26个

显示全部楼层 · 发表于 2007-7-8 19:06:44

[MD5: 65E43D 30316A 908AAC 41F20F 2156E3 FDE09B C812C4 BC18BE 35461F 65E43D A456AF E50B30 D6FC50 437264 8B38EE 0BE9C2 10BF03 E5F240 601DDB 326DCB DEC73E 3E61C7 8CEC5A C23890 BA3967 D9C772]

全是一个毒网的病毒,毒网的小马先释放后下载弄出26个毒出来,有些比较老了,还有好几个vip.exe的变种..

显示全部楼层 · 发表于 2007-7-8 19:10:42

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本.part1.rar'
C:\Documents and Settings\Administrator\桌面\样本.part1.rar
  [0] Archive type: RAR
  --> 0.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.WH.2
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.AF.2
  --> 2.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.AF.2
  --> 777.exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.ahj.526 Backdoor server programs
  --> m6564j.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> m45343y.exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
  --> mapi4.exe
   [DETECTION] Is the Trojan horse TR/Agent.AANT
  --> pv0009.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Obfuscated.BZ
  --> q865765j.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> update.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Delf.bko.4
  --> vip2.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '46bf2d4c.qua'!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本.part2.rar'
C:\Documents and Settings\Administrator\桌面\样本.part2.rar
  [0] Archive type: RAR
  --> vip5.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> vip.exe
   [DETECTION] Is the Trojan horse TR/PSW.QQPass.27311
  --> wd.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> wg.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> zt615.exe
   [DETECTION] Is the Trojan horse TR/Agent.34708.B
   [INFO]    The file was moved to '46bf2d50.qua'!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本.part3.rar'
Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本.part4.rar'

End of the scan: 2007年7月8日  19:10
Used time: 00:13 min

The scan has been done completely.

   0 Scanning directories
   28 Files were scanned
   16 viruses and/or unwanted programs were found
   2 classified as suspicious:
   0 files were deleted
   0 files were repaired
   2 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   10 Files not concerned
   4 Archives were scanned
   0 Warnings
   2 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-7-8 19:13:41

c:\ABC\样本\0.exe - Signature 'Trojan-PWS.Win32.Delf.mc' found
c:\ABC\样本\1.exe - Signature 'Worm.Win32.Viking.lj' found
c:\ABC\样本\2.exe - Signature 'Worm.Win32.Viking.lj' found
c:\ABC\样本\777.exe - Signature 'Trojan-PWS.Win32.Agent.BU' found
c:\ABC\样本\antiScanner.dll
c:\ABC\样本\game.dll - Suspect code-parts found (Level: 45)
c:\ABC\样本\jh.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
c:\ABC\样本\m45343y.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
c:\ABC\样本\m6564j.exe - Signature 'Trojan-PWS.Win32.Nilage.bjp' found
c:\ABC\样本\mapi4.exe - Signature 'Backdoor.Win32.Rbot.bpb' found
c:\ABC\样本\my999.exe - Signature 'Trojan-PWS.Win32.Agent.BU' found
c:\ABC\样本\pv0009.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
c:\ABC\样本\q4534x.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
c:\ABC\样本\q865765j.exe - Signature 'Trojan-PWS.OnlineGames.AUP' found
c:\ABC\样本\update.exe - Signature 'Trojan-PWS.Win32.QQPass.pb' found
c:\ABC\样本\vip.exe - Signature 'Trojan.Delf.NEB' found
c:\ABC\样本\vip2.exe - Signature 'Backdoor.Win32.PcClient.GV' found
c:\ABC\样本\vip3.exe - Signature 'Backdoor.Win32.Agent.ahj' found
c:\ABC\样本\vip4.exe - Signature 'Trojan-PWS.Win32.Agent.BU' found
c:\ABC\样本\vip5.exe
c:\ABC\样本\w645j.exe - Signature 'Backdoor.Win32.Agent.ahj' found
c:\ABC\样本\wd.exe - Signature 'Trojan-PWS.Win32.Nilage.bjp' found
c:\ABC\样本\wg.exe - Signature 'Trojan-PWS.Win32.QQPass.pb' found
c:\ABC\样本\zt615.exe - Signature 'Trojan-PWS.Win32.Nilage.bbr' found
c:\ABC\样本\安全报警器.exe
c:\ABC\样本\魔兽外挂安装程序.exe

26 Files scanned
(0 Archives with 0 files)
21 Signatures found
1 Suspect code-part found
Used time: 0:00.797

显示全部楼层 · 发表于 2007-7-8 19:14:20

End of the scan: 2007年7月8日  19:14
Used time: 00:06 min

The scan has been done completely.

