样本提取

显示全部楼层 · 发表于 2007-6-24 19:09:41

也许有重复的
样本来源：http://bbs.kafan.cn/viewthread.php?tid=100514&extra=page%3D1

第三个链接

显示全部楼层 · 发表于 2007-6-24 19:13:02

Scan performed at: 2007-6-24 19:17:43
Scanning Log
NOD32 version 2349 (20070623) NT
Command line: C:\Documents and Settings\EQ2\桌面\virus\virus\virus\CelInDriver.sysk C:\Documents and Settings\EQ2\桌面\virus\virus\virus\css[1].js C:\Documents and Settings\EQ2\桌面\virus\virus\virus\hip33221456.exe C:\Documents and Settings\EQ2\桌面\virus\virus\virus\netsrvcs.dll C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys226.exe C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32142.dat C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32142.exe C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32152.dat C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32152.exe C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32162.dat C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32162.exe C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32172.exe C:\Documents and Settings\EQ2\桌面\virus\virus\virus\2[1].exe C:\Documents and Settings\EQ2\桌面\virus\virus\virus\3[1].exe C:\Documents and Settings\EQ2\桌面\virus\virus\virus\12.exe C:\Documents and Settings\EQ2\桌面\virus\virus\vi...
Operating memory - is OK

Date: 24.6.2007 Time: 19:17:48
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\virus\virus\virus\CelInDriver.sysk; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\css[1].js; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\hip33221456.exe; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\netsrvcs.dll; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys226.exe; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32142.dat; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32142.exe; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32152.dat; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32152.exe; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32162.dat; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32162.exe; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32172.exe; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\2[1].exe; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\3[1].exe; C:\Documents and Settings\EQ2\桌面\virus\virus\virus\12.exe; C:\Documents and Settings\
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\netsrvcs.dll - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys226.exe - probably a variant of Win32/TrojanDownloader.Delf.NJH trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32142.dat - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32142.exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32152.dat - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32152.exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32162.dat - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32162.exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\sys32172.exe - Win32/PSW.OnLineGames.YA trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\2[1].exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\3[1].exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\12.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\15.exe - a variant of Win32/PSW.Legendmir.NEP trojan
C:\Documents and Settings\EQ2\桌面\virus\virus\virus\a[1].exe - probably a variant of Win32/TrojanDownloader.Delf.NJH trojan
Number of scanned files: 17
Number of threats found: 14
Number of files cleaned: 14
Time of completion: 19:17:50 Total scanning time: 2 sec (00:00:02)

显示全部楼层 · 发表于 2007-6-24 19:15:06

以 AntiVirusKit 掃瞄病毒
版本 17.0.6353
病毒特徵碼 6/24/2007
開始時間: 6/24/2007 19:18
引擎: 引擎 A (AVK 17.5615), 引擎 B (AVKB 17.272)
啟發式: 開啟
壓縮檔: 開啟
系統區域: 開啟

