle/PECompact(下载
C:\WINDOWS\cnt.exe)
C:\WINDOWS\system32\downews.ini
C:\WINDOWS\system32\iScreensaver.dll
C:\WINDOWS\ef26ev.dll
注册表
HKCR\CLSID\{1F80EA54-211C-4A3A-9C4E-C3F19D589079}
HKCR\iScreensaver.ComBho
HKCR\iScreensaver.ComBho\Clsid
还会不定时打开
http://www.maohehe.com/news/56.html
点 我的电脑 就会下载以下文件
http://www.xjdown.cn/Setup2.exe
http://www.xjdown.cn/ss10202.EXE
http://www.xjdown.cn/SetupCXT.exe
http://www.xjdown.cn/bind_40094.exe
http://www.xjdown.cn/Setup_YH0016.exe(已经不存在)
http://www.xjdown.cn/101371.exe(连接http://ulink4.dudu.com/setup/iebar.exe)(iebar)
http://www.xjdown.cn/Setup2.exe
释放
C:\WINDOWS\inf\cpap.ini
C:\WINDOWS\system32\HttpReq.dll
C:\WINDOWS\system32\rundll32.dll
C:\WINDOWS\system32\WEBDLL.DLL
C:\Documents and Settings\mopery\Local Settings\Temp\nsm1.tmp
注册表
HKCR\CLSID\{77962960-536E-47EC-9DDB-52651519705F}
HKCR\Cpap.CpapView
HKCR\Cpap.CpapView.1
HKCR\Interface\{11955EDD-967E-41B8-B668-45FD97A7FD91}
HKCR\TypeLib\{57504324-CC47-4B92-BA22-87A523E4559F}\1.0
http://www.xjdown.cn/SetupCXT.exe
释放
C:\Documents and Settings\mopery\Local Settings\Temp\nsm2.tmp
C:\Documents and Settings\mopery\Local Settings\Temp\nsm3.tmp
C:\Program Files\MMSAssist
C:\WINDOWS\system32\Albus.DAT
C:\WINDOWS\system32\almms.dat
C:\WINDOWS\system32\alsmt.exe
C:\WINDOWS\system32\drivers\Albus.SYS
C:\WINDOWS\System32\std.ini
C:\WINDOWS\System32\stdd.ini
C:\WINDOWS\System32\stdup.dll
C:\WINDOWS\System32\updstdup.ini
C:\~de4.tmp
http://www.xjdown.cn/101371.exe
释放
C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IE-Bar.lnk
C:\Documents and Settings\All Users\Application Data\clubmember\Cast\bfrw_3028.inf
C:\Documents and Settings\All Users\Application Data\clubmember\Cast\bfyswj.inf
C:\Documents and Settings\All Users\Application Data\clubmember\Cast\dxgdgjc.inf
C:\Documents and Settings\All Users\Application Data\clubmember\Cast\GGS
C:\Documents and Settings\mopery\Local Settings\Temp\fsprot.sys
C:\Documents and Settings\mopery\Local Settings\Temp\moprot.sys
C:\Documents and Settings\mopery\Local Settings\Temp\nsf6.tmp
C:\Documents and Settings\mopery\Local Settings\Temporary Internet Files\Content.IE5
\DH7SVJAP\2ee824232dd6b25310041161d1c96ec2.idx[1].y
C:\Documents and Settings\mopery\Local Settings\Temporary Internet Files\Content.IE5
\S5EF8DUV\judge3[1].bin
C:\Documents and Settings\mopery\Local Settings\Temporary Internet Files\Content.IE5
\S5EF8DUV\ut.idx[1].y
C:\Documents and Settings\mopery\Local Settings\Temporary Internet Files\Content.IE5\ZXFM8ZO7
\bl.idx[1].y
C:\Documents and Settings\mopery\Templates\93d0cab
C:\Program Files\Common Files\IE-Bar
C:\WINDOWS\system32\4822a73a
C:\WINDOWS\system32\91dd2fa0.dll
