4005+lly66+lqbzse+service+syseter+small696(exe)【第275次更新】

显示全部楼层 · 发表于 2009-3-29 10:52:01

本帖最后由 Sherry.ai 于 2010-4-9 19:30 编辑

From:Zhongsou

Without hash

274：http://www.brsbox.com/filebox/down/fc/d3c871f7511dd99f42174adbea86f363

显示全部楼层 · 发表于 2009-3-29 10:54:48

Starting the file scan:

Begin scan in 'D:\new\4005.exe'
D:\new\4005.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
Begin scan in 'D:\new\llly66.exe'
D:\new\llly66.exe
  [0] Archive type: NSIS
[DETECTION] Contains recognition pattern of the DR/Spy.Agent.ahoi dropper
--> [UnknownDir]/install.exe
   [DETECTION] Is the TR/Agent.FWQ Trojan
--> [UnknownDir]/nlpsa.txt
   [DETECTION] Is the TR/Downloader.Gen Trojan
--> [UnknownDir]/setup.exe
   [DETECTION] Is the TR/Agent.fwq.1 Trojan
--> [UnknownDir]/sysmain.dat
   [DETECTION] Is the TR/Kaba.73278 Trojan
--> [UnknownDir]/sysvc.dat
   [DETECTION] Is the TR/Spy.Agent.abzr Trojan
Begin scan in 'D:\new\lqbz81.exe'
Begin scan in 'D:\new\service.exe'
D:\new\service.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
Begin scan in 'D:\new\setup_1027272.exe'
D:\new\setup_1027272.exe
--> Object
   [1] Archive type: OVL
   --> Object
      [DETECTION] Is the TR/Agent.pxw Trojan
Begin scan in 'D:\new\small66.exe'
D:\new\small66.exe
--> Object
   [DETECTION] Contains recognition pattern of the ADSPY/Agent.XA adware or spyware

Beginning disinfection:
D:\new\4005.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE]    The file was moved to '49fee396.qua'!
D:\new\llly66.exe
[DETECTION] Contains recognition pattern of the DR/Spy.Agent.ahoi dropper
[NOTE]    The file was moved to '4a3ae3d2.qua'!
D:\new\service.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was moved to '4a40e3cb.qua'!
D:\new\setup_1027272.exe
[NOTE]    The file was moved to '4a42e3cb.qua'!
D:\new\small66.exe
[NOTE]    The file was moved to '4a2fe3d3.qua'!

End of the scan: 2009年3月29日  10:56
Used time: 00:00 Minute(s)

The scan has been done completely.

   0 Scanned directories
   13 Files were scanned
   10 Viruses and/or unwanted programs were found
   0 Files were classified as suspicious
   0 files were deleted
   0 Viruses and unwanted programs were repaired
   5 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   1 Archives were scanned
   0 Warnings
   5 Notes

显示全部楼层 · 发表于 2009-3-29 11:01:41

上报4个到山山

显示全部楼层 · 发表于 2009-3-29 11:05:38

avast！ missed one ，to lab

显示全部楼层 · 发表于 2009-3-29 11:12:18

C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > service.exe - Win32/TrojanDownloader.Delf.OQP 特洛伊木马 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > setup_1027272.exe - Win32/Agent.OCX 特洛伊木马的变种 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > small66.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > 4005.exe - Win32/Delf.NHZ 特洛伊木马的变种 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > llly66.exe > NSIS > install.exe - Win32/Adware.NewWeb 应用程序 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > llly66.exe > NSIS > nlpsa.txt - Win32/Adware.NewWeb 应用程序 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > llly66.exe > NSIS > setup.exe - Win32/Adware.NewWeb 应用程序 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > llly66.exe > NSIS > sysmain.dat - Win32/Adware.NewWeb 应用程序 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > llly66.exe > NSIS > sysvc.dat - Win32/Adware.Agent.NLG 应用程序的变种 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > lqbz81.exe - Win32/Agent.PAL 特洛伊木马 - 是已删除对象的一部分

显示全部楼层 · 发表于 2009-3-29 12:19:53

When accessing data from the URL, "http://bbs.kafan.cn/attachment.php?aid=498562&k=a5d7d11c54ee0a63796a19568efe8acf&t=1238300321"
a virus or unwanted program 'TR/ATRAPS.Gen' [trojan] was found.
Action taken: Blocked file

显示全部楼层 · 发表于 2009-3-29 12:21:06

原帖由 Palkia 于 2009-3-29 11:01 发表
上报4个到山山

上报4个到星星

显示全部楼层 · 发表于 2009-3-29 12:23:22

DR.WEB
4005.exe - infected with Trojan.DownLoader.origin
small66.exe - probably infected with MULDROP.Trojan
TO MISS

显示全部楼层 · 发表于 2009-3-29 13:21:17

卡巴
已删除：木马程序 Backdoor.Win32.Hupigon.gjoy 文件: D:\1.rar/service.exe//Petite
已删除：木马程序 Rootkit.Win32.Agent.ijd 文件: D:\1.rar/setup_1027272.exe
已删除：木马程序 Trojan-Spy.Win32.Agent.ahoi 文件: D:\1.rar/llly66.exe//data0008

显示全部楼层 · 发表于 2009-3-29 13:24:54

微点
时间处理结果木马名称木马进程名木马文件创建者
--------------- 处理成功 Trojan-Spy.Win32.Agent.wzf D:\1\LLLY66.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
--------------- 处理成功 Trojan.Win32.Delf.hiu D:\1\4005.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
--------------- 处理成功 Backdoor.Win32.Hupigon.lwn D:\1\SERVICE.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE

[病毒样本] 4005+lly66+lqbzse+service+syseter+small696(exe)【第275次更新】

本帖子中包含更多资源

评分