掃瞄系統區域...
掃瞄所選的目錄及檔案...
物件: a[1].exe
壓縮檔中: E:\病毒库\virus\virus\078RANO1.rar
狀態: 偵測到病毒
病毒: Trojan-Downloader.Win32.Agent.bkm (引擎 A)
物件: 2[1].exe
壓縮檔中: E:\病毒库\virus\virus\078RANO1.rar
狀態: 偵測到病毒
病毒: Trojan-Proxy.Win32.Small.du (引擎 A)
物件: 078RANO1.rar
路徑: E:\病毒库\virus\virus
狀態: 偵測到病毒
病毒: Trojan-Downloader.Win32.Agent.bkm, Trojan-Proxy.Win32.Small.du (引擎 A)
物件: 3[1].exe
壓縮檔中: E:\病毒库\virus\virus\4X6VKLIN.rar
狀態: 偵測到病毒
病毒: Trojan-Proxy.Win32.Small.du (引擎 A)
物件: 4X6VKLIN.rar
路徑: E:\病毒库\virus\virus
狀態: 偵測到病毒
病毒: Trojan-Proxy.Win32.Small.du (引擎 A)
物件: sys32162.exe
壓縮檔中: E:\病毒库\virus\virus\HarddiskVolume1.rar
狀態: 偵測到病毒
病毒: Trojan-Proxy.Win32.Small.du (引擎 A)
物件: sys32142.exe
壓縮檔中: E:\病毒库\virus\virus\HarddiskVolume1.rar
狀態: 偵測到病毒
病毒: Trojan-Proxy.Win32.Small.du (引擎 A)
物件: sys32152.exe
壓縮檔中: E:\病毒库\virus\virus\HarddiskVolume1.rar
狀態: 偵測到病毒
病毒: Trojan-Proxy.Win32.Small.du (引擎 A)
物件: sys32142.dat
壓縮檔中: E:\病毒库\virus\virus\HarddiskVolume1.rar
狀態: 偵測到病毒
病毒: Trojan-Proxy.Win32.Small.du (引擎 A)
物件: HarddiskVolume1.rar
路徑: E:\病毒库\virus\virus
狀態: 偵測到病毒
病毒: Trojan-Proxy.Win32.Small.du (4x) (引擎 A)
物件: hip33221456.exe\[NsPack]
壓縮檔中: E:\病毒库\virus\virus\hip33221456.rar
狀態: 偵測到病毒
病毒: Win32:Flyst [Trj] (引擎 B)
物件: hip33221456.rar
路徑: E:\病毒库\virus\virus
狀態: 偵測到病毒
病毒: Win32:Flyst [Trj] (引擎 B)
物件: netsrvcs.dll\[PECompact]
壓縮檔中: E:\病毒库\virus\virus\netsrvcs.rar
狀態: 偵測到病毒
病毒: Win32:Agent-HJW [Trj] (引擎 B)
物件: netsrvcs.rar
路徑: E:\病毒库\virus\virus
狀態: 偵測到病毒
病毒: Win32:Agent-HJW [Trj] (引擎 B)
物件: sys226.exe
壓縮檔中: E:\病毒库\virus\virus\sys226.rar
狀態: 偵測到病毒
病毒: Trojan-Downloader.Win32.Agent.bkm (引擎 A)
物件: sys226.rar
路徑: E:\病毒库\virus\virus
狀態: 偵測到病毒
病毒: Trojan-Downloader.Win32.Agent.bkm (引擎 A)
物件: 12.exe
壓縮檔中: E:\病毒库\virus\virus\virus.rar
狀態: 偵測到病毒
病毒: Trojan-PSW.Win32.OnLineGames.es (引擎 A)
物件: virus.rar
路徑: E:\病毒库\virus\virus
狀態: 偵測到病毒
病毒: Trojan-PSW.Win32.OnLineGames.es (引擎 A)
分析完成: 6/24/2007 19:18
已掃瞄 7 檔案
偵測到 7 已感染的檔案
偵測到 0 可疑的檔案

显示全部楼层 · 发表于 2007-6-24 19:20:27

你不会吧？样本区的斑竹都说了这个是广告帖的了，你还提取病毒出来，肯定不是这个网站里提取出来的。

显示全部楼层 · 发表于 2007-6-24 19:24:32

2007/6/24 19:16:12 Scanning Log
2007/6/24 19:16:12 Version of virus signature database: 2349 (20070623)
2007/6/24 19:16:12 Date: 24.6.2007 Time: 19:16:12
2007/6/24 19:16:12 Scanned disks, folders and files: D:\virus\
2007/6/24 19:16:13 D:\virus\virus\078RANO1.rar - multiple threats - deleted - quarantined
2007/6/24 19:16:13 D:\virus\virus\078RANO1.rar » RAR » a[1].exe - probably a variant of Win32/TrojanDownloader.Delf.NJH trojan
2007/6/24 19:16:13 D:\virus\virus\078RANO1.rar » RAR » 2[1].exe - a variant of Win32/Agent.NIK trojan
2007/6/24 19:16:14 D:\virus\virus\4X6VKLIN.rar - a variant of Win32/Agent.NIK trojan - deleted - quarantined
2007/6/24 19:16:14 D:\virus\virus\4X6VKLIN.rar » RAR » 3[1].exe - a variant of Win32/Agent.NIK trojan
2007/6/24 19:16:15 D:\virus\virus\HarddiskVolume1.rar - multiple threats - deleted - quarantined
2007/6/24 19:16:15 D:\virus\virus\HarddiskVolume1.rar » RAR » sys32162.exe - a variant of Win32/Agent.NIK trojan
2007/6/24 19:16:15 D:\virus\virus\HarddiskVolume1.rar » RAR » sys32142.exe - a variant of Win32/Agent.NIK trojan
2007/6/24 19:16:15 D:\virus\virus\HarddiskVolume1.rar » RAR » sys32152.dat - a variant of Win32/Agent.NIK trojan
2007/6/24 19:16:15 D:\virus\virus\HarddiskVolume1.rar » RAR » sys32152.exe - a variant of Win32/Agent.NIK trojan
2007/6/24 19:16:15 D:\virus\virus\HarddiskVolume1.rar » RAR » sys32142.dat - a variant of Win32/Agent.NIK trojan
2007/6/24 19:16:15 D:\virus\virus\HarddiskVolume1.rar » RAR » sys32162.dat - a variant of Win32/Agent.NIK trojan
2007/6/24 19:16:15 D:\virus\virus\HarddiskVolume1.rar » RAR » sys32172.exe - Win32/PSW.OnLineGames.YA trojan
2007/6/24 19:16:16 D:\virus\virus\netsrvcs.rar - a variant of Win32/Agent.NIK trojan - deleted - quarantined
2007/6/24 19:16:16 D:\virus\virus\netsrvcs.rar » RAR » netsrvcs.dll - a variant of Win32/Agent.NIK trojan
2007/6/24 19:16:17 D:\virus\virus\sys226.rar - probably a variant of Win32/TrojanDownloader.Delf.NJH trojan - deleted - quarantined
2007/6/24 19:16:17 D:\virus\virus\sys226.rar » RAR » sys226.exe - probably a variant of Win32/TrojanDownloader.Delf.NJH trojan
2007/6/24 19:16:17 D:\virus\virus\virus.rar - multiple threats - deleted - quarantined
2007/6/24 19:16:17 D:\virus\virus\virus.rar » RAR » 15.exe - a variant of Win32/PSW.Legendmir.NEP trojan
2007/6/24 19:16:17 D:\virus\virus\virus.rar » RAR » 12.exe - a variant of Win32/PSW.OnLineGames.YA trojan
2007/6/24 19:16:17 Number of scanned files: 23
2007/6/24 19:16:17 Number of threats found: 14
2007/6/24 19:16:17 Time of completion: 19:16:17 Total scanning time: 5 sec (00:00:05)

