interne.exe-Trojan-Downloader.Win32.VB.dgg
pagefile(磁碟机)-Virus.Win32.Xorer.ek
2008-3-19 20:42 | by File: swchost.exe
Size: 51505 bytes
Modified: 2000年11月6日, 17:45:34
MD5: AE8DA6166CA8A5323F77AD165978A721
SHA1: 3AAE618601E4B1ADBA27161CA45589B26687B077
CRC32: 37C8F33A
Shell:ASPack 2.12
Size: 51505 bytes
Modified: 2000年11月6日, 17:45:34
MD5: AE8DA6166CA8A5323F77AD165978A721
SHA1: 3AAE618601E4B1ADBA27161CA45589B26687B077
CRC32: 37C8F33A
Shell:ASPack 2.12
引用
既然涉及OnLineGames必有键盘记录,运行自身并释放:
%Windir%\124327WL.DLL 43,313 bytes [FAF6255BFD0B63B22845E00831CB0260][Trojan-PSW.Win32.OnLineGames.gqp]
%Windir%\swchost.exe 51,505 bytes [AE8DA6166CA8A5323F77AD165978A721][Trojan-PSW.Win32.OnLineGames.fxk
注册表变动
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WinSysW = "%Windir%\swchost.exe
%Windir%\124327WL.DLL 43,313 bytes [FAF6255BFD0B63B22845E00831CB0260][Trojan-PSW.Win32.OnLineGames.gqp]
%Windir%\swchost.exe 51,505 bytes [AE8DA6166CA8A5323F77AD165978A721][Trojan-PSW.Win32.OnLineGames.fxk
注册表变动
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WinSysW = "%Windir%\swchost.exe
