西西軟件園多重安全檢測下載網(wǎng)站、值得信賴的軟件下載站!
西西首頁 電腦軟件 安卓軟件 電腦游戲 安卓游戲 排行榜 專題合集

ZBot病毒查殺工具(ZBot Trojan Remover)

v1.7 綠色版
  • ZBot病毒查殺工具(ZBot Trojan Remover)v1.7 綠色版
  • 軟件大小:552KB
  • 更新時(shí)間:2014-04-24 16:24
  • 軟件語言:中文
  • 軟件廠商:
  • 軟件類別:國產(chǎn)軟件 / 免費(fèi)軟件 / 專業(yè)工具
  • 軟件等級:4級
  • 應(yīng)用平臺:WinAll, Win7
  • 官方網(wǎng)站:暫無
  • 應(yīng)用備案:
好評:50%
壞評:50%

軟件介紹

ZBot Trojan Remover可以檢測并查殺ZBot變種木馬病毒,這病毒可以從網(wǎng)站上竊取用戶的銀行信息,信用卡信息和paypal賬戶的登錄憑據(jù)。

病毒樣本:

Malware Analyzer by HX
Analysis started

MD5: 2BB9A1C4B35719ABD022C605A546D6C4

Executing -> \Device\HarddiskVolume3\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exe (PID: 13440)
Command-line: "C:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exe"

C:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exe
        WriteFile, C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe

C:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exe
        WriteRegistryKey, Software\Microsoft

C:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exe
        WriteRegistryKey, Juat

C:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exe
        DeleteFile, C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe

C:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exe
        WriteFile, C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe

C:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exe
        WriteFile, C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe

Executing -> \Device\HarddiskVolume3\Sandbox\Gateway\Analyzer\user\current\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
Command-line: "C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe"

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe
        WriteRegistryKey, Software\Microsoft\Juat

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe
        WriteRegistryKey, f62bfi

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Windows\System32\taskhost.exe (PID: 1992)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Windows\System32\dwm.exe (PID: 2976)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Users\Gateway\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (PID: 3484)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Program Files (x86)\Google\Drive\googledrivesync.exe (PID: 3496)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Program Files\Sandboxie\SbieCtrl.exe (PID: 3524)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (PID: 3584)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, K:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe (PID: 3592)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Users\Gateway\Desktop\goagent-goagent-a51d6a2\local\goagent.exe (PID: 3600)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Windows\System32\conhost.exe (PID: 3608)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Program Files\BOINC\boincmgr.exe (PID: 3696)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Users\Gateway\Desktop\goagent-goagent-a51d6a2\local\python27.exe (PID: 3704)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Program Files\BOINC\boinctray.exe (PID: 3776)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, K:\SkyDrive\Programs\VB\Sherlogger\Sherlogger.exe (PID: 3840)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, K:\Program Files (x86)\BaiduYun\baiduyun.exe (PID: 3868)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Program Files (x86)\Google\Drive\googledrivesync.exe (PID: 3952)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Program Files\BOINC\boinc.exe (PID: 3964)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Windows\System32\conhost.exe (PID: 3972)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Program Files (x86)\alipay\SafeTransaction\AlipaySafeTran.exe (PID: 17800)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_dsfl_vina_6.25_windows_x86_64 (PID: 57092)

C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:\Windows\System32\conhost.exe (PID: 58156)


Rolling back...
Analysis ended
Reason: Malware detected and rolled back

Anomalies:
        - Modifies protected resource. The executable modifies important resources (files, processes, etc.)

軟件標(biāo)簽: 病毒查殺

其他版本下載

最新評論查看所有(1)條評論 >

第 1 樓 四川鐵通 網(wǎng)友 客人 2014/4/24 17:31:57
中毒了,用了多款殺毒都沒用,還是專業(yè)工具好用一下就殺掉了

支持( 0 ) 蓋樓(回復(fù))

發(fā)表評論

昵稱:
表情: 高興 可 汗 我不要 害羞 好 下下下 送花 屎 親親
查看所有(1)條評論 > 字?jǐn)?shù): 0/500

TOP
軟件下載