显示全部楼层 · 发表于 2007-6-24 19:25:49

原帖由 ghsy_2007 于 2007-6-24 19:20 发表
你不会吧？样本区的斑竹都说了这个是广告帖的了，你还提取病毒出来，肯定不是这个网站里提取出来的。

没有实践就没有发言权
你裸机去试试

显示全部楼层 · 发表于 2007-6-24 19:30:16

原帖由 sdbsky 于 2007-6-24 19:25 发表

没有实践就没有发言权
你裸机去试试

他说的是反话

毒网就是他发的，正郁闷着呢

g:\virus\temp\virus\12.exe
g:\virus\temp\virus\15_exe
g:\virus\temp\virus\2[1].exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
g:\virus\temp\virus\3[1].exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
g:\virus\temp\virus\a[1].exe - Signature 'BehavesLikeWin32.ExplorerHijack' found
g:\virus\temp\virus\CelInDriver.sysk
g:\virus\temp\virus\css[1].js
g:\virus\temp\virus\hip33221456.exe - Signature 'Trojan.Win32.Agent.ala' found
g:\virus\temp\virus\netsrvcs.dll
g:\virus\temp\virus\sys226.exe - Signature 'BehavesLikeWin32.ExplorerHijack' found
g:\virus\temp\virus\sys32142.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
g:\virus\temp\virus\sys32152.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
g:\virus\temp\virus\sys32162.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
g:\virus\temp\virus\sys32172.exe - Signature 'MalwareScope.Trojan-PWS.Game.3' found
14 Files scanned
(0 Archives with 0 files)
9 Signatures found
0 Suspect code-parts found
Used time: 0:01.735

显示全部楼层 · 发表于 2007-6-24 19:31:59

有BUG

C:/ABC/\virus\virus\virus\12.exe
C:/ABC/\virus\virus\virus\15.exe
C:/ABC/\virus\virus\virus\2[1].exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:/ABC/\virus\virus\virus\3[1].exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:/ABC/\virus\virus\virus\a[1].exe - Signature 'BehavesLikeWin32.ExplorerHijack' found
C:/ABC/\virus\virus\virus\CelInDriver.sysk
C:/ABC/\virus\virus\virus\css[1].js
C:/ABC/\virus\virus\virus\hip33221456.exe - Signature 'Trojan.Win32.Agent.ala' found
C:/ABC/\virus\virus\virus\netsrvcs.dll
C:/ABC/\virus\virus\virus\sys226.exe - Signature 'BehavesLikeWin32.ExplorerHijack' found
C:/ABC/\virus\virus\virus\sys32142.dat - Suspect code-parts found (Level: 85)
C:/ABC/\virus\virus\virus\sys32142.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:/ABC/\virus\virus\virus\sys32152.dat - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:/ABC/\virus\virus\virus\sys32152.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:/ABC/\virus\virus\virus\sys32162.dat
C:/ABC/\virus\virus\virus\sys32162.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:/ABC/\virus\virus\virus\sys32172.exe - Signature 'MalwareScope.Trojan-PWS.Game.3' found

      17 Files scanned
      (0 Archives with 0 files)
      10 Signatures found
      1 Suspect code-part found
      Used time: 0:02.375

显示全部楼层 · 发表于 2007-6-24 19:32:25

有些时候话说的不能太直接。。。。太直接就没意思了

显示全部楼层 · 发表于 2007-6-24 19:34:01

弄错了，我把dat删了再扫得

的确是10个

[病毒样本] 样本提取

本帖子中包含更多资源

回复 #7 allenhippo 的帖子

回复 #8 promised 的帖子

浏览过的版块