收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 [MD5内详]11个
12下一页
返回列表 发新帖
查看: 3233|回复: 10
收起左侧

[病毒样本] [MD5内详]11个

[复制链接]
qianwenxiang
发表于 2007-8-2 11:50:03 | 显示全部楼层 |阅读模式
[MD5: CEB96E A5AF52 4E6B49 063F73 98E986 71F078 7F5EDF EBFB1E D26ADC 9C5ED9 43090F]

avast:
mir.bin:Win32:trojan-gen{other}
sp.exe :Win32:Killreg-F [Trj]
gmir3.exe:win32:crypt-oe[trj]
sh_setup11308.exe\[PECompact]win32.delf-cem[trj]
sh_setup11308.exe\[Embedded#0b600]:Win32:Trojan-gen. {VB}
sh_setup11308.exe:Win32:Trojan-gen. {Other}
cm.exe:Win32:Agent-IWX [Trj]
soft.exe\[Upack]:Win32:Delf-FCI [Trj]
JSY.DLL\[ASPack]:Win32:Lmir-HE [Trj]
go.exe\[NsPack]\[Embedded#DATAINFO]:Win32:Nilage-AI [Trj]
1.exe:Win32:Lineage-377 [Trj]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

tracydk
发表于 2007-8-2 11:51:52 | 显示全部楼层
6个



ArcaMicroScan - Scanning report [2007.08.02 11:51:44]
Base date : 2007.08.01 08:03:30





[Scanning : F:\virus]


F:\virus\11vir.part1.rar<RAR>:soft.exe <- Trojan.Downloader.Delf.Bor : Cleaning -> Delete
F:\virus\11vir.part1.rar<RAR>:hostB.exe<NSIS>:Setup.exe <- Adware.Newweb.Y : Cleaning -> Delete
F:\virus\11vir.part1.rar<RAR>:JSY.DLL <- Trojan.Bifrose.Kt : Cleaning -> Delete
F:\virus\11vir.part5.rar<RAR>:sh_setup11308.exe <- Variant:Downloader.Vb.Atn : Cleaning -> Delete
F:\virus\11vir.part5.rar<RAR>:go.exe <- Trojan.Psw.Nilage.Blg : Cleaning -> Delete
F:\virus\11vir.part5.rar<RAR>:1.exe <- HLL.Viking.Lw : Cleaning -> Delete



Scanned objects : 20

Infected objects : 6
回复

举报

The EQs
发表于 2007-8-2 11:53:56 | 显示全部楼层
Scan performed at: 2007-8-2 11:53:17
Scanning Log
NOD32 version 2431 (20070801) NT
Command line: C:\Documents and Settings\EQ2\桌面\11vir
Operating memory - is OK

Date: 2.8.2007  Time: 11:53:24
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\11vir\
C:\Documents and Settings\EQ2\桌面\11vir\1.exe - probably a variant of Win32/Viking virus
C:\Documents and Settings\EQ2\桌面\11vir\cm.exe - a variant of Win32/TrojanDownloader.QQHelper.NDD trojan
C:\Documents and Settings\EQ2\桌面\11vir\go.exe - probably a variant of Win32/PSW.Delf.NHI trojan
C:\Documents and Settings\EQ2\桌面\11vir\hostB.exe ?NSIS ?Setup.exe - Win32/Adware.NewWeb application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\11vir\sh_setup11308.exe - Win32/TrojanDownloader.Adload.NBC trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\11vir\soft.exe - probably a variant of Win32/Genetik trojan
Number of scanned files: 15
Number of threats found: 6
Number of files cleaned: 6
Time of completion: 11:53:41 Total scanning time: 17 sec (00:00:17)
回复

举报

The EQs
发表于 2007-8-2 12:04:59 | 显示全部楼层
这都是什么啊










本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

yurius
发表于 2007-8-2 12:06:06 | 显示全部楼层
9个

deleted: virus Worm.Win32.Viking.lw        File: C:\virus\11vir.rar/11vir\1.exe
deleted: Trojan program Trojan-Dropper.VBS.Small.x        File: C:\virus\11vir.rar/11vir\7.exe//data.rar/windate.vbs
deleted: virus Packed.Win32.CryptExe (modification)        File: C:\virus\11vir.rar/11vir\gmir3.exe
deleted: Trojan program Trojan-PSW.Win32.Nilage.blg        File: C:\virus\11vir.rar/11vir\go.exe//PE_Patch//NSPack//PE_Patch
deleted: adware not-a-virus:AdWare.Win32.NewWeb.y        File: C:\virus\11vir.rar/11vir\hostB.exe//data0005
deleted: Trojan program Backdoor.Win32.Bifrose.kt        File: C:\virus\11vir.rar/11vir\JSY.DLL
deleted: virus Packed.Win32.PePatch.dk (modification)        File: C:\virus\11vir.rar/11vir\mir.bin//PE_Patch
deleted: Trojan program Trojan-Dropper.Win32.Agent.bjw        File: C:\virus\11vir.rar/11vir\sh_setup11308.exe
deleted: Trojan program Trojan-Downloader.Win32.Delf.bor        File: C:\virus\11vir.rar/11vir\soft.exe//UPack
回复

