学习了！

学习下>kxzhmc500@sina.com

引用:

【闪电风暴的贴子】学习下>kxzhmc500@sina.com ………………

样本已经发送

nvsvc32
nvsvc33~~~
病毒越来越狡诈~~
学习了~~

请猫叔给我发个样本

ufwihgu9168@yahoo.com.cn

加密：9168

引用:

【秋日里的蓝天的贴子】请猫叔给我发个样本 ufwihgu9168@yahoo.com.cn 加密：9168　 ………………

已发..

关注

多谢猫叔 mopery版主，已收到

怎么大家都喜欢样本呢 中了病毒就不好玩耶
呵呵  鸽子是盗密码的吗  猫叔

我测试逃了SRENG，还是新版本

服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[FW Event Manager / UmxAgent]
  <"D:\Program Files\Tiny Firewall Pro\UmxAgent.exe"><Computer Associates International, Inc.>
[FW Configuration Interpreter / UmxCfg]
  <"C:\Program Files\Common Files\PFShared\UmxCfg.exe"><Computer Associates International, Inc.>
[FW User-Mode Helper / UmxFwHlp]
  <"D:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe"><Computer Associates International, Inc.>
[FW Live Update / UmxLU]
  <"C:\Program Files\Common Files\PFShared\umxlu.exe"><Computer Associates International, Inc.>
[FW Policy Manager / UmxPol]
  <"C:\Program Files\Common Files\PFShared\UmxPol.exe"><Computer Associates International, Inc.>
[VMware Authorization Service / VMAuthdService]
  <G:\Program Files\VMware\VMware Workstation\vmware-authd.exe><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP]
  <C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware Virtual Mount Manager Extended / vmount2]
  <"C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"><VMware, Inc.>
[VMware NAT Service / VMware NAT Service]
  <C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>
[TrueVector Internet Monitor / vsmon]
  <C:\WINDOWS\system32\ZONELABS\vsmon.exe -service><Zone Labs, LLC>


HIJACKTHIS可以扫描出来
O23 - Service: Alerter Server - Unknown owner - C:\WINDOWS\nvsvc33.exe
O23 - Service: FW Event Manager (UmxAgent) - Computer Associates International, Inc. - D:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Computer Associates International, Inc. - D:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - G:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

用IceSword监视进线程创建，可以看到nvsvc33.exe

寒