   1 Scanning directories
   32 Files were scanned
   19 viruses and/or unwanted programs were found
   4 classified as suspicious:
   2 files were deleted
   0 files were repaired
   2 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   9 Files not concerned
   4 Archives were scanned
   0 Warnings
   2 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-7-8 19:14:46

总有人喜欢扫分卷

我7.6的病毒库

Start of the scan: 2007年7月8日  19:16
Starting the file scan:
Begin scan in 'C:\ABC\样本'
C:\ABC\样本\0.exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
   [WARNING] The file was ignored!
C:\ABC\样本\1.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.AF.2
   [WARNING] The file was ignored!
C:\ABC\样本\2.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.AF.2
   [WARNING] The file was ignored!
C:\ABC\样本\777.exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.ahj.526 Backdoor server programs
   [WARNING] The file was ignored!
C:\ABC\样本\m45343y.exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
   [WARNING] The file was ignored!
C:\ABC\样本\m6564j.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
   [WARNING] The file was ignored!
C:\ABC\样本\mapi4.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
C:\ABC\样本\pv0009.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Obfuscated.BZ
   [WARNING] The file was ignored!
C:\ABC\样本\q4534x.exe
   [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
   [WARNING] The file was ignored!
C:\ABC\样本\q865765j.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
   [WARNING] The file was ignored!
C:\ABC\样本\update.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Delf.bko.4
   [WARNING] The file was ignored!
C:\ABC\样本\vip.exe
   [DETECTION] Is the Trojan horse TR/PSW.QQPass.27311
   [WARNING] The file was ignored!
C:\ABC\样本\vip2.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
C:\ABC\样本\vip3.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
C:\ABC\样本\vip4.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
C:\ABC\样本\vip5.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
C:\ABC\样本\w645j.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
C:\ABC\样本\wd.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
   [WARNING] The file was ignored!
C:\ABC\样本\wg.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [WARNING] The file was ignored!
C:\ABC\样本\zt615.exe
   [DETECTION] Is the Trojan horse TR/Agent.34708.B
   [WARNING] The file was ignored!

End of the scan: 2007年7月8日  19:16
Used time: 00:10 min
The scan has been done completely.
   1 Scanning directories
   26 Files were scanned
   20 viruses and/or unwanted programs were found
   6 classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   0 Archives were scanned
   20 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-7-8 19:15:41

Scan performed at: 2007-7-8 19:15:11
Scanning Log
NOD32 version 2384 (20070708) NT
Command line: C:\Documents and Settings\EQ2\桌面\样本
Operating memory - is OK

Date: 8.7.2007 Time: 19:15:18
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\样本\
C:\Documents and Settings\EQ2\桌面\样本\0.exe - probably a variant of Win32/PSW.Delf.NHI trojan
C:\Documents and Settings\EQ2\桌面\样本\1.exe - Win32/Viking.LU virus - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\样本\2.exe - Win32/Viking.LU virus - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\样本\777.exe - a variant of Win32/Agent.NEO trojan
C:\Documents and Settings\EQ2\桌面\样本\jh.exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\样本\m45343y.exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\样本\m6564j.exe - probably a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\样本\mapi4.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\样本\my999.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本\q865765j.exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\样本\update.exe - a variant of Win32/TrojanDownloader.Delf.BHO trojan
C:\Documents and Settings\EQ2\桌面\样本\vip.exe - a variant of Win32/PSW.Delf.NHI trojan
C:\Documents and Settings\EQ2\桌面\样本\vip2.exe - a variant of Win32/TrojanDownloader.Delf.NMF trojan
C:\Documents and Settings\EQ2\桌面\样本\vip3.exe - a variant of Win32/TrojanDownloader.Delf.NSA trojan
C:\Documents and Settings\EQ2\桌面\样本\vip4.exe - probably a variant of Win32/Agent.NEO trojan
C:\Documents and Settings\EQ2\桌面\样本\vip5.exe - a variant of Win32/Butileg virus
C:\Documents and Settings\EQ2\桌面\样本\wd.exe - a variant of Win32/PSW.Agent.NEW trojan
C:\Documents and Settings\EQ2\桌面\样本\wg.exe - a variant of Win32/TrojanDownloader.Delf.BHO trojan
C:\Documents and Settings\EQ2\桌面\样本\zt615.exe - a variant of Win32/PSW.Agent.NDP trojan
Number of scanned files: 26
Number of threats found: 19
Number of files cleaned: 19
Time of completion: 19:15:24 Total scanning time: 6 sec (00:00:06)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-7-8 19:16:05

