流氓之王万能搜索(WNSO)样本[FC2FF7]

显示全部楼层 · 发表于 2007-8-7 13:45:54

试试啊

无法删除,谁敢跑跑?

[ 本帖最后由 chenrui19930 于 2007-8-7 21:37 编辑 ]

显示全部楼层 · 发表于 2007-8-7 13:50:09

何以可怕？

显示全部楼层 · 发表于 2007-8-7 13:50:44

不能删掉也!

显示全部楼层 · 发表于 2007-8-7 13:56:55

呼呼呼~

显示全部楼层 · 发表于 2007-8-7 14:00:13

感染: not-a-virus:AdWare.Win32.Dm.y
文件: find.dll
目录: C:\Documents and Settings\Administrator\Local Settings\Temp
进程: MPSVC2.exe

显示全部楼层 · 发表于 2007-8-7 14:05:25

ESS好可爱的窗口。。。尤其是那个感叹号

显示全部楼层 · 发表于 2007-8-7 14:06:26

Scan performed at: 2007-8-7 14:05:48
Scanning Log
NOD32 version 2440 (20070806) NT
Command line: C:\Documents and Settings\EQ2\桌面\wnso
Operating memory - is OK

Date: 7.8.2007 Time: 14:05:53
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\wnso\
C:\Documents and Settings\EQ2\桌面\wnso\wnso\RGGZS\RG.exe ?NSIS ?find.dll - Win32/Adware.DM application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\wnso\wnso\RGGZS\RG.exe ?NSIS ?SoBar.dll - Win32/Adware.DM application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\wnso\wnso\RGGZS\RG.exe ?NSIS ?wsorem.dll - Win32/Adware.DM application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\wnso\wnso\RGGZS\RG.exe ?NSIS ?wsomain.exe - Win32/Adware.DM application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\wnso\wnso\RGGZS\RG.exe ?NSIS ?citing.dll - Win32/Adware.DM application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\wnso\wnso\RGGZS\RG.exe ?NSIS ?RunExe.exe - Win32/Adware.DM application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\wnso\wnso\RGGZS\RG.exe ?NSIS ?roreg.sys - Win32/Adware.WSearch application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\wnso\wnso\RGGZS\RG.exe ?NSIS ?front.sys - Win32/Adware.WSearch application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\wnso\wnso\RGGZS\RG.exe ?NSIS ?main.dll - Win32/Adware.DM application - was a part of the deleted object
Number of scanned files: 23
Number of threats found: 9
Number of files cleaned: 1
Time of completion: 14:05:54 Total scanning time: 1 sec (00:00:01)

显示全部楼层 · 发表于 2007-8-7 14:14:51

驱逐舰挂

微点：
木马名称:Trojan-Clicker.Win32.Agent.gk

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WSOMAIN.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Agent.dza

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RUNEXE.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Clicker.Win32.Agent.fl

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ROREG.SYS
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Clicker.Win32.Agent.fp

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\FRONT.SYS
是木马程序!
已成功阻止其运行,是否要删除此文件?
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\WNSO\RGGZS\RG.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:1641
远端地址:218.83.175.154(上海)
远端端口:80

显示全部楼层 · 发表于 2007-8-7 15:24:51

Malicious code found in file C:\Documents and Settings\user\桌面\wnso[1]\wnso\RGGZS\RG.exe.
Infection: Rootkit.Win32.Agent.fs
Action: failed.

显示全部楼层 · 发表于 2007-8-7 15:27:43

我说,怎么没人敢安装呢?试下啊

[:27:]

[病毒样本] 流氓之王万能搜索(WNSO)样本[FC2FF7]

本帖子中包含更多资源

回复 #2 pluto1313 的帖子

本帖子中包含更多资源

哈

浏览过的版块