举报

rasis
发表于 2007-8-2 12:19:39 | 显示全部楼层
1.exe
      [DETECTION] Contains signature of the worm WORM/Viking.NCN
      [WARNING]   The file was ignored!
cm.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
gmir3.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING]   The file was ignored!
go.exe
      [DETECTION] Is the Trojan horse TR/PSW.Nilage.blg
      [WARNING]   The file was ignored!
JSY.DLL
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Bifrose.KT.511 Backdoor server programs
      [WARNING]   The file was ignored!
mir.bin
      [DETECTION] Contains suspicious code HEUR/Crypted
      [WARNING]   The file was ignored!
sh_setup11308.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING]   The file was ignored!
soft.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Age.24324.A
      [WARNING]   The file was ignored!


End of the scan: 2007年8月2日  12:18
Used time: 00:14 min

The scan has been done completely.

      1 Scanning directories
     12 Files were scanned
      8 viruses and/or unwanted programs were found
      2 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      1 Archives were scanned
      8 Warnings
      0 Notes
      0 Hidden objects were found
回复

举报

gho
发表于 2007-8-2 12:22:46 | 显示全部楼层
卡巴6不让下载
回复

举报

yashoo
头像被屏蔽
发表于 2007-8-2 12:30:36 | 显示全部楼层
6个

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

xxwpk007
头像被屏蔽
发表于 2007-8-2 13:10:16 | 显示全部楼层
微点:

程序:
G:\样本\样本\11VIR\1.EXE
是否删除木马程序及其衍生物?

G:\样本\样本\11VIR\CM.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:1304
远端地址:58.211.7.25(江苏·苏州)
远端端口:80

G:\样本\样本\11VIR\CM.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:1313
远端地址:58.211.7.59(江苏·苏州)
远端端口:80

G:\样本\样本\11VIR\CM.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:1322
远端地址:58.211.7.36(江苏·苏州)
远端端口:80

G:\样本\样本\11VIR\CM.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:1331
远端地址:58.211.7.41(江苏·苏州)
远端端口:80

木马名称:Trojan-PSW.Win32.Nilage.bqs

程序:
G:\样本\样本\11VIR\GO.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

程序:
G:\样本\样本\11VIR\GO.EXE
是否阻止该进程继续运行?

程序:
C:\WINDOWS\SYSTEM32\FJXIFD29.DLL
是否删除木马程序?

木马名称:Trojan-Downloader.Win32.Delf.dmg

程序:
G:\样本\样本\11VIR\SH_SETUP11308.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\POP.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:1406
远端地址:61.129.57.207(上海)
远端端口:80

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\E_4\UPDATE.DAT
协议类型:TCP
本地地址:0.0.0.0
本地端口:1450
远端地址:219.153.43.28(重庆)
远端端口:80

费尔:

2007-8-2 13:00:11,Worm.Viking.lu.bitw,病毒,Administrator,G:\样本\样本\11vir\1.exe,Manual scan
2007-8-2 13:00:11,TrojanPSW.Nilage.blg.ubgi,木马,Administrator,G:\样本\样本\11vir\go.exe,Manual scan
2007-8-2 13:00:11,TrojanDownloader.Delf.aku.uyh,木马,Administrator,G:\样本\样本\11vir\sh_setup11308.exe,Manual scan
2007-8-2 13:00:11,Backdoor.RBot.cwu.hves,后门,Administrator,G:\样本\样本\11vir\mir.bin,Manual scan
2007-8-2 13:00:11,Backdoor.Bifrose.kt.pmj.dll,后门,Administrator,G:\样本\样本\11vir\JSY.DLL,Manual scan
2007-8-2 13:00:11,Heuri.Possible/Packed,启发式扫描,Administrator,G:\样本\样本\11vir\soft.exe,Manual scan
2007-8-2 13:00:11,Adware.Clicker.bon.lcsl,广告程序,Administrator,G:\样本\样本\11vir\cm.exe
回复

举报

红心王子
发表于 2007-8-2 13:52:21 | 显示全部楼层
瑞星病毒查杀结果报告

清除病毒种类列表:
病毒: Trojan.DL.Win32.Agent.wvw
病毒: Worm.Win32.Delf.ysy      
病毒: Trojan.DL.Delf.dww      
病毒: Worm.Win32.Agent.ime     
病毒: Worm.Win32.Viking.a      

MAC地址:00:D0:F8:38:4B:7A

用户来源:局域网

软件版本:19.34.31
一共是8个
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-10 00:19 , Processed in 0.132954 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表