18个快餐exe

显示全部楼层 · 发表于 2007-8-14 17:21:16

BD 15
驱逐舰 13

C:\Documents and Settings\同同\桌面\exe.zip=>exe/0temp.exe Infected: GenPack:Trojan.Pws.Nilage.BCW
C:\Documents and Settings\同同\桌面\exe.zip=>exe/0temp.exe Disinfection failed
C:\Documents and Settings\同同\桌面\exe.zip=>exe/10temp.exe=>(RAR Sfx o)=>1.exe Infected: DeepScan:Generic.Malware.SFBdldsp.B07B394C
C:\Documents and Settings\同同\桌面\exe.zip=>exe/10temp.exe=>(RAR Sfx o)=>1.exe Disinfection failed
C:\Documents and Settings\同同\桌面\exe.zip=>exe/10temp.exe=>(RAR Sfx o)=>1.exe Move failed
C:\Documents and Settings\同同\桌面\exe.zip=>exe/11temp.exe Infected: Backdoor.Rizo.A
C:\Documents and Settings\同同\桌面\exe.zip=>exe/11temp.exe Disinfection failed
C:\Documents and Settings\同同\桌面\exe.zip=>exe/12temp.exe Infected: DeepScan:Generic.Lmir.F1FB728C
C:\Documents and Settings\同同\桌面\exe.zip=>exe/13temp.exe Infected: GenPack:Backdoor.Agent.YPT
C:\Documents and Settings\同同\桌面\exe.zip=>exe/13temp.exe Disinfection failed
C:\Documents and Settings\同同\桌面\exe.zip=>exe/16temp.exe Infected: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\同同\桌面\exe.zip=>exe/17temp.exe Infected: Generic.Onlinegames9.E027E482
C:\Documents and Settings\同同\桌面\exe.zip=>exe/17temp.exe Disinfection failed
C:\Documents and Settings\同同\桌面\exe.zip=>exe/18temp.exe Infected: Dropped:Generic.Malware.PWS.99809822
C:\Documents and Settings\同同\桌面\exe.zip=>exe/2temp.exe Infected: Generic.Onlinegames.1.BE1E1915
C:\Documents and Settings\同同\桌面\exe.zip=>exe/2temp.exe Disinfection failed
C:\Documents and Settings\同同\桌面\exe.zip=>exe/3temp.exe Infected: Generic.Onlinegames.3.D37EF1C3
C:\Documents and Settings\同同\桌面\exe.zip=>exe/4temp.exe Infected: Dropped:Generic.PWS.Games.3.ABAA63DD
C:\Documents and Settings\同同\桌面\exe.zip=>exe/4temp.exe Disinfection failed
C:\Documents and Settings\同同\桌面\exe.zip=>exe/5temp.exe Infected: Generic.PWStealer.3F4AFC9E
C:\Documents and Settings\同同\桌面\exe.zip=>exe/8temp.exe Infected: Generic.PWS.Games.4.5765DFB9
C:\Documents and Settings\同同\桌面\exe.zip=>exe/8temp.exe Disinfection failed
C:\Documents and Settings\同同\桌面\exe.zip=>exe/9temp.exe Infected: Trojan.Agent.ABIO
C:\Documents and Settings\同同\桌面\exe.zip=>exe/crsss.exe Infected: Trojan.Downloader.Delf.NXF
C:\Documents and Settings\同同\桌面\exe.zip=>exe/crsss.exe Disinfection failed
C:\Documents and Settings\同同\桌面\exe.zip=>exe/LYLOADER.EXE Infected: Dropped:Generic.PWS.Games.3.ABAA63DD
C:\Documents and Settings\同同\桌面\exe.zip Moved

显示全部楼层 · 发表于 2007-8-14 17:28:01

===================================================================================================
Norman Virus Control On-demand scanner 7.0.0.9

NSE revision 5.91.04
nvcbin.def revision 5.90.00 of 2007/08/09 20:07:15 (824384 variants)
nvcmacro.def revision 5.90.00 of 2007/08/06 19:46:49 (20358 variants)
Total number of variants: 844742
===================================================================================================

*** Possible virus found ***
*** F:\v\n\exe.zip : exe/11temp.exe -> Trojan W32/OnLineGames.IXD ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/12temp.exe -> Virus W32/Viking.EQ ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/13temp.exe -> Virus W32/Delf.dam.dropper ( [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Accesses executable file from resource section.
* Creating several executable files on hard-drive.
* File might be compressed.
* File length:    177577 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM32\Packet.dll.
* Creates file C:\WINDOWS\SYSTEM32\WanPacket.dll.
* Creates file C:\WINDOWS\SYSTEM32\wpcap.dll.
* Creates file C:\WINDOWS\SYSTEM32\drivers\npf.sys.
* Creates file C:\WINDOWS\SYSTEM32\drivers\svchost.exe.
* Creates file C:\WINDOWS\SYSTEM32\drivers\scvhost.exe.

[ Changes to registry ]
* Creates value "KVP"="C:\WINDOWS\SYSTEM32\drivers\svchost.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

[ Process/window information ]
* Will automatically restart after boot (I'll be back...).
* Attemps to open C:\WINDOWS\SYSTEM32\drivers\scvhost.exe -idx 0 -ip 192..

[ Signature Scanning ]
* C:\WINDOWS\SYSTEM32\Packet.dll (32512 bytes) : no signature detection.
* C:\WINDOWS\SYSTEM32\WanPacket.dll (32512 bytes) : no signature detection.
* C:\WINDOWS\SYSTEM32\wpcap.dll (32512 bytes) : no signature detection.
* C:\WINDOWS\SYSTEM32\drivers\npf.sys (32512 bytes) : no signature detection.
* C:\WINDOWS\SYSTEM32\drivers\svchost.exe (177577 bytes) : no signature detection.
* C:\WINDOWS\SYSTEM32\drivers\scvhost.exe (11081 bytes) : W32/Delf.dam.

