一个DOWNLOADER干的好事 25 个 MD5内详

显示全部楼层 · 发表于 2007-8-10 11:43:40

一个DOWNLOADER干的好事

[MD5: 405B15 925EA5 2F0C57 EE2CC6 4D71D2 8052EE EDEFA9 8052EE 2E3188 4D71D2 2F0C57 925EA5 5B04C1 6744C4 0DF870 3CE2AC 9ADE90 6E7BBD 0DF870 E46164 96C476 604E24 0FE904 571111 F5EA1D]

Avast:
103.exe\[NsPack] | Win32:Agent-HFX [Trj]
6009.exe\[NsPack] | Win32:Agent-HFX [Trj]
888.exe\[ASPack] | Win32:Agent-GQC [Trj]
haohao.exe\[Embedded#MYDLL] | Win32:Qqrob-BK [Trj]
haohao.exe | Win32:Agent-BPB [Trj]
my_70136.exe | Win32:VB-EIZ [Trj]
retadpu565.exe\[UPX] | Win32:Agent-HKJ [Trj]
Rpcs.dll | Win32:Qqrob-BK [Trj]
Rpcs.exe\[Embedded#MYDLL] | Win32:Qqrob-BK [Trj]
Rpcs.exe | Win32:Agent-BPB [Trj]
sb.exe | Win32:QQHelper-BR [Trj]
sd.exe\$TEMP\$TEMP\1486.exe\$TEMP\DoSSSetup.dll | Win32:Cinmus-G [Adw]
sd.exe\$TEMP\$TEMP\1486.exe | Win32:Adware-gen. [Adw]
sh.exe\[ASPack] | Win32:Admoke-B [Adw]
svchost.exe\[NsPack] | Win32:Agent-HFX [Trj]

显示全部楼层 · 发表于 2007-8-10 11:46:30

其实这些我都发过
在116个一包里的
不知道这个downloader 下的东西有否更新

显示全部楼层 · 发表于 2007-8-10 11:52:12

删除了12个

显示全部楼层 · 发表于 2007-8-10 11:56:51

C:\virus\svchost[1]\tp.exe - infected with Trojan.Click.3615
C:\virus\svchost[1]\UnInstall.exe - infected with Trojan.Winpop
C:\virus\svchost[1]\winpop.exe - infected with Trojan.LowZones.267
C:\virus\svchost[1]\188.exe - infected with Trojan.Click.3615
C:\virus\svchost[1]\888.exe - infected with BackDoor.Wowish
C:\virus\svchost[1]\b122.exe - infected with Trojan.MulDrop.8200
C:\virus\svchost[1]\haohao.exe - infected with BackDoor.Klj
C:\virus\svchost[1]\iigq0v7k9.dll - probably infected with DLOADER.Trojan
C:\virus\svchost[1]\my_70136.exe - infected with Trojan.DownLoader.29409
C:\virus\svchost[1]\retadpu565.exe - infected with Trojan.DownLoader.24772
C:\virus\svchost[1]\Rpcs.dll - infected with BackDoor.Klj
C:\virus\svchost[1]\Rpcs.exe - infected with BackDoor.Klj
C:\virus\svchost[1]\sb.exe - infected with Trojan.DownLoader.29727
C:\virus\svchost[1]\sh.exe - is an AdWare program Adware.Mokead

显示全部楼层 · 发表于 2007-8-10 12:03:00

Scan performed at: 2007/08/10 12:01:50
Scanning Log
NOD32 version 2448 (20070809) NT
Command line: C:\Documents and Settings\Administrator\桌面\svchost

