Malware Tips 11.21样本

显示全部楼层 · 发表于 2014-11-22 17:55:17

本帖最后由诸葛亮于 2014-11-22 18:18 编辑

地址链接：http://pan.baidu.com/s/1bntSQIV 密码：yfaa
http://www22.zippyshare.com/v/88842762/file.html

解压密码：infected

转自http://malwaretips.com/threads/2014-11-21-32.37823/

红伞右键扫描kill 28个，双击kill 2个，剩余2个与当前系统不兼容

@天蓝色的忧伤

显示全部楼层 · 发表于 2014-11-22 17:59:38

KIS

[mw_shl_code=html,true]22.11.2014 17.58.41;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\DEA6B4A2ABF959F1CA1FBA1154B839F2//mouad.exe;C:\Users\MrChenWei\Desktop\新建文件夹\DEA6B4A2ABF959F1CA1FBA1154B839F2//mouad.exe;Trojan.MSIL.Zapchast.ogvh
22.11.2014 17.58.52;自定义扫描;完成任务;11/22/2014 17:58:52
22.11.2014 17.58.52;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\D4B41D92F6185128AFE037E4521A3372;C:\Users\MrChenWei\Desktop\新建文件夹\D4B41D92F6185128AFE037E4521A3372;Trojan-Banker.Win32.ChePro.pht
22.11.2014 17.58.52;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\CF2C250E22C8BF4928450AE67C43E3A1;C:\Users\MrChenWei\Desktop\新建文件夹\CF2C250E22C8BF4928450AE67C43E3A1;Trojan.Win32.VB.cthz
22.11.2014 17.58.52;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\CDC1D5526CF21091C68C8FE1B6C1D572//ASPack;C:\Users\MrChenWei\Desktop\新建文件夹\CDC1D5526CF21091C68C8FE1B6C1D572//ASPack;HEUR:Trojan.Win32.Generic
22.11.2014 17.58.49;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\C7A127BEBE08821F39A762477B2B873D;C:\Users\MrChenWei\Desktop\新建文件夹\C7A127BEBE08821F39A762477B2B873D;Trojan-PSW.Win32.Tepfer.uqem
22.11.2014 17.58.49;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\BE03E33EF55D89041806A25350A68C96;C:\Users\MrChenWei\Desktop\新建文件夹\BE03E33EF55D89041806A25350A68C96;not-a-virus:HEUR:Monitor.MSIL.KeyLogger.heur
22.11.2014 17.58.49;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\BE03E33EF55D89041806A25350A68C96//data0004.res;C:\Users\MrChenWei\Desktop\新建文件夹\BE03E33EF55D89041806A25350A68C96//data0004.res;not-a-virus:PSWTool.Win32.MailPassView.os
22.11.2014 17.58.49;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\BE03E33EF55D89041806A25350A68C96//data0003.res;C:\Users\MrChenWei\Desktop\新建文件夹\BE03E33EF55D89041806A25350A68C96//data0003.res;Trojan.MSIL.Inject.jay
22.11.2014 17.58.49;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\BE03E33EF55D89041806A25350A68C96//data0002.res;C:\Users\MrChenWei\Desktop\新建文件夹\BE03E33EF55D89041806A25350A68C96//data0002.res;not-a-virus:PSWTool.Win32.NetPass.cif
22.11.2014 17.58.48;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\B0AC7DD2631034F662CF262D0765F19D;C:\Users\MrChenWei\Desktop\新建文件夹\B0AC7DD2631034F662CF262D0765F19D;Backdoor.Win32.Backoff.do
22.11.2014 17.58.48;检测到对象（文件）;c:\users\mrchenwei\desktop\新建文件夹\33e3f1b7217253a0c5131a3abeda35a6;c:\users\mrchenwei\desktop\新建文件夹\33e3f1b7217253a0c5131a3abeda35a6;UDS:DangerousObject.Multi.Generic
22.11.2014 17.58.48;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\A862A4832330AA71B91AEDC7710FDD8A//data0001.res;C:\Users\MrChenWei\Desktop\新建文件夹\A862A4832330AA71B91AEDC7710FDD8A//data0001.res;HEUR:Trojan.Win32.Generic
22.11.2014 17.58.47;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\204079773B82AAC76FAF8F4942287FA6;C:\Users\MrChenWei\Desktop\新建文件夹\204079773B82AAC76FAF8F4942287FA6;HEUR:Trojan.Win32.Generic
22.11.2014 17.58.47;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\1715956A0EDF1D83F119E77EBEED6C5B;C:\Users\MrChenWei\Desktop\新建文件夹\1715956A0EDF1D83F119E77EBEED6C5B;Trojan-PSW.Win32.Tepfer.uqen
22.11.2014 17.58.46;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\495116BF52DEEB4F9D0CA191406B8FBE;C:\Users\MrChenWei\Desktop\新建文件夹\495116BF52DEEB4F9D0CA191406B8FBE;HEUR:Trojan.Win32.Generic
22.11.2014 17.58.46;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\1718BF58947906545BBE017E7085E8BB;C:\Users\MrChenWei\Desktop\新建文件夹\1718BF58947906545BBE017E7085E8BB;Trojan.MSIL.Inject.wfb
