U盘病毒
U盘病毒~
VirScan:
http://www.virscan.org/report/e4 ... 79f97da6b2a3a0.htmlMD5:CA8750E643C25C104CD2C6BA4CA4E900
1.提升限权Access: Using dangerous system privileges
Object: AdjustTokenPrivileges(SeDebugPrivilege)
2.释放驱动并安装,加载后删除%WinDir%\system32\drivers\klif.sys
HKLM\System\CurrentControlSet\Services\KAVsys
3.释放文件%WinDir%\system32\uret463.exe(MD5:CA8750E643C25C104CD2C6BA4CA4E900)
%WinDir%\system32\hgjyit0.dll
4.创建启动项[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"dorfgwe"="C:\\WINDOWS\\system32\\uret463.exe"
CA/Tiny还监控到这些动作:
Access: Forced process/thread termination
Object: PostMessageA(Message=WM_CLOSE,Handle=0x0)
Access: Injecting code into other processes
Object: VirtualAllocEx
Access: Injecting code into other processes
Object: WriteProcessMemory
Access: Injecting code into other processes
Object: CreateRemoteThread
知道的麻烦告知下
用户系统信息:Opera/9.64 (Windows NT 5.1; U; zh-cn) Presto/2.1.1
