1 20 50 150 500
欢迎来到AI猫软件站,找素材,搜软件,就上AI猫软件站!
当前位置 >首页 >软件下载 >电脑软件 >安全软件 >其他综合

ZBot病毒查杀工具(ZBot Trojan Remover) v1.7 绿色版

软件信息
  • 分类:其他综合
  • 大小:552KB
  • 语言: 中文
  • 环境: WinAll, Win7
  • 更新:2024-07-03
  • 评级:
  • 系统: Windows Linux Mac Ubuntu
  • 软件类别: 国产软件 / 免费软件 / 专业工具
  • 插件情况:

ZBot Trojan Remover可以检测并查杀ZBot变种木马病毒,这病毒可以从网站上窃取用户的银行信息,信用卡信息和paypal账户的登录凭据。

病毒样本:

Malware Analyzer by HX
Analysis started

MD5: 2BB9A1C4B35719ABD022C605A546D6C4

Executing -> DeviceHarddiskVolume3UsersGatewayDesktop2BB9A1C4B35719ABD022C605A546D6C4.exe (PID: 13440)
Command-line: "C:UsersGatewayDesktop2BB9A1C4B35719ABD022C605A546D6C4.exe"

C:UsersGatewayDesktop2BB9A1C4B35719ABD022C605A546D6C4.exe
        WriteFile, C:UsersGatewayAppDataRoamingGolaxyeq.exe

C:UsersGatewayDesktop2BB9A1C4B35719ABD022C605A546D6C4.exe
        WriteRegistryKey, SoftwareMicrosoft

C:UsersGatewayDesktop2BB9A1C4B35719ABD022C605A546D6C4.exe
        WriteRegistryKey, Juat

C:UsersGatewayDesktop2BB9A1C4B35719ABD022C605A546D6C4.exe
        DeleteFile, C:UsersGatewayAppDataRoamingGolaxyeq.exe

C:UsersGatewayDesktop2BB9A1C4B35719ABD022C605A546D6C4.exe
        WriteFile, C:UsersGatewayAppDataRoamingGolaxyeq.exe

C:UsersGatewayDesktop2BB9A1C4B35719ABD022C605A546D6C4.exe
        WriteFile, C:UsersGatewayAppDataRoamingGolaxyeq.exe

Executing -> DeviceHarddiskVolume3SandboxGatewayAnalyzerusercurrentAppDataRoamingGolaxyeq.exe (PID: 16540)
Command-line: "C:UsersGatewayAppDataRoamingGolaxyeq.exe"

C:UsersGatewayAppDataRoamingGolaxyeq.exe
        WriteRegistryKey, SoftwareMicrosoftJuat

C:UsersGatewayAppDataRoamingGolaxyeq.exe
        WriteRegistryKey, f62bfi

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:WindowsSystem32 askhost.exe (PID: 1992)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:WindowsSystem32dwm.exe (PID: 2976)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:UsersGatewayAppDataLocalMicrosoftSkyDriveSkyDrive.exe (PID: 3484)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:Program Files (x86)GoogleDrivegoogledrivesync.exe (PID: 3496)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:Program FilesSandboxieSbieCtrl.exe (PID: 3524)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:Program Files (x86)EvernoteEvernoteEvernoteClipper.exe (PID: 3584)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, K:Program Files (x86)Kaspersky LabKaspersky Endpoint Security 8 for Windowsavp.exe (PID: 3592)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:UsersGatewayDesktopgoagent-goagent-a51d6a2localgoagent.exe (PID: 3600)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:WindowsSystem32conhost.exe (PID: 3608)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:Program FilesBOINCoincmgr.exe (PID: 3696)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:UsersGatewayDesktopgoagent-goagent-a51d6a2localpython27.exe (PID: 3704)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:Program FilesBOINCoinctray.exe (PID: 3776)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, K:SkyDriveProgramsVBSherloggerSherlogger.exe (PID: 3840)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, K:Program Files (x86)BaiduYunaiduyun.exe (PID: 3868)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:Program Files (x86)GoogleDrivegoogledrivesync.exe (PID: 3952)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:Program FilesBOINCoinc.exe (PID: 3964)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:WindowsSystem32conhost.exe (PID: 3972)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:Program Files (x86)alipaySafeTransactionAlipaySafeTran.exe (PID: 17800)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:ProgramDataBOINCprojectswww.worldcommunitygrid.orgwcgrid_dsfl_vina_6.25_windows_x86_64 (PID: 57092)

C:UsersGatewayAppDataRoamingGolaxyeq.exe (PID: 16540)
        AccessPROTECTEDProgram, C:WindowsSystem32conhost.exe (PID: 58156)


Rolling back...
Analysis ended
Reason: Malware detected and rolled back

Anomalies:
        - Modifies protected resource. The executable modifies important resources (files, processes, etc.)

下载地址

热门软件

Top