22.11.2014 17.58.46;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\788EA513E52684B30F4A39A845DD7E5A//data0002.res//server.exe//UPX;C:\Users\MrChenWei\Desktop\新建文件夹\788EA513E52684B30F4A39A845DD7E5A//data0002.res//server.exe//UPX;Backdoor.Win32.Xtreme.bqj
22.11.2014 17.58.45;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\94B67A564CDD2E37226C40775ED3780B;C:\Users\MrChenWei\Desktop\新建文件夹\94B67A564CDD2E37226C40775ED3780B;Trojan-Spy.Win32.Zbot.uphg
22.11.2014 17.58.45;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\74EE5363A03E3358239E65DC83BD7267;C:\Users\MrChenWei\Desktop\新建文件夹\74EE5363A03E3358239E65DC83BD7267;Trojan-Spy.Win32.Zbot.upiw
22.11.2014 17.58.45;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\58B08FEDF186917451C6EDEFC80A29A3;C:\Users\MrChenWei\Desktop\新建文件夹\58B08FEDF186917451C6EDEFC80A29A3;Trojan.Win32.Scarsi.xmq
22.11.2014 17.58.44;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\8AA7299B5E68FF6BDD00A92C7EA6E6D2;C:\Users\MrChenWei\Desktop\新建文件夹\8AA7299B5E68FF6BDD00A92C7EA6E6D2;HEUR:Trojan.Win32.Generic
22.11.2014 17.58.43;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\7B4F31F8935F8FD3ED62D678B50C355D;C:\Users\MrChenWei\Desktop\新建文件夹\7B4F31F8935F8FD3ED62D678B50C355D;Trojan-PSW.Win32.Tepfer.uqaq
22.11.2014 17.58.43;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\6F25914971AF5117ED70FAAFA91DB3E4;C:\Users\MrChenWei\Desktop\新建文件夹\6F25914971AF5117ED70FAAFA91DB3E4;Trojan-Spy.Win32.Carbgrab.fw
22.11.2014 17.58.43;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\4B484C1F2F886F16731A35ED03060B4E;C:\Users\MrChenWei\Desktop\新建文件夹\4B484C1F2F886F16731A35ED03060B4E;not-a-virus:HEUR:Monitor.MSIL.KeyLogger.heur
22.11.2014 17.58.42;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\4B484C1F2F886F16731A35ED03060B4E//data0004.res;C:\Users\MrChenWei\Desktop\新建文件夹\4B484C1F2F886F16731A35ED03060B4E//data0004.res;not-a-virus:PSWTool.Win32.MailPassView.os
22.11.2014 17.58.42;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\4B484C1F2F886F16731A35ED03060B4E//data0003.res;C:\Users\MrChenWei\Desktop\新建文件夹\4B484C1F2F886F16731A35ED03060B4E//data0003.res;Trojan.MSIL.Inject.jay
22.11.2014 17.58.42;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\4B484C1F2F886F16731A35ED03060B4E//data0002.res;C:\Users\MrChenWei\Desktop\新建文件夹\4B484C1F2F886F16731A35ED03060B4E//data0002.res;not-a-virus:PSWTool.Win32.NetPass.cif
22.11.2014 17.58.42;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\1B7480757DA7C26A358ADC1948A2AABB;C:\Users\MrChenWei\Desktop\新建文件夹\1B7480757DA7C26A358ADC1948A2AABB;Trojan-Spy.Win32.Zbot.upbp
22.11.2014 17.58.41;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\0F73DDE8AE8AA7134C44E46E4A493BED//š€\opinicus.dll;C:\Users\MrChenWei\Desktop\新建文件夹\0F73DDE8AE8AA7134C44E46E4A493BED//š€\opinicus.dll;Trojan.NSIS.Agent.dy
22.11.2014 17.58.41;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\F70AB20D0B560FD0E6D378105718491A;C:\Users\MrChenWei\Desktop\新建文件夹\F70AB20D0B560FD0E6D378105718491A;Backdoor.Win32.Androm.flnv
22.11.2014 17.58.41;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\F52C5130B8840ACF646D6DD27C0B6B7F;C:\Users\MrChenWei\Desktop\新建文件夹\F52C5130B8840ACF646D6DD27C0B6B7F;Trojan-Ransom.Win32.Blocker.gcba
22.11.2014 17.58.40;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\DEA6B4A2ABF959F1CA1FBA1154B839F2//TMO.exe;C:\Users\MrChenWei\Desktop\新建文件夹\DEA6B4A2ABF959F1CA1FBA1154B839F2//TMO.exe;Trojan.MSIL.Zapchast.ogvg
22.11.2014 17.58.39;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\D98226275DDCBAC5F1B5C1A241FD0DBD//data0001.res;C:\Users\MrChenWei\Desktop\新建文件夹\D98226275DDCBAC5F1B5C1A241FD0DBD//data0001.res;Backdoor.MSIL.Agent.jdt
22.11.2014 17.58.39;检测到对象（文件）;C:\Users\MrChenWei\Desktop\新建文件夹\D33891A6181895E209FE204BE4402C7E;C:\Users\MrChenWei\Desktop\新建文件夹\D33891A6181895E209FE204BE4402C7E;Trojan-Dropper.Win32.Agent.ocyf
22.11.2014 17.58.36;自定义扫描;任务已启动;11/22/2014 17:58:36
[/mw_shl_code]

