收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 凌晨礼包13个
12
返回列表 发新帖
楼主: promised
 收起左侧

[病毒样本] 凌晨礼包13个

[复制链接]
promised
 楼主| 发表于 2007-7-1 11:39:07 | 显示全部楼层
发觉IKARUS也不支持NSIS
C:\ABC\QQ\QQ\1881\QQ\internet.exe - Signature 'Backdoor.Win32.Rysoft.a' found
C:\ABC\QQ\QQ\1881\QQ\OICQ木马注册.exe - Signature 'Trojan-PWS.Win32.Lmir.107.d' found
C:\ABC\QQ\QQ\1881\QQ\start.exe
C:\ABC\QQ\QQ\QQ\ShowQQ\{sys}\102350.exe - Signature 'Trojan-Downloader.Win32.Adload.cz' found
C:\ABC\QQ\QQ\QQ\ShowQQ\{sys}\Kuaiso_06006.exe
C:\ABC\QQ\QQ\QQ\ShowQQ\{sys}\M_ayi.exe - Signature 'Trojan-Downloader.Win32.Zlob.aem' found
C:\ABC\QQ\QQ\QQ\ShowQQ\{sys}\QQUpdate.exe
C:\ABC\QQ\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe
C:\ABC\QQ\QQ\QQ\ShowQQ\{sys}\1283\ehuupdate.exe - Signature 'Trojan.Win32.Agent.ut' found
C:\ABC\QQ\QQ\QQ\ShowQQ\{sys}\1283\xboxcenter.dll - Signature 'Trojan.Win32.Agent.ut' found
C:\ABC\QQ\QQ\QQ\ShowQQ\{sys}\2060\tool.exe - Signature 'AdWare.Win32.Dm.g' found
C:\ABC\QQ\QQ\QQ\ShowQQ\{sys}\Kuaiso_06006\$WINDIR\Downloaded Program Files\cnsinsthlper.dll
C:\ABC\QQ\QQ\QQ\ShowQQ\{sys}\Kuaiso_06006\$WINDIR\Downloaded Program Files\cnsmin.dll - Signature 'AdWare.Win32.Boran.i' found

        13 Files scanned
          (0 Archives with 0 files)
        8 Signatures found
        0 Suspect code-parts found
        Used time: 0:00.750
回复

举报

wangjay1980
发表于 2007-7-1 12:30:08 | 显示全部楼层
cnsinsthlper.dll,
cnsmin.dll,
QQUpdate.exe_,
rjzc139_cns_yassist.exe_,
_start.exe_

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Dmitry Shvetsov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.
回复

举报

scottxzt
发表于 2007-7-1 13:11:19 | 显示全部楼层

DR。WEB 15

QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\102350.exe;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar;Adware.Dmedia;;
Kuaiso_06006.exe\data001;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\Kuaiso_06006.exe;Adware.Softomate;;
QQ\QQ\ShowQQ\{sys}\Kuaiso_06006.exe;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys};Archive contains infected objects;;
M_ayi.exe\data001;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\M_ayi.exe;Trojan.DownLoader.10682;;
QQ\QQ\ShowQQ\{sys}\M_ayi.exe;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys};Archive contains infected objects;;
data001\ylive.exe;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe\data001;Adware.Yassist;;
data001\yhelper.dll;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe\data001;Adware.Yassist;;
data001\Assist\yasbar.dll;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe\data001;Adware.Yassist;;
data001;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe;Archive contains infected objects;;
rjzc139_cns_yassist.exe\data002;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe;Adware.Cdn;;
rjzc139_cns_yassist.exe\data003;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe;Adware.Cdn;;
rjzc139_cns_yassist.exe\data004;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe;Adware.Cdn;;
QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys};Archive contains infected objects;;
QQ[1].part1.rar\QQ\QQ\ShowQQ\{sys}\QQUpdate.exe;D:\Documents and Settings\dell\桌面\QQ[1].part1.rar;Trojan.DownLoader.11008;;
QQ[1].part1.rar;D:\Documents and Settings\dell\桌面;Archive contains infected objects;;
QQ[1].part2.rar\QQ\QQ\ShowQQ\{sys}\1283\ehuupdate.exe;D:\Documents and Settings\dell\桌面\QQ[1].part2.rar;Trojan.Ehu;;
QQ[1].part2.rar\QQ\QQ\ShowQQ\{sys}\2060\tool.exe;D:\Documents and Settings\dell\桌面\QQ[1].part2.rar;Adware.Caishow;;
QQ[1].part2.rar\QQ\QQ\ShowQQ\{sys}\Kuaiso_06006\$WINDIR\Downloaded Program Files\cnsmin.dll;D:\Documents and Settings\dell\桌面\QQ[1].part2.rar;Adware.Cdn;;
QQ[1].part2.rar\QQ\QQ\ShowQQ\{sys}\Kuaiso_06006\$WINDIR\Downloaded Program Files\cnsinsthlper.dll;D:\Documents and Settings\dell\桌面\QQ[1].part2.rar;Adware.Cdn;;
QQ[1].part2.rar\QQ\1881\QQ\OICQ木马注册.exe;D:\Documents and Settings\dell\桌面\QQ[1].part2.rar;BackDoor.Parmor;;
QQ[1].part2.rar;D:\Documents and Settings\dell\桌面;Archive contains infected objects;;
回复