)
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/16temp.exe -> Security Risk W32/Suspicious_U.gen ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/18temp.exe -> Security Risk W32/Suspicious_U.gen ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/2temp.exe -> Trojan OnLineGames.gen26 ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/3temp.exe -> Trojan OnLineGames.gen26 ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/4temp.exe -> Trojan W32/OnLineGames.JOR ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/5temp.exe -> Security Risk Suspicious_F.gen ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/6temp.exe -> Trojan OnLineGames.gen26 ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/8temp.exe -> Trojan OnLineGames.gen26 ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/9temp.exe -> Security Risk W32/Suspicious_U.gen ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/crsss.exe -> Trojan Hupigon.gen114 ()
- File F:\v\n\exe.zip quarantined.
*** F:\v\n\exe.zip : exe/LYLOADER.EXE -> Security Risk W32/Suspicious_U.gen ()
- File F:\v\n\exe.zip quarantined.

===================================================================================================

The scanning started: 2007/08/14 17:27:06
            ended: 2007/08/14 17:27:20
Logged on as       : Administrator
on hostname       : 2FF87FC2B9AB46F

Scanning results:
Total number of files found..............................:    20
Number of files scanned..................................:    20
Number of files/directories skipped due to exclude list..:    0
Number of files that could not be opened.................:    0
Number of archive files unpacked.........................:    1
Number of archive files not unpacked.....................:    0
Number of infections.....................................:    14

Copyright (c) 1993-2005 Norman ASA.

显示全部楼层 · 发表于 2007-8-14 17:51:40

[:27:]

显示全部楼层 · 发表于 2007-8-14 23:35:24

卡巴KIS7.0

病毒扫描 : 完成
---------------
已扫描: 43
已检测: 18
未清除: 0
开始时间: 2007-8-14 23:34:27
持续时间: 00:00:03
结束时间: 2007-8-14 23:34:30

已检测
------
状态对象
---- ----
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.mu 文件: D:\exe.zip/exe/0temp.exe
已删除: 木马程序 Trojan-PSW.Win32.Gamec.ar 文件: D:\exe.zip/exe/10temp.exe//data.rar/1.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.ads 文件: D:\exe.zip/exe/11temp.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.czl 文件: D:\exe.zip/exe/12temp.exe//UPack
已删除: 木马程序 Backdoor.Win32.Delf.awy 文件: D:\exe.zip/exe/13temp.exe
已删除: 木马程序 Trojan-Downloader.Win32.Agent.bxg 文件: D:\exe.zip/exe/16temp.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.afd 文件: D:\exe.zip/exe/17temp.exe//ASPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.aci 文件: D:\exe.zip/exe/18temp.exe//PE_Patch
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.abr 文件: D:\exe.zip/exe/2temp.exe//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan.Win32.LipGame.cd 文件: D:\exe.zip/exe/3temp.exe//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.nn 文件: D:\exe.zip/exe/4temp.exe
已删除: 木马程序 Trojan-PSW.Win32.Agent.mi 文件: D:\exe.zip/exe/5temp.exe//FSG
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.afb 文件: D:\exe.zip/exe/6temp.exe//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan-PSW.Win32.Lmir.bey 文件: D:\exe.zip/exe/7temp.exe//data.rar/admin2.EXE//ASPack
已删除: 木马程序 Trojan-Downloader.Win32.Zlob.byg 文件: D:\exe.zip/exe/8temp.exe//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan-Spy.Win32.Delf.uv 文件: D:\exe.zip/exe/9temp.exe//UPack
已删除: 木马程序 Trojan-Downloader.Win32.Delf.bps 文件: D:\exe.zip/exe/crsss.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.nn 文件: D:\exe.zip/exe/LYLOADER.EXE//PE_Patch//UPack

事件
----
时间名称状态原因
---- ---- ---- ----
2007-8-14 23:34:27 文件: D:\exe.zip 压缩文件 ZIP
2007-8-14 23:34:27 文件: D:\exe.zip/exe/0temp.exe 已检测木马程序 'Trojan-PSW.Win32.OnLineGames.mu'
2007-8-14 23:34:27 文件: D:\exe.zip/exe/0temp.exe 备份
2007-8-14 23:34:27 文件: D:\exe.zip/exe/0temp.exe 删除
2007-8-14 23:34:27 文件: D:\exe.zip/exe/10temp.exe 压缩文件 RarSFX
2007-8-14 23:34:27 文件: D:\exe.zip/exe/10temp.exe//data.rar 压缩文件 RAR

统计
----
对象已扫描已检测未清除已删除移动到隔离区压缩文件压缩文件密码保护损坏
---- ------ ------ ------ ------ ------------ -------- -------- -------- ----

设置
----
参数值
---- --
安全级别自定义
操作清除, 删除如果清除失败
运行模式手动
文件类型扫描所有文件
只扫描新建和改变的文件否
扫描附件全部
扫描嵌入 OLE 对象全部
如果扫描对象超过指定大小则跳过否
如果扫描超过指定时间则跳过否
分析邮件格式是
扫描有密码保护的压缩文件是
启用iChecker技术是
启用iSwift技术是
在"已检测"标签页显示已检测威胁是
Rootkit 扫描是
扩展 rootkit 扫描是
使用启发式分析器是
启发式分析等级 10

[ 本帖最后由 shaoruoyan 于 2007-8-14 23:37 编辑 ]

[病毒样本] 18个快餐exe

本帖子中包含更多资源