123【MD5：dc6cf2】

wangjay1980

东东

FBAV

风暴胜者V2 贺岁精简网络版本
_________您的安全是我们的责任_______________
作者：Sanhuan222@163.com   TM:469428271
个人Blog：http://hi.baidu.com/迅者/



===============================================
   ___________病毒查杀结果__________________


===============================================

2007年5月16日10时56分11秒 开始查杀C:\Documents and Settings\Administrator\桌面\123
C:\Documents and Settings\Administrator\桌面\123\123\ie.exe 发现未知可疑文件:Win32.NkHack.BDX.A 操作:阻止运行
****************************
您应该引起注意的文件:

-----------------------------------------


=========================================

_________文件性质分析结果________________
"带壳"仅指文件性质,仅供专业人员分析使用。


-----------------------------------------

2007年5月16日10时56分11秒收起线程…100% 查杀完毕！
扫描文件：3查杀病毒：1

tracydk

红伞挂....上报..

tracydk

AhnLab-V3	2007.7.14.0	2007.07.14	no virus found
AntiVir	7.4.0.42	2007.07.15	no virus found
Authentium	4.93.8	2007.07.13	no virus found
Avast	4.7.997.0	2007.07.16	Win32:Delf-DNR
AVG	7.5.0.476	2007.07.15	no virus found
BitDefender	7.2	2007.07.16	BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal	9.00	2007.07.14	no virus found
ClamAV	devel-20070416	2007.07.16	no virus found
DrWeb	4.33	2007.07.15	Trojan.MulDrop.6952
eSafe	7.0.15.0	2007.07.10	suspicious Trojan/Worm
eTrust-Vet	30.8.3784	2007.07.14	no virus found
Ewido	4.0	2007.07.14	Dropper.DN
FileAdvisor	1	2007.07.16	no virus found
Fortinet	2.91.0.0	2007.07.14	no virus found
F-Prot	4.3.2.48	2007.07.13	no virus found
Ikarus	T3.1.1.8	2007.07.15	no virus found
Kaspersky	4.0.2.24	2007.07.16	no virus found
McAfee	5074	2007.07.13	no virus found
Microsoft	1.2704	2007.07.16	Trojan:Win32/Agent.gen!J
NOD32v2	2399	2007.07.14	no virus found
Norman	5.80.02	2007.07.13	W32/Hupigon.gen67
Panda	9.0.0.4	2007.07.15	no virus found
Sophos	4.19.0	2007.07.06	Mal/Packer
Sunbelt	2.2.907.0	2007.07.14	no virus found
Symantec	10	2007.07.16	no virus found
TheHacker	6.1.6.146	2007.07.13	no virus found
VBA32	3.12.0.2	2007.07.16	MalwareScope.Trojan-PSW.Game.14
VirusBuster	4.3.23:9	2007.07.15
Webwasher-Gateway	6.0.1	2007.07.16	Trojan.Crypt.NSPI.Gen

tracydk

最近ONECARE还挺猛的啊..

SONGBOWEN

解压后有两个文件，分别是avp.exe（怎么有点像卡巴的文件名？！混淆视听吗？）和ie.exe（用这个文件名对付菜鸟还行，稍有经验的人都知道，IE的进程是iexplore.exe，而不是ie.exe……），应该是新变种，卡巴飘过了……

蓝色牛仔裤

[Scan path] C:\Documents and Settings\Administrator\桌面\123.zip
>>C:\Documents and Settings\Administrator\桌面\123.zip\123.exe\avp.exe infected with Trojan.MulDrop.6952
>>C:\Documents and Settings\Administrator\桌面\123.zip\123.exe\ie.exe infected with BackDoor.Pigeon.1604
>C:\Documents and Settings\Administrator\桌面\123.zip\123.exe - archive contains infected objects
C:\Documents and Settings\Administrator\桌面\123.zip - archive contains infected objects

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 4
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 29 Kb/s
Scan time: 00:00:00

红心王子

看 norman的扫描结果超强  [:27:] [:27:]

Scan taken on 16 Jul 2007 03:13:48 (GMT)
A-Squared	Found nothing
AntiVir	Found nothing
ArcaVir	Found nothing
Avast	Found nothing
AVG Antivirus	Found nothing
BitDefender	Found BehavesLike:Win32.ExplorerHijack (probable variant)
ClamAV	Found nothing
Dr.Web	Found Trojan.MulDrop.6952, BackDoor.Pigeon.1604
F-Prot Antivirus	Found nothing
F-Secure Anti-Virus	Found nothing
Fortinet	Found nothing
Kaspersky Anti-Virus	Found nothing
NOD32	Found nothing
Norman Virus Control	Found Sandbox: W32/Hupigon.gen67; [ General information ] * Creating several executable files on hard-drive. * File length: 83456 bytes. [ Changes to filesystem ] * Deletes directory C:\WINDOWS\TEMP\IXP0.TMP. * Creates directory C:\WINDOWS\TEMP\IXP0.TMP. * Creates file C:\WINDOWS\TEMP\IXP0.TMP\TMP4351$.TMP. * Creates file C:\WINDOWS\TEMP\IXP0.TMP\avp.exe. * Creates file C:\WINDOWS\TEMP\IXP0.TMP\ie.exe. * Deletes file C:\WINDOWS\TEMP\IXP0.TMP\ie.exe. * Deletes file C:\WINDOWS\TEMP\IXP0.TMP\avp.exe. * Deletes file C:\WINDOWS\TEMP\IXP0.TMP\TMP4351$.TMP. * Deletes directory C:\WINDOWS\TEMP\IXP0.TMP\. * Creates file C:\WINDOWS\winllogon.exe. * Creates file C:\WINDOWS\Deleteme.bat. [ Changes to registry ] * Creates key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce". * Sets value "wextract_cleanup0"="rundll32.exe C:\WINDOWS\SYSTEM32\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TEMP\IXP0.TMP\"" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce". * Deletes value "wextract_cleanup0" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce". * Creates key "HKLM\System\CurrentControlSet\Services\IE_WinServerName". * Sets value "ImagePath"="C:\WINDOWS\winllogon.exe" in key "HKLM\System\CurrentControlSet\Services\IE_WinServerName". * Sets value "DisplayName"="Windows CreaterIE" in key "HKLM\System\CurrentControlSet\Services\IE_WinServerName". [ Process/window information ] * Attempts to access service "IE_WinServerName". * Creates service "IE_WinServerName (Windows CreaterIE)" as "C:\WINDOWS\winllogon.exe".
Panda Antivirus	Found nothing
Rising Antivirus	Found nothing
Sophos Antivirus	Found Mal/Packer
VirusBuster	Found Packed/NSPack
VBA32	Found MalwareScope.Trojan-PSW.Game.14

The EQs

Scan performed at: 2007-7-16 11:21:50
Scanning Log
NOD32 version 2399 (20070714) NT
Command line: C:\Documents and Settings\EQ2\桌面\123\123
Operating memory - is OK

Date: 16.7.2007  Time: 11:21:58
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\123\123\
C:\Documents and Settings\EQ2\桌面\123\123\ie.exe - a variant of Win32/TrojanDownloader.Delf.AXB trojan
Number of scanned files: 2
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 11:21:58 Total scanning time: 0 sec (00:00:00)

一派胡言

kv2007飘了。