举报

scottxzt
发表于 2007-7-1 13:22:43 | 显示全部楼层

解压后,17个

internet.exe;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\1881\QQ;Trojan.PWS.Rysoft;;
OICQ木马注册.exe;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\1881\QQ;BackDoor.Parmor;;
102350.exe;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys};Adware.Dmedia;;
Kuaiso_06006.exe\data001;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\Kuaiso_06006.exe;Adware.Softomate;;
Kuaiso_06006.exe;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys};Archive contains infected objects;;
M_ayi.exe\data001;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\M_ayi.exe;Trojan.DownLoader.10682;;
M_ayi.exe;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys};Archive contains infected objects;;
QQUpdate.exe;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys};Trojan.DownLoader.11008;;
data001\ylive.exe;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe\data001;Adware.Yassist;;
data001\yhelper.dll;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe\data001;Adware.Yassist;;
data001\Assist\yasbar.dll;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe\data001;Adware.Yassist;;
data001;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe;Archive contains infected objects;;
rjzc139_cns_yassist.exe\data002;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe;Adware.Cdn;;
rjzc139_cns_yassist.exe\data003;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe;Adware.Cdn;;
rjzc139_cns_yassist.exe\data004;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\rjzc139_cns_yassist.exe;Adware.Cdn;;
rjzc139_cns_yassist.exe;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys};Archive contains infected objects;;
ehuupdate.exe;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\1283;Trojan.Ehu;;
xboxcenter.dll;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\1283;Adware.Filmweb;;
tool.exe;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\2060;Adware.Caishow;;
cnsinsthlper.dll;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\Kuaiso_06006\$WINDIR\Downloaded Program Files;Adware.Cdn;;
cnsmin.dll;D:\Documents and Settings\dell\桌面\新建文件夹\QQ\QQ\ShowQQ\{sys}\Kuaiso_06006\$WINDIR\Downloaded Program Files;Adware.Cdn;;
回复

举报

scottxzt
发表于 2007-7-1 13:37:18 | 显示全部楼层
DR。WEB 真是厉害,杀我盘中的WIN优化,EQ的规则文件,360,网上交易软件
回复

举报

蓝色牛仔裤
发表于 2007-7-1 16:16:42 | 显示全部楼层
蜘蛛漏了一个:star.exe
回复

举报

dsl5
发表于 2007-7-1 16:35:29 | 显示全部楼层
微点:


时间        处理结果        木马名称        木马进程名        木马文件创建者
2007-07-01 16:34:18        处理成功        未知间谍软件        C:\PROGRAM FILES\3721\HELPER.DLL        D:\QQ\QQ\SHOWQQ\{SYS}\RJZC139_CNS_YASSIST.EXE
2007-07-01 16:34:12        延时删除        未知间谍软件        C:\PROGRAM FILES\3721\CNSM.DLL        D:\QQ\QQ\SHOWQQ\{SYS}\RJZC139_CNS_YASSIST.EXE
2007-07-01 16:34:00        延时删除        未知木马        C:\PROGRAM FILES\3721\CNSM.DLL        D:\QQ\QQ\SHOWQQ\{SYS}\RJZC139_CNS_YASSIST.EXE
2007-07-01 16:32:30        处理成功        Trojan-Downloader.Win32.Delf.ax        D:\QQ\QQ\SHOWQQ\{SYS}\M_AYI.EXE        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-07-01 16:32:27        处理成功        Trojan-Downloader.Win32.Adload.bx        D:\QQ\QQ\SHOWQQ\{SYS}\102350.EXE        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-07-01 16:32:06        处理成功        Trojan-Downloader.Win32.Adload.bx        D:\QQ\QQ\SHOWQQ\{SYS}\102350.EXE        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-07-01 16:31:39        处理成功        Backdoor.Win32.Rysoft.b        D:\QQ\1881\QQ\INTERNET.EXE        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-07-01 16:31:37        处理成功        Trojan-Downloader.Win32.Agent.acb        D:\QQ\QQ\SHOWQQ\{SYS}\2060\TOOL.EXE        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-07-01 16:31:35        处理成功        Trojan.Win32.Agent.vp        D:\QQ\QQ\SHOWQQ\{SYS}\1283\XBOXCENTER.DLL        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-07-01 16:31:33        处理成功        Trojan-Downloader.Win32.Delf.ax        D:\QQ\QQ\SHOWQQ\{SYS}\M_AYI.EXE        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-07-01 16:31:30        处理成功        Trojan-Downloader.Win32.Adload.bx        D:\QQ\QQ\SHOWQQ\{SYS}\102350.EXE        C:\PROGRAM FILES\WINRAR\WINRAR.EXE



我还有几个没手动运行
回复

举报

dsl5
发表于 2007-7-1 16:42:49 | 显示全部楼层
补充一下,好象没杀3721和雅虎,不过微点不杀流氓的
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-10 22:11 , Processed in 0.083285 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表