Date: 10.8.2007 Time: 12:01:52
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Administrator\桌面\svchost\
C:\Documents and Settings\Administrator\桌面\svchost\svchost.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Administrator\桌面\svchost\tp.exe ?UPX v12_m2 - is OK
C:\Documents and Settings\Administrator\桌面\svchost\UnInstall.exe - is OK
C:\Documents and Settings\Administrator\桌面\svchost\UnInstall.exe.lzma - is OK
C:\Documents and Settings\Administrator\桌面\svchost\winpop.exe - is OK
C:\Documents and Settings\Administrator\桌面\svchost\winpop.exe.lzma - is OK
C:\Documents and Settings\Administrator\桌面\svchost\103.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Administrator\桌面\svchost\188.exe ?UPX v12_m2 - is OK
C:\Documents and Settings\Administrator\桌面\svchost\6009.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Administrator\桌面\svchost\777.exe ?FSG v2.0 - is OK
C:\Documents and Settings\Administrator\桌面\svchost\888.exe ?ASPack v2.12 - is OK
C:\Documents and Settings\Administrator\桌面\svchost\ana4ko1.sys - a variant of Win32/Rootkit.Agent.NCK trojan
C:\Documents and Settings\Administrator\桌面\svchost\b122.exe - is OK
C:\Documents and Settings\Administrator\桌面\svchost\b122.exe.bin ?ZIP ?b122.exe - is OK
C:\Documents and Settings\Administrator\桌面\svchost\ejcnn0qkxk.sys - a variant of Win32/Rootkit.Agent.NBQ trojan
C:\Documents and Settings\Administrator\桌面\svchost\haohao.exe - a variant of Win32/PSW.QQRob.NAQ trojan
C:\Documents and Settings\Administrator\桌面\svchost\iigq0v7k9.dll - a variant of Win32/TrojanDownloader.Agent.NPO trojan
C:\Documents and Settings\Administrator\桌面\svchost\my_70136.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Administrator\桌面\svchost\qqqyyy.exe ?FSG v2.0 - is OK
C:\Documents and Settings\Administrator\桌面\svchost\retadpu565.exe - a variant of Win32/TrojanDownloader.Agent.BLS trojan
C:\Documents and Settings\Administrator\桌面\svchost\Rpcs.dll - a variant of Win32/PSW.QQRob.NAQ trojan
C:\Documents and Settings\Administrator\桌面\svchost\Rpcs.exe - a variant of Win32/PSW.QQRob.NAQ trojan
C:\Documents and Settings\Administrator\桌面\svchost\sb.exe - probably a variant of Win32/TrojanDownloader.QQHelper.NDD trojan
C:\Documents and Settings\Administrator\桌面\svchost\sd.exe ?NSIS ?System.dll - is OK
C:\Documents and Settings\Administrator\桌面\svchost\sd.exe ?NSIS ?1486.exe ?NSIS ?System.dll - is OK
C:\Documents and Settings\Administrator\桌面\svchost\sd.exe ?NSIS ?1486.exe ?NSIS ?DoSSSetup.dll - is OK
C:\Documents and Settings\Administrator\桌面\svchost\sd.exe ?NSIS ?1486.exe ?NSIS ?acpidisk.sys - a variant of Win32/Adware.Cinmus application - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\svchost\sh.exe - Win32/Adware.MoKeAD application - quarantined - unable to clean - deleted
Number of scanned files: 29
Number of threats found: 14
Number of files cleaned: 14
Time of completion: 12:01:55 Total scanning time: 3 sec (00:00:03)

显示全部楼层 · 发表于 2007-8-10 12:04:37

汗红伞21个

显示全部楼层 · 发表于 2007-8-10 12:07:04

_____________________________________________

         风暴微塔反病毒
                        [内测版]
               http://www.v0day.com/
----------------------------------------------
开始扫描……

[C:\Documents and Settings\Administrator\桌面\virus\svchost\svchost.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\svchost\svchost.exe]
                  …………引擎[2]发现病毒:Win32.Nop 6Nc<
[C:\Documents and Settings\Administrator\桌面\virus\svchost\103.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\svchost\103.exe]
                  …………引擎[2]发现病毒:Win32.Nop 6Nc<
[C:\Documents and Settings\Administrator\桌面\virus\svchost\6009.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\svchost\6009.exe]
                  …………引擎[2]发现病毒:Win32.Nop 6Nc<
[C:\Documents and Settings\Administrator\桌面\virus\svchost\888.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\svchost\my_70136.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\svchost\sb.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\svchost\sh.exe]
                  …………特征码引擎[1]发现病毒
OK  扫描完毕！

[ 本帖最后由 FBAV 于 2007-8-10 12:10 编辑 ]

