Windows XP Updater,后续版本支持接收SP4更新,现有的更新交由它安装 https://bbs.pcbeta.com/viewthread-1547976-1-1.html[/url]
接上帖
Windows XP SP3/SP4 系统更新
https://mega.co.nz/#!bN51DYxA!t9ubFC75wpGZybYFeiR_r5MFo2t-4xsvG7O6eFsoWeA
https://mega.co.nz/#!OQJCyR6S!Y36fX4rzIVzeEs9pDCcML2lAZSOhT2R1KZGf08YQ2Q0
[url]http://pan.baidu.com/s/1bn2DX2v
见证成功后,请在1楼支持并评分!
[quote]jieling 发表于 2014-8-28 16:08 https://www.virustotal.com/zh-cn/file/ec438c16fab855110c689699ba59d0ff72f15374e9ca28026fc1a97279f3f9ef/analysis/1409217356/
https://www.virustotal.com/zh-cn/file/a607ffdbe0bc4a68b7972342d3dbf3c3ab4458bcbd68ffba0bac8497c347ba5f/analysis/1409217311/
NaNo Antivirus 报告这个IE更新有这个Trojan.Win32.Ramnit.csvfcz,上网一查没吓死我,居然是这么厉害的病毒,我自己都不知道我放了这个东西
上传行为鉴定 火眼结果http://fireeye.ijinshan.com/analyse.html?md5=87d6138dcfa4b744a62608ec4dedf473&sha1=43f98ddf00dfdf26b47476ee27c5cfd26320cf16&type=1#full
VirusTotal 行为鉴定
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
C:\WINDOWS\system32\netmsg.dll (successful)
C:\5999fea84b5a0ceca22abfb16cb34011a09229bb679ed9179b3dd6aff0332a1a (successful)
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-KLGJ2.tmp\5999fea84b5a0ceca22abfb16cb34011a09229bb679ed9179b3dd6aff0332a1a.tmp (successful)
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-F1FPM.tmp\_isetup\_shfoldr.dll (successful)
C:\WINDOWS\system32\shfolder.dll (successful)
C:\WINDOWS\system32\shell32.dll (successful)
\\.\PIPE\lsarpc (successful)
\\.\MountPointManager (successful)
C:\WINDOWS\Registration\R000000000007.clb (successful)
Read files
C:\5999fea84b5a0ceca22abfb16cb34011a09229bb679ed9179b3dd6aff0332a1a (successful)
C:\WINDOWS\system32\shell32.dll (successful)
C:\WINDOWS\Registration\R000000000007.clb (successful)
Written files
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-KLGJ2.tmp\5999fea84b5a0ceca22abfb16cb34011a09229bb679ed9179b3dd6aff0332a1a.tmp (successful)
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-F1FPM.tmp\_isetup\_shfoldr.dll (successful)
Deleted files
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-KLGJ2.tmp\5999fea84b5a0ceca22abfb16cb34011a09229bb679ed9179b3dd6aff0332a1a.tmp (failed)
Created processes
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-KLGJ2.tmp\5999fea84b5a0ceca22abfb16cb34011a09229bb679ed9179b3dd6aff0332a1a.tmp" /SL5="$0 (successful)
Runtime DLLs
shell32.dll (successful)
comctl32.dll (successful)
advapi32.dll (successful)
uxtheme.dll (successful)
shfolder.dll (successful)
ole32.dll (successful)
userenv.dll (successful)
setupapi.dll (successful)
rpcrt4.dll (successful)
c:\windows\system32\shlwapi.dll (successful)
clbcatq.dll (successful)
riched20.dll (successful)
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.