关于一个小小病毒分析的疑问!解决方法
日期:2014-05-17 浏览次数:21029 次
关于一个小小病毒分析的疑问!!!
小弟 用Process Monitor 看了一个病毒 这个病毒 吧windows自带的防火墙关闭了 可是我没发现有关闭防火墙的相关注册表操作呀 请高手们看下 我把所有写注册表的操作都写下来了 请高手们指教! 谢谢!!
小弟 用Process Monitor 看了一个病毒 这个病毒 吧windows自带的防火墙关闭了 可是我没发现有关闭防火墙的相关注册表操作呀 请高手们看下 我把所有写注册表的操作都写下来了 请高手们指教! 谢谢!!
- C/C++ code
18:17:29.3651907 111.exe 1584 RegSetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS Type: REG_BINARY, Length: 80, Data: C2 74 80 13 5A C9 35 88 B9 1F 98 A8 BE A2 DA 1B
18:17:29.7338962 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS Type: REG_BINARY, Length: 80, Data: 19 BA F3 DF D4 71 F2 99 44 93 B6 4D 94 9B 2C 71
18:17:30.0260392 111.exe 1600 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache SUCCESS Type: REG_SZ, Length: 140, Data: C:\Documents and Settings\tao\Local Settings\Temporary Internet Files
18:17:30.0309094 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory SUCCESS Type: REG_SZ, Length: 164, Data: C:\Documents and Settings\tao\Local Settings\Temporary Internet Files\Content.IE5
18:17:30.0309393 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths SUCCESS Type: REG_DWORD, Length: 4, Data: 4
18:17:30.0309982 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath SUCCESS Type: REG_SZ, Length: 178, Data: C:\Documents and Settings\tao\Local Settings\Temporary Internet Files\Content.IE5\Cache1
18:17:30.0310331 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath SUCCESS Type: REG_SZ, Length: 178, Data: C:\Documents and Settings\tao\Local Settings\Temporary Internet Files\Content.IE5\Cache2
18:17:30.0310583 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath SUCCESS Type: REG_SZ, Length: 178, Data: C:\Documents and Settings\tao\Local Settings\Temporary Internet Files\Content.IE5\Cache3
18:17:30.0310834 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath SUCCESS Type: REG_SZ, Length: 178, Data: C:\Documents and Settings\tao\Local Settings\Temporary Internet Files\Content.IE5\Cache4
18:17:30.0311077 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit SUCCESS Type: REG_DWORD, Length: 4, Data: 32694
18:17:30.0311315 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit SUCCESS Type: REG_DWORD, Length: 4, Data: 32694
18:17:30.0311547 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit SUCCESS Type: REG_DWORD, Length: 4, Data: 32694
18:17:30.0311778 111.exe 1600 RegSetValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit SUCCESS Type: REG_DWORD, Length: 4, Data: 32694
18:17:30.0341933 111.exe 1600 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies SUCCESS Type: REG_SZ, Length: 76, Data: C:\Documents and Settings\tao\Cookies
18:17:30.0352999 111.exe 1600 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History SUCCESS Type: REG_SZ, Length: 106, Data: C:\Documents and Settings\tao\Local Settings\History
18:17:30.1033027 111.exe 1600 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass SUCCESS Type: REG_DWORD, Length: 4, Data: 1
18:17:30.1033367 111.exe 1600
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