显示全部楼层 · 发表于 2007-8-10 13:05:14

微点：
木马名称:Trojan.Win32.Small.aau
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\UNINSTALL.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
广告软件名称:AdWare.Win32.Rond.d
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\WINPOP.EXE
是广告软件!
已成功阻止其运行,是否要删除此文件?
广告软件名称:AdWare.Win32.Rond.e
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\B122.EXE
是广告软件!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.VB.diy
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\MY_70136.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Agent.itl
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\RETADPU565.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\103.EXE
被修改文件:
C:\WINDOWS.0\SYSTEM32\DLLCACHE\SVCHOST.EXE
是否阻止文件被修改?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\103.EXE
是否删除病毒程序及其衍生物?程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\777.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\SECMGNT.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\6009.EXE
被修改文件:
C:\WINDOWS.0\SYSTEM32\DLLCACHE\SVCHOST.EXE
是否阻止文件被修改?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\6009.EXE
是否删除病毒程序及其衍生物?
木马名称:未知间谍软件
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\QQQYYY.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\888.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\888.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\HAOHAO.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\RPCS.EXE
2) C:\WINDOWS.0\SYSTEM32\RPCS.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\HAOHAO.EXE
可疑程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\RPCS.EXE
2) C:\WINDOWS.0\SYSTEM32\RPCS.DLL
3) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
4) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
SETTINGS\TEMP\DELMEEXE.BAT
5) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\HAOHAO.EXE
删除失败!
延迟删除文件!
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\HAOHAO.EXE
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
3) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
SETTINGS\TEMP\DELMEEXE.BAT
是否删除可疑程序?
程序:
C:\WINDOWS.0\SYSTEM32\DLLCACHE\1028\SVCHOST.EXE
是否删除蠕虫程序及其衍生物?
木马名称:未知间谍软件
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\RPCS.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:未知间谍软件
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\RPCS.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:未知网络蠕虫
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\SVCHOST.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\SB.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TEMPAQ
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\SD.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\NSJ17.TMP\SYSTEM.DLL
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\1486.EXE
是否删除木马程序及其衍生物?程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST[1]\SH.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OHQ7C1Y3\SEFINSTALL168[1].TXT
2) C:\DWNSETUP\SEFINSTALL168.EXE
是否删除木马程序及其衍生物?
tp和188，微点挂了

显示全部楼层 · 发表于 2007-8-10 13:31:38

已删除: 木马程序 Trojan-Clicker.Win32.VB.ru 文件: D:\病毒库\svchost[1]\188.exe//UPX
已删除: 病毒 Heur.Invader (变种) 文件: D:\病毒库\svchost[1]\777.exe//FSG
已删除: 木马程序 Backdoor.Win32.Agent.arj 文件: D:\病毒库\svchost[1]\888.exe//ASPack
已删除: 广告软件 not-a-virus:AdWare.Win32.Rond.c 文件: D:\病毒库\svchost[1]\b122.exe
已删除: 广告软件 not-a-virus:AdWare.Win32.Rond.c 文件: D:\病毒库\svchost[1]\b122.exe.bin/b122.exe
已删除: 木马程序 Backdoor.Win32.Delf.ash 文件: D:\病毒库\svchost[1]\haohao.exe
已删除: 木马程序 Trojan-Downloader.Win32.VB.atk 文件: D:\病毒库\svchost[1]\my_70136.exe
已删除: 病毒 Heur.Invader (变种) 文件: D:\病毒库\svchost[1]\qqqyyy.exe//FSG
已删除: 木马程序 Trojan-Downloader.Win32.Agent.bls 文件: D:\病毒库\svchost[1]\retadpu565.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX
已删除: 木马程序 Backdoor.Win32.Delf.ash 文件: D:\病毒库\svchost[1]\Rpcs.dll
已删除: 木马程序 Backdoor.Win32.Delf.ash 文件: D:\病毒库\svchost[1]\Rpcs.exe
已删除: 木马程序 Trojan-Downloader.Win32.QQHelper.wd 文件: D:\病毒库\svchost[1]\sb.exe
已删除: 广告软件 not-a-virus:AdWare.Win32.Cinmus.ag 文件: D:\病毒库\svchost[1]\sd.exe//stream//data0002//data0003
已删除: 广告软件 not-a-virus:AdWare.Win32.Cinmus.ag 文件: D:\病毒库\svchost[1]\sd.exe//stream//data0002//data0004
已删除: 广告软件 not-a-virus:AdWare.Win32.AdMoke.ar 文件: D:\病毒库\svchost[1]\sh.exe//ASPack
已删除: 木马程序 Trojan-Clicker.Win32.VB.ru 文件: D:\病毒库\svchost[1]\tp.exe//UPX
已删除: 木马程序 Trojan.Win32.Small.oa 文件: D:\病毒库\svchost[1]\UnInstall.exe
已删除: 广告软件 not-a-virus:AdWare.Win32.Rond.c 文件: D:\病毒库\svchost[1]\winpop.exe

显示全部楼层 · 发表于 2007-8-10 15:44:08

[病毒样本] 一个DOWNLOADER干的好事 25 个 MD5内详

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源