adware x 14

显示全部楼层 · 发表于 2007-8-24 20:50:14

[MD5: 20CC65 0EAD12 126F08 EECDE0 5D59A5 4D9C3F 101ADD 5ED119 EECDE0 A1B230 1B2FFD 66F365 E3DB92 914BF1]

显示全部楼层 · 发表于 2007-8-24 20:55:09

----------
[凝逸反毒] (http://hi.baidu.com/503165656)

[凝逸.扫描病毒引擎-日志] 2007.8.24 20:55:6

文件:F:\070824\082401[1]\dodolook391.exe | 感染:virus [309>20070824_ny0011.axx]3(21.21)
操作:清除病毒
文件:F:\070824\082401[1]\my_70201.exe | 感染:Trojan.DownLoader.30531 [171>20070822_ny0010.axx]3(1.1)
操作:删除文件
文件:F:\070824\082401[1]\d33.exe | 感染:virus [171>20070824_ny0011.axx]3(149.149)
操作:删除文件
文件:F:\070824\082401[1]\d34.exe | 感染:virus [171>20070824_ny0011.axx]3(149.149)
操作:删除文件

扫描完成|病毒:4 文件:14|耗时:9073
----------

[ 本帖最后由 qqq000@qq.com 于 2007-8-24 07:56 编辑 ]

显示全部楼层 · 发表于 2007-8-24 20:55:59

2007-8-24 20:55:52 Scanning Log
2007-8-24 20:55:52 Version of virus signature database: 2482 (20070824)
2007-8-24 20:55:52 Date: 24.8.2007 Time: 20:55:52
2007-8-24 20:55:52 Scanned disks, folders and files: F:\v\my_70201.exe;F:\v\a.exe;F:\v\b.exe;F:\v\d.exe;F:\v\d33.exe;F:\v\d34.exe;F:\v\yuhan.exe;F:\v\Hsfpwcfg.exe;F:\v\mimefilte.dll;F:\v\InstFunc.dll;F:\v\InstFunc.exe;F:\v\YingSoft-UnInstall.exe;F:\v\dodolook391.exe;F:\v\15d009.exe
2007-8-24 20:55:57 F:\v\d33.exe » NSIS » cpush.dll - probably a variant of Win32/Adware.BHO.AV application
2007-8-24 20:55:58 F:\v\d34.exe » NSIS » cpush.dll - probably a variant of Win32/Adware.BHO.AV application
2007-8-24 20:56:01 F:\v\dodolook391.exe » NSIS » 1557.exe » NSIS » acpidisk.sys - a variant of Win32/Adware.Cinmus application
2007-8-24 20:56:03 F:\v\15d009.exe » NSIS » netdde32.exe - probably unknown NewHeur_PE virus [7]
2007-8-24 20:56:03 F:\v\15d009.exe » NSIS » d03.exe » NSIS » cpush.dll - probably a variant of Win32/Adware.BHO.AV application
2007-8-24 20:56:03 Number of scanned files: 24
2007-8-24 20:56:03 Number of threats found: 5
2007-8-24 20:56:03 Time of completion: 20:56:03 Total scanning time: 11 sec (00:00:11)
2007-8-24 20:56:03
2007-8-24 20:56:03 Notes:
2007-8-24 20:56:03 [7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-8-24 21:07:49

微点：
木马名称:Trojan-Downloader.Win32.QQHelper.fqm

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\082401[1]\MY_70201.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\082401[1]\B.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:1421
远端地址:61.152.116.132(上海)
远端端口:80
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SERVER.EXE
可疑程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\DSER.EXE
2) C:\WINDOWS.0\SYSTEM32\DSER.DLL
3) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
4) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
5) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\082401[1]\B.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SERVER.EXE
2) C:\WINDOWS.0\SYSTEM32\DSER.EXE
3) C:\WINDOWS.0\SYSTEM32\DSER.DLL
是否删除木马程序及其衍生物?
广告软件名称:AdWare.Win32.BHO.oz

程序:
C:\PROGRAM FILES\COMMON FILES\CPUSH\CPUSH.DLL
是广告软件!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SERVER.EXE
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
3) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
是否删除可疑程序?
广告软件名称:AdWare.Win32.BHO.oz

程序:
C:\PROGRAM FILES\COMMON FILES\CPUSH\CPUSH.TMP
是广告软件!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\082401[1]\D33.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\COMMON FILES\CPUSH\UNINST.EXE
是否删除木马程序及其衍生物?
木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\082401[1]\D34.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\XETS05.EXE
可疑程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\DSER.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
3) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
4) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\XETS05.EXE
可疑程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\DSER.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
3) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
4) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DELMEEXE.BAT
是否删除可疑程序?
程序:
C:\WINDOWS.0\SYSTEM32\MU5SI7TV.EXE
是否删除木马程序及其衍生物?
程序:
C:\WINDOWS.0\SYSTEM32\DRIVERS\ACPIDISK.SYS
是否删除RootKit程序?
程序:
C:\WINDOWS.0\SYSTEM32\WINLIB .DLL
是否删除木马程序及其衍生物?
木马名称:Trojan-Downloader.Win32.QQHelper.fqk