已删除: 木马程序 Trojan-PSW.Win32.Delf.wh 文件: C:\Documents and Settings\Administrator\桌面\样本\0.exe//PE_Patch.UPX//UPX
已删除: 病毒 Worm.Win32.Viking.lu 文件: C:\Documents and Settings\Administrator\桌面\样本\1.exe
已删除: 病毒 Worm.Win32.Viking.lu 文件: C:\Documents and Settings\Administrator\桌面\样本\2.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qw 文件: C:\Documents and Settings\Administrator\桌面\样本\777.exe
已删除: 木马程序 Trojan-Proxy.Win32.Small.du 文件: C:\Documents and Settings\Administrator\桌面\样本\jh.exe
已删除: 木马程序 Trojan-PSW.Win32.Nilage.bjp 文件: C:\Documents and Settings\Administrator\桌面\样本\m6564j.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-Proxy.Win32.Small.du 文件: C:\Documents and Settings\Administrator\桌面\样本\m45343y.exe
已删除: 木马程序 Trojan-Downloader.Win32.Obfuscated.bz 文件: C:\Documents and Settings\Administrator\桌面\样本\pv0009.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.aay 文件: C:\Documents and Settings\Administrator\桌面\样本\q4534x.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.Nilage.bjp 文件: C:\Documents and Settings\Administrator\桌面\样本\q865765j.exe//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan-Downloader.Win32.Delf.bko 文件: C:\Documents and Settings\Administrator\桌面\样本\update.exe
已删除: 木马程序 Trojan-PSW.Win32.Delf.qc 文件: C:\Documents and Settings\Administrator\桌面\样本\vip.exe//UPX
已删除: 病毒 Trojan.Generic (变种) 文件: C:\Documents and Settings\Administrator\桌面\样本\vip2.exe//NSPack//PEPatch
已删除: 木马程序 Backdoor.Win32.Agent.ahj 文件: C:\Documents and Settings\Administrator\桌面\样本\vip4.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.sl 文件: C:\Documents and Settings\Administrator\桌面\样本\wd.exe//PE_Patch//UPack
已删除: 病毒 Trojan.Generic (变种) 文件: C:\Documents and Settings\Administrator\桌面\样本\wg.exe//PE_Patch.UPX
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.xz 文件: C:\Documents and Settings\Administrator\桌面\样本\zt615.exe

显示全部楼层 · 发表于 2007-7-8 19:17:23

光靠特征码
没有启发
果然杀dll是不行的
Scanning Log
NOD32 version 2384 (20070708) NT
Command line: C:\Documents and Settings\Administrator\ ?
?桌面\新建文件夹
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not performed (option disabled)
Error occurred while scanning MBR sector of the 2.  ?
?physical disk. Error reading sector.
Error occurred while scanning MBR sector of the 3.  ?
?physical disk. Error reading sector.
Date: 8.7.2007  Time: 19:15:29
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and  ?
?Settings\Administrator\桌面\新建文件夹\
C:\Documents and Settings\Administrator\桌面\新建文件夹\0. ?
?exe - probably a variant of Win32/PSW.Delf.NHI trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\1. ?
?exe - Win32/Viking.LU virus
C:\Documents and Settings\Administrator\桌面\新建文件夹\2. ?
?exe - Win32/Viking.LU virus
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?777.exe - a variant of Win32/Agent.NEO trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?jh.exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?m45343y.exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?m6564j.exe - probably a variant of Win32/PSW. ?
?OnLineGames.RC trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?mapi4.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?my999.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?q865765j.exe - a variant of Win32/PSW.OnLineGames.RC  ?
?trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?update.exe - a variant of Win32/TrojanDownloader.Delf. ?
?BHO trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?vip.exe - a variant of Win32/PSW.Delf.NHI trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?vip2.exe - a variant of Win32/TrojanDownloader.Delf.NMF  ?
?trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?vip3.exe - a variant of Win32/TrojanDownloader.Delf.NSA  ?
?trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?vip4.exe - probably a variant of Win32/Agent.NEO trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?vip5.exe - a variant of Win32/Butileg virus
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?wd.exe - a variant of Win32/PSW.Agent.NEW trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?wg.exe - a variant of Win32/TrojanDownloader.Delf.BHO  ?
?trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?zt615.exe - a variant of Win32/PSW.Agent.NDP trojan
Number of scanned files: 26
Number of threats found: 19
Time of completion: 19:15:35 Total scanning time: 6 sec  ?
?(00:00:06)
Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-7-8 19:19:46

微点全拦截,AVG漏杀7个!

显示全部楼层 · 发表于 2007-7-8 19:21:09

原帖由 风野胤 于 2007-7-8 19:17 发表
光靠特征码
没有启发
果然杀dll是不行的
Scanning Log
NOD32 version 2384 (20070708) NT
Command line: C:\Documents and Settings\Administrator\ ?
?桌面\新建文件夹
Checking CRC of NOD32.EXE: Sta ...

虚拟机是模拟不出dll行为的

[病毒样本] 26个

本帖子中包含更多资源

nod32表现也不错