C:\WINDOWS\system32\91di2fa.exe
C:\WINDOWS\system32\91do2fa0.dll
C:\WINDOWS\system32\drivers\fsprot.sys
C:\WINDOWS\system32\drivers\moprot.sys
C:\WINDOWS\Temp\mssoak.exe
C:\Documents and Settings\mopery\Local Settings\Temp\(此文件夹内还有十来个文件)
http://www.xjdown.cn/bind_40094.exe
释放
C:\Documents and Settings\mopery\Favorites\多特软件站-最安全放心的软件站.url
C:\Program Files\Common Files\UPDATE2
C:\Program Files\kuzhan
C:\WINDOWS\system32\mssapi.dll
C:\WINDOWS\system32\nt.sys
C:\WINDOWS\system32\wbem\ocmor.dat
C:\WINDOWS\system32\wbem\smtpconfs.dll
C:\Documents and Settings\mopery\Local Settings\Temp\(内有五个文件)
注册表
HKCR\CLSID\{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7}
HKCR\Interface\{0083DE51-EB2E-4521-A95C-735D8E563373}
HKCR\QuickButton.QuickBtn
HKCR\sss1.sss2.1
HKCR\TypeLib\{933DB9D6-9447-4EFE-ABA2-EAF3B309B44C}\1.0
HKLM\SOFTWARE\Lamp
HKLM\System\CurrentControlSet\Services\Indtry\Parameters
http://www.xjdown.cn/ss10202.EXE
释放
C:\Documents and Settings\mopery\Local Settings\Temp\(生成13个文件)
C:\WINDOWS\system\realsched.exe
C:\WINDOWS\system\vp_VM.dll
C:\WINDOWS\system32\Inte32.dll
C:\WINDOWS\system32\GLBSINST.%$D
C:\WINDOWS\system32\~GLH0000.TMP
C:\WINDOWS\system32\~GLH0001.TMP
注册表
HKCR\AppID\{35A69597-0E2A-4100-A394-C6F6FC2535B9}
HKCR\AppID\InteSearch.DLL
HKCR\CLSID\{8462112E-2D10-4D27-AA0F-D0326D3CE7EF}
HKCR\CLSID\{9B840ED7-32C9-4121-B6C9-A9FF1DB76FE8}
HKCR\CLSID\{EBBC6E6D-7B65-46be-B509-86CED2D17876}
HKCR\CLSID\{EE09B8C3-BDB8-4301-BC8D-C13CE4664194}
HKCR\CLSID\{F8EB3B42-0665-4A7B-ADA5-B21B0C189FBD}
HKCR\Interface\{267C72E2-A8B2-41EB-AA53-CAC627B1BB40}
HKCR\Interface\{283AF4AE-CAAB-4680-A951-919A5471D4AD}
HKCR\Interface\{3454E70B-C820-40E9-A21C-66BB1743A9A3}
HKCR\Interface\{51B70EAE-A776-42C1-A494-46461232486D}
HKCR\Interface\{52F707BD-7D57-4AFD-8151-215ED7003D5D}
HKCR\InteSearch.DocumentEventsHandler
HKCR\InteSearch.DocumentEventsHandler.1
HKCR\InteSearch.Intruder
HKCR\InteSearch.Intruder.1
HKCR\InteSearch.Service
HKCR\InteSearch.Service.1
HKCR\InteSearch.Settings
HKCR\InteSearch.Settings.1
HKCR\InteSearch.WindowEventsHandler
HKCR\InteSearch.WindowEventsHandler.1
HKCR\TypeLib\{3548754C-4A57-4D1E-A0FD-5AFF86749120}\1.0
以上文件安装了
IE-Bar 51导航 Cpap水源 酷站导航 ShareHeloer WinStdup/Winkalendar MMSAssist 彩信通 DMCast/桌面传媒 酷客娱乐平台
http://www.xjdown.cn/Setup_YH0016.exe(今天已经不存在)
释放文件
C:\Documents and Settings\mopery\Local Settings\Temp\3481734.exe
C:\WINDOWS\svchost.exe (致命文件..病毒文件全是他下载的,,)
打开:http://211.100.32.174/win/center/fujian/
C:\Documents and Settings\mopery\Local Settings\Temp\mmsassis01.exe
C:\Documents and Settings\mopery\Local Settings\Temp\Skymmstp.exe 访问:222.73.4.243:80
221.231.138.59:80
