hxxp://www.642g.com:88/ok.htm

显示全部楼层 · 发表于 2011-6-6 12:31:46

本帖最后由 a256886572008 于 2011-6-6 12:32 编辑

Log generated by anonymous use mdecoder 0.67
[root]http://www.642g.com:88/ok.htm(Exploit.Ie0dayCVE0806.a)
[virus]http://www.642g.com:88/mh.exe

-------------------------------------------------

CAV 杀

2011-06-06 11:56:09 C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\T32XBLMB\ok[1].htm UnclassifiedMalware@199498790

2011-06-06 11:57:14 C:\Documents and Settings\Roger\桌面\VIRUS\mh\mh.exe
Heur.Suspicious@198129220

-------------------------------------------------

mh.exe 提出真毒，有两个。

ABCEFH.exe

CAV 杀

2011-06-06 12:12:09 C:\DOCUME~1\Roger\LOCALS~1\Temp\ABCEFH.exe
Backdoor.Win32.Popwin.~IQ@41098448

---------------------------------------------

CIMA 没反应

--------------------------------

2011-06-06 12:15:33 C:\Documents and Settings\Roger\桌面\VIRUS\mh\ABCEFH.exe Sandboxed As Partially Limited

2011-06-06 12:15:37 C:\Documents and Settings\Roger\桌面\VIRUS\mh\ABCEFH.exe Modify Key HKUS\S-1-5-21-1214440339-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable

2011-06-06 12:15:38 C:\Documents and Settings\Roger\桌面\VIRUS\mh\ABCEFH.exe Access COM Interface, Suspicious {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

2011-06-06 12:15:48 C:\Documents and Settings\Roger\桌面\VIRUS\mh\ABCEFH.exe Scanned Online and Found Malicious

ABCEFHGG.exe

CAV 杀

2011-06-06 12:13:05 C:\Documents and Settings\Roger\Local Settings\Temp\ABCEFHGG.exe Packed.Win32.MUPX.Gen@129019204

----------------------------------
http://camas.comodo.com/cgi-bin/submit?file=5823364c330477d8a98834ae5e926e968c19ac856a44a2eeeb70faa15ef9be9e

Auto Analysis Verdict
Suspicious++

Suspicious Actions Detected
Creates files in windows system directory
Deletes self
Injects code into other processes
Patches system files

-------------------------------------

2011-06-06 12:21:33 C:\Documents and Settings\Roger\桌面\VIRUS\mh\ABCEFHGG.exe Sandboxed As Partially Limited

2011-06-06 12:21:36 C:\Documents and Settings\Roger\桌面\VIRUS\mh\ABCEFHGG.exe Modify File C:\WINDOWS\fonts\dbr06044.ttf

2011-06-06 12:21:36 C:\Documents and Settings\Roger\桌面\VIRUS\mh\ABCEFHGG.exe Access Memory C:\WINDOWS\explorer.exe

2011-06-06 12:21:37 C:\Documents and Settings\Roger\桌面\VIRUS\mh\ABCEFHGG.exe Scanned Online and Found Malicious

显示全部楼层 · 发表于 2011-6-6 12:34:12

金山全灭3个

显示全部楼层 · 发表于 2011-6-6 12:38:15

Avast

显示全部楼层 · 发表于 2011-6-6 12:48:11

小A拦截了

显示全部楼层 · 发表于 2011-6-6 13:02:30

eset kill 2
C:\Users\微亿毫\Desktop\mh.rar » RAR » mh.exe - Win32/TrojanDropper.Agent.OYF trojan
C:\Users\微亿毫\Desktop\mh.rar » RAR » ABCEFHGG.exe - a variant of Win32/PSW.OnLineGames.QMI trojan
to eset

显示全部楼层 · 发表于 2011-6-6 13:25:10

熊猫云全灭

显示全部楼层 · 发表于 2011-6-6 13:41:13

本帖最后由 dm34343667 于 2011-6-6 13:43 编辑

EAV

D:\下载\mh.rar > RAR > mh.exe - Win32/TrojanDropper.Agent.OYF 特洛伊木马
D:\下载\mh.rar > RAR > ABCEFHGG.exe - Win32/PSW.OnLineGames.QMI 特洛伊木马的变种

显示全部楼层 · 发表于 2011-6-6 14:38:22

MSE同ESET，灭2

PWS:Win32/OnLineGames.JP file:F:\mh\mh.exe->(VFS:ABCEFHGG.exe#1)->(UPX)->[RSRCEmb]

PWS:Win32/OnLineGames.JT file:F:\mh\ABCEFHGG.exe->(UPX)->(VFS:001A2890mdd.temp#1)
PWS:Win32/OnLineGames.JP file:F:\mh\ABCEFHGG.exe->(UPX)->(VFS:001A2890ime.temp#2)
PWS:Win32/OnLineGames.JU file:F:\mh\ABCEFHGG.exe->(UPX)->(VFS:001A2890eime.temp#3)

显示全部楼层 · 发表于 2011-6-6 15:35:22

AVG和金山卫士都报了

显示全部楼层 · 发表于 2011-6-6 15:38:54

卡巴斯基安全部队
2012
拒绝访问
无法访问该网页

请求对象位于网址：

http://bbs.kafan.cn/forum.php?mod=
attachment&aid=MTI1MDU4N3w0OGE0ZDk0OHwxM
zA3MzQ1ODcyfDQ4NjA0OXwxMDAwNDUy

检测到威胁：

对象已感染病毒Backdoor.Win32.Agent.azrb
发生时间： 15:35:49

[病毒样本] hxxp://www.642g.com:88/ok.htm

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块