swchost.exe[Trojan-PSW.Win32.OnLineGames.fxk]
Size: 51505 bytes
Modified: 2000年11月6日, 17:45:34
MD5: AE8DA6166CA8A5323F77AD165978A721
SHA1: 3AAE618601E4B1ADBA27161CA45589B26687B077
CRC32: 37C8F33A
Shell:ASPack 2.12
既然涉及OnLineGames必有键盘记录,运行自身并释放:
%Windir%\124327WL.DLL 43,313 bytes [FAF6255BFD0B63B22845E00831CB0260][Trojan-PSW.Win32.OnLineGames.gqp]
%Windir%\swchost.exe 51,505 bytes [AE8DA6166CA8A5323F77AD165978A721][Trojan-PSW.Win32.OnLineGames.fxk
注册表变动
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WinSysW = “%Windir%\swchost.exe
%Windir%\124327WL.DLL 43,313 bytes [FAF6255BFD0B63B22845E00831CB0260][Trojan-PSW.Win32.OnLineGames.gqp]
%Windir%\swchost.exe 51,505 bytes [AE8DA6166CA8A5323F77AD165978A721][Trojan-PSW.Win32.OnLineGames.fxk
注册表变动
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WinSysW = “%Windir%\swchost.exe
发表评论
| Trackback