显示全部楼层 · 发表于 2014-11-22 18:00:23

蓝天二号发表于 2014-11-22 17:59
KIS

32个怎么能扫出34个。。

显示全部楼层 · 发表于 2014-11-22 18:03:27

诸葛亮发表于 2014-11-22 18:00
32个怎么能扫出34个。。

重复感染。。

显示全部楼层 · 发表于 2014-11-22 18:06:53

VSE MISS 3X

显示全部楼层 · 发表于 2014-11-22 18:14:34

在那边写了成绩了，就不重复了。

显示全部楼层 · 发表于 2014-11-22 18:21:14

本帖最后由胖福于 2014-11-22 18:46 编辑

诺顿22版关闭启发扫描剩余27：

双击SONAR杀了15个，还有三个样本只杀了衍生物。

显示全部楼层 · 发表于 2014-11-22 18:29:01

胖福发表于 2014-11-22 18:21
诺顿22版关闭启发扫描剩余27：

双击的图呢？

显示全部楼层 · 发表于 2014-11-22 18:32:28

火绒扫描 10个
双击未知防御 KILL 5个

其余靠系统防护的单步拦截弹窗要用户自己判断没啥意义

显示全部楼层 · 发表于 2014-11-22 18:35:54

[病毒样本] Malware Tips 11.21样本

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源