“随意贴”被挂马（样本已提取）

显示全部楼层 · 发表于 2007-7-31 10:14:34

哈.

显示全部楼层 · 发表于 2007-7-31 10:15:54

Virus: Win32:Agent-EPC [Trj] (2x), VBS:Malware [Gen]

Virus found while downloading Web content.

Address: bbs.kafan.cn

Virus: Trojan-Downloader.JS.Psyme.gs

Virus found while downloading Web content.

Address: bbs.kafan.cn

显示全部楼层 · 发表于 2007-7-31 10:21:26

Kaspersky Internet Security 6.0
The requested URL http://bbs.kafan.cn/attachment.php?aid=107229 is infected with Trojan.VBS.Runner.o virus
The requested URL http://bbs.kafan.cn/attachment.php?aid=107230 is infected with Trojan-Downloader.JS.Psyme.gs virus

显示全部楼层 · 发表于 2007-7-31 10:21:52

virus.zip
  [0] Archive type: ZIP
  --> win1ogin.exe
   [DETECTION] Contains signature of the dropper DR/PcClient.Gen
  --> Microsoft.com
   [DETECTION] Contains signature of the dropper DR/PcClient.Gen
  --> Microsoft.vbs
   [DETECTION] Contains signature of the VBS script virus VBS/Runner.O.3

htm.zip
  [0] Archive type: ZIP
  --> xl.htm
   [DETECTION] Contains signature of the Java script virus JS/Dldr.Agent.25076

显示全部楼层 · 发表于 2007-7-31 15:25:20

X星又挂

virus.zip
AhnLab-V3 2007.7.31.1 2007.07.31 -
AntiVir 7.4.0.54 2007.07.30 DR/PcClient.Gen
Authentium 4.93.8 2007.07.30 VBS/WSRunner.I@troj
Avast 4.7.997.0 2007.07.30 Win32:Agent-EPC
AVG 7.5.0.476 2007.07.30 -
BitDefender 7.2 2007.07.31 Trojan.Vbs.Runner.O
CAT-QuickHeal 9.00 2007.07.30 (Suspicious) - DNAScan
ClamAV 0.91 2007.07.31 -
DrWeb 4.33 2007.07.31 BackDoor.PcClient
eSafe 7.0.15.0 2007.07.29 Virus in password protected archive
eTrust-Vet 31.1.5018 2007.07.31 -
Ewido 4.0 2007.07.30 Backdoor.PcClient.zb
FileAdvisor 1 2007.07.31 -
Fortinet 2.91.0.0 2007.07.31 -
F-Prot 4.3.2.48 2007.07.30 VBS/WSRunner.I@
F-Secure 6.70.13030.0 2007.07.31 Backdoor.Win32.PcClient.zb
Ikarus T3.1.1.8 2007.07.31 Backdoor.Win32.PcClient.yw
Kaspersky 4.0.2.24 2007.07.31 Backdoor.Win32.PcClient.zb
McAfee 5086 2007.07.30 -
Microsoft 1.2704 2007.07.31 -
NOD32v2 2429 2007.07.30 -
Norman 5.80.02 2007.07.30 -
Panda 9.0.0.4 2007.07.31 Suspicious file
Rising 19.34.11.00 2007.07.31 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.31 -
Symantec 10 2007.07.31 Trojan Horse
TheHacker 6.1.7.159 2007.07.31 -
VBA32 3.12.2.2 2007.07.30 BackDoor.PcClient
VirusBuster 4.3.26:9 2007.07.30 -
Webwasher-Gateway 6.0.1 2007.07.31 Trojan.PcClient.G

htm.zip
AhnLab-V3 2007.7.31.1 2007.07.31 -
AntiVir 7.4.0.54 2007.07.30 JS/Dldr.Agent.25076
Authentium 4.93.8 2007.07.30 JS/Psyme.DQ@dl
Avast 4.7.997.0 2007.07.30 -
AVG 7.5.0.476 2007.07.30 JS/Uniz
BitDefender 7.2 2007.07.31 Trojan.HTML.Agent.C
CAT-QuickHeal 9.00 2007.07.30 -
ClamAV 0.91 2007.07.31 -
DrWeb 4.33 2007.07.31 -
eSafe 7.0.15.0 2007.07.29 -
eTrust-Vet 31.1.5018 2007.07.31 -
Ewido 4.0 2007.07.30 Downloader.Agent.id
FileAdvisor 1 2007.07.31 -
Fortinet 2.91.0.0 2007.07.31 JS/Agent.HC!tr.dldr
F-Prot 4.3.2.48 2007.07.30 -
F-Secure 6.70.13030.0 2007.07.31 Trojan-Downloader.JS.Psyme.gs
Ikarus T3.1.1.8 2007.07.31 Exploit.HTML.MHV
Kaspersky 4.0.2.24 2007.07.31 Trojan-Downloader.JS.Psyme.gs
McAfee 5086 2007.07.30 -
Microsoft 1.2704 2007.07.31 -
NOD32v2 2429 2007.07.30 JS/TrojanDownloader.Agent.ID
Norman 5.80.02 2007.07.30 -
Panda 9.0.0.4 2007.07.31 -
Rising 19.34.11.00 2007.07.31 Trojan.DL.JS.Agent.let
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.31 -
Symantec 10 2007.07.31 -
TheHacker 6.1.7.159 2007.07.31 -
VBA32 3.12.2.2 2007.07.30 -
VirusBuster 4.3.26:9 2007.07.30 Trojan.DL.JS.Agent.UPE
Webwasher-Gateway 6.0.1 2007.07.31 Script.Dldr.Agent.25076

显示全部楼层 · 发表于 2007-7-31 21:36:34

KV2007监控到两个病毒。

显示全部楼层 · 发表于 2007-7-31 22:49:08

什么东西? 进去后虽然nod32砍了俩,但tw内存占有跑到188M,CPU飙到99%.

显示全部楼层 · 发表于 2007-8-1 00:07:04

原帖由 tracydk 于 2007-7-31 08:58 发表
avast什么时候能对下载者敏感啊

Win32:Agent-EPC [Trj]

[病毒样本] “随意贴”被挂马（样本已提取）

本帖子中包含更多资源