[MD5: B76A14] 继续

红心王子

woai_jolin

===================================================================================================
NVCOD On Demand Scanner 5.80.02

NSE revision 5.91.02
nvcbin.def revision 5.90.00 of 2007/07/17 08:12:37 (810868 variants)
nvcmacro.def revision 5.90.00 of 2007/06/29 06:32:19 (20341 variants)
Total number of variants: 831209
Command line: "@C:\Users\Jason\AppData\Local\Temp\~OD5C8F.tmp"
===================================================================================================

       Time  Filename                                                     Virus name
---------------------------------------------------------------------------------------------------
- Scanning files in the directory: D:\v\v\
       16 ms D:\v\v\server.exe                                            Trojan W32/DLoader.CYWR ()
       15 ms D:\v\v\server.exe.bak                                        Trojan W32/DLoader.CYWR ()
        0 ms D:\v\v\winrar.css                                          
       16 ms D:\v\v\zxarps..exe                                           Security Risk W32/Suspicious_U.gen ()
        0 ms D:\v\v\小哨兵还原卡密码读取.exe                              Security Risk W32/Suspicious_U.gen ()
        0 ms D:\v\v\小龙下载者.exe                                        Trojan W32/DLoader.CYWQ ()
- File D:\v\v\server.exe quarantined.
- File D:\v\v\server.exe deleted.
- File D:\v\v\server.exe.bak quarantined.
- File D:\v\v\server.exe.bak deleted.
- File D:\v\v\zxarps..exe quarantined.
- File D:\v\v\zxarps..exe deleted.
- File D:\v\v\小哨兵还原卡密码读取.exe quarantined.
- File D:\v\v\小哨兵还原卡密码读取.exe deleted.
- File D:\v\v\小龙下载者.exe quarantined.
- File D:\v\v\小龙下载者.exe deleted.

===================================================================================================

The scanning started: 2007/07/17 20:11:15
               ended: 2007/07/17 20:11:16
Logged on as        : Jason
on hostname         : JASON-PC

Scanning results:
   Total number of files found..............................:       6
   Number of files scanned..................................:       6
   Number of files/directories skipped due to exclude list..:       0
   Number of files that could not be opened.................:       0
   Number of archive files unpacked.........................:       0
   Number of archive files not unpacked.....................:       0
   Number of infections.....................................:       5

Copyright (c) 1993-2005 Norman ASA.

1688388728

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EGMKN5N4\four[1].rar\server.exe - infected with Trojan.DownLoader.26688
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EGMKN5N4\four[1].rar\server.exe.bak - infected with Trojan.DownLoader.26688
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EGMKN5N4\four[1].rar\zxarps..exe - infected with Trojan.Sniff
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EGMKN5N4\four[1].rar\?????.exe - infected with Trojan.DownLoader.26688

Archive contains 4 infected items

欠妳緈諨

wangjay1980

detected: Trojan program Trojan-Downloader.Win32.VB.ne URL: http://bbs.kafan.cn/attachment.php?aid=102097//server.exe//ExeFog//ExeFog
detected: Trojan program Trojan-Downloader.Win32.VB.ne URL: http://bbs.kafan.cn/attachment.php?aid=102097//server.exe.bak//ExeFog
detected: malware HackTool.Win32.Agent.be URL: http://bbs.kafan.cn/attachment.php?aid=102097//zxarps..exe//UPack
detected: Trojan program Trojan-Downloader.Win32.VB.ne URL: http://bbs.kafan.cn/attachment.php?aid=102097//¤p?¤U?ªÌ.exe//ASPack

The EQs

没人看看到底是什么吗？？？

woai_jolin

server.exe : Not detected by Sandbox (Signature: W32/DLoader.CYWR)


[ DetectionInfo ]
    * Sandbox name: NO_MALWARE
    * Signature name: W32/DLoader.CYWR

[ General information ]
    * Applications uses MSVBVM60.DLL (Visual Basic 6).
    * Form uses id Form.
    * File length:        25165 bytes.
    * MD5 hash: 7657f58c4d1f708b0fd32954f1c8da2a.

[ Process/window information ]
    * Creates a mutex MUTEX_ID_0e800031.
    * Creates a mutex MUTEX_ID_00000031.
    * Creates a COM object with CLSID
{FCFB3D23-A0FA-1068-A738-08002B3371B5} : VBRuntime.
    * Creates a COM object with CLSID
{E93AD7C1-C347-11D1-A3E2-00A0C90AEA82} : VBRuntime6.



(C) 2004-2006 Norman ASA. All Rights Reserved.

The material presented is distributed by Norman ASA as an information
source only.

promised

重复样本

风雪

1184674797,2007-7-17 20:19:57,Mantis 1.0b,木马,mygood,D:\3\新建文件夹\新建文件夹\four.rar>>server.exe,Manual scan
1184674797,2007-7-17 20:19:57,TrojanDownloader.VB.ne.tbkb,木马,mygood,D:\3\新建文件夹\新建文件夹\four.rar>>server.exe.bak,Manual scan
1184674797,2007-7-17 20:19:57,Hacktool.ArpCheater.a.nvls,黑客工具,mygood,D:\3\新建文件夹\新建文件夹\four.rar>>zxarps..exe,Manual scan
1184674797,2007-7-17 20:19:57,Heuri.ERNM,启发式扫描,mygood,D:\3\新建文件夹\新建文件夹\four.rar>>小哨兵还原卡密码读取.exe,Manual scan
1184674797,2007-7-17 20:19:57,TrojanDownloader.VB.ne.qzvj,木马,mygood,D:\3\新建文件夹\新建文件夹\four.rar>>小龙下载者.exe,Manual scan
费尔扫描。

红心王子

原帖由 promised 于 2007-7-17 20:18 发表
重复样本

哪里重复了
只不过是转贴而已