C:\Documents and Settings\mopery\Local Settings\Temp\bind_40061.exe
C:\Documents and Settings\mopery\Local Settings\Temp\bbmao_1002_XXXX.exe(bbmao助手)
C:\Documents and Settings\mopery\Local Settings\Temp\temp1.exe
C:\Documents and Settings\mopery\Local Settings\Temp\jmxkbsetup-x66.exe
C:\Documents and Settings\mopery\Local Settings\Temp\pack_tmp\progress.exe
C:\Documents and Settings\mopery\Local Settings\Temp\63065a4e.exe(傲讯插件)
C:\Documents and Settings\mopery\Local Settings\Temp\Setup_ws.exe
C:\Documents and Settings\mopery\Local Settings\Temp\IXP000.TMP\Setup.exe
C:\WINDOWS\cast.config
C:\WINDOWS\castp.dat
C:\WINDOWS\castvxml.dat
C:\WINDOWS\castxml.dat
C:\WINDOWS\downnew.ini
C:\WINDOWS\inf\hpsext.inf
C:\WINDOWS\KB910436.log
C:\WINDOWS\system32\32F77AC0.094
C:\WINDOWS\system32\Albus.DAT
C:\WINDOWS\system32\almms.dat
C:\WINDOWS\system32\alsmt.exe
C:\WINDOWS\system32\drivers\Albus.SYS
C:\WINDOWS\system32\EJMX.dll
C:\WINDOWS\system32\guid.vxd
C:\WINDOWS\system32\gunzip.exe
C:\WINDOWS\system32\iedetect.dll
C:\WINDOWS\system32\mscache
C:\Program Files\bbmao toolbar
C:\Program Files\Common Files\UPDATE2
C:\Program Files\MMSAssist
C:\WINDOWS\system32\1116
C:\WINDOWS\system32\msicn
C:\WINDOWS\system32\nt.sys
C:\WINDOWS\system32\spoolsv\spoolsv.exe
C:\WINDOWS\System32\std.ini
C:\WINDOWS\System32\stdd.ini
C:\WINDOWS\System32\stdup.dll
C:\WINDOWS\system32\svchost.dll
C:\WINDOWS\system32\svchost.dll
C:\WINDOWS\System32\updstdup.ini
C:\WINDOWS\system32\wbauninstall.exe
C:\WINDOWS\system32\wbem\ocmor.dat
C:\WINDOWS\system32\wbem\smtpconfs.dll
C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\system32\xenroer.dll
C:\WINDOWS\url_.ini
注册表
HKCR\CLSID\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF}
HKCR\CLSID\{6F26ED6F-82C2-4B64-B1A7-40E644225E97}
HKCR\CLSID\{72BA415A-AE03-4279-ACAB-39A3DF73FD4E}
HKCR\CLSID\{A405D44C-4B7B-43EA-A3EA-7E0E3065220E}
HKCR\CLSID\{CAC068F3-A608-406B-8581-458788A67694}
HKCR\IeLunch.Webacc
HKCR\IeLunch.Webacc.1
HKCR\Interface\{18ACE3AA-4C9B-4800-AC8E-73BF91009B09}
HKCR\Interface\{B780481C-A4F7-493A-8586-6CAC39D812ED}
HKCR\Interface\{EB433BB6-139A-48AF-9836-09911F2E0847}
HKCR\Interface\{ECB449B4-6B1C-4C8A-871A-4A86F756CD84}
HKCR\Skymmstp.CFileDownload
HKCR\Skymmstp.CVirus
HKCR\ToolBand.XBTP05676
HKCR\ToolBand.XBTP05676.1
HKCR\TypeLib\{68A7C985-87D6-4635-B498-3290613C718E}\1.0
HKCR\TypeLib\{A67726D9-4100-4582-8620-5A7E27D3EC3B}\5b.0
HKCR\TypeLib\{B25E511B-2A57-41B1-B7AC-53E76E20D11C}\1.0
HKCR\XBTB05676.IEToolbar
HKCR\XBTB05676.IEToolbar.1
HKCR\XBTB05676.XBTB05676
HKCR\XBTB05676.XBTB05676.1
HKCU\Software\91cast
HKCU\Software\bbmao
HKCU\Software\XBTB05676
HKLM\SOFTWARE\Lamp\Update
HKLM\SOFTWARE\SECTEMP