程序:
C:\WINDOWS.0\SYSTEM32\NETDDE32.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
广告软件名称:AdWare.Win32.BHO.or

程序:
C:\WINDOWS.0\SYSTEM32\D03.EXE
是广告软件!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\082401[1]\A.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ZLMAV.EXE
2) C:\WINDOWS.0\SYSTEM32\SECMGNT.DLL
是否删除木马程序及其衍生物?

Hsfpwcfg.exe InstFunc.exe YingSoft-UnInstall.exe启动即退出
yuhan.exe挂了，上报去咯

显示全部楼层 · 发表于 2007-8-24 21:08:07

Start of the scan: 2007年8月24日  21:07

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\082401[1].part1.rar
  [0] Archive type: RAR
  --> dodolook391.exe
   [DETECTION] Contains signature of the dropper DR/Cinmus.F.136
  --> my_70201.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 15d009.exe
   [DETECTION] Is the Trojan horse TR/Dldr.QQHel.VN.23
   [INFO]    The file was deleted!
H:\AV-TEST\082401[1].part3.rar
  [0] Archive type: RAR
  --> d.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.MF.31
   [INFO]    The file was deleted!

End of the scan: 2007年8月24日  21:07
Used time: 00:17 min

The scan has been done completely.

   1 Scanning directories
   15 Files were scanned
   4 viruses and/or unwanted programs were found
   1 classified as suspicious:
   2 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   10 Files not concerned
   4 Archives were scanned
   0 Warnings
   1 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-8-24 21:08:33

反病毒专家 AntiVirusKit 2007 扫描病毒日志记录
版本
双引擎反病毒签名 8/24/2007
开始时间: 8/24/2007 21:03
引擎: KAV 引擎 (AVK 17.7096), AVST 引擎 (AVKB 17.347)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: data0002
在压缩档案里: D:\病毒库\082401[1]\15d009.exe
狀態: 已发现病毒
病毒: Trojan-Downloader.Win32.QQHelper.xx (KAV 引擎)
对象: data0003
在压缩档案里: D:\病毒库\082401[1]\15d009.exe
狀態: 已发现病毒
病毒: not-a-virus:AdWare.Win32.BHO.av (KAV 引擎)
对象: 15d009.exe
路径: D:\病毒库\082401[1]
狀態: 已发现病毒
病毒: Trojan-Downloader.Win32.QQHelper.xx, not-a-virus:AdWare.Win32.BHO.av (KAV 引擎), Win32:Trojan-gen. {Other} (AVST 引擎)
对象: a.exe
路径: D:\病毒库\082401[1]
狀態: 已发现病毒
病毒: Trojan-PSW.Win32.Agent.mf (KAV 引擎), Win32:BHO-FG [Trj] (AVST 引擎)
对象: b.exe
路径: D:\病毒库\082401[1]
狀態: 已发现病毒
病毒: Trojan-PSW.Win32.Agent.mf (KAV 引擎), Win32:BHO-FG [Trj] (AVST 引擎)
对象: d.exe
路径: D:\病毒库\082401[1]
狀態: 已发现病毒
病毒: Trojan-PSW.Win32.Agent.mf (KAV 引擎), Win32:BHO-FG [Trj] (AVST 引擎)
对象: stream/data0002 data0003
在压缩档案里: D:\病毒库\082401[1]\dodolook391.exe
狀態: 已发现病毒
病毒: not-a-virus:AdWare.Win32.Cinmus.f (KAV 引擎)
对象: stream/data0002 data0004
在压缩档案里: D:\病毒库\082401[1]\dodolook391.exe
狀態: 已发现病毒
病毒: not-a-virus:AdWare.Win32.Cinmus.j (KAV 引擎)
对象: dodolook391.exe
路径: D:\病毒库\082401[1]
狀態: 已发现病毒
病毒: not-a-virus:AdWare.Win32.Cinmus.f, not-a-virus:AdWare.Win32.Cinmus.j (KAV 引擎)
对象: mimefilte.dll
路径: D:\病毒库\082401[1]
狀態: 已发现病毒
病毒: not-a-virus:AdWare.Win32.AdMoke.au (KAV 引擎)
对象: my_70201.exe
路径: D:\病毒库\082401[1]
狀態: 已发现病毒
病毒: Trojan-Downloader.Win32.QQHelper.wd (KAV 引擎), Win32:QQHelper-DV [Trj] (AVST 引擎)
对象: yuhan.exe
路径: D:\病毒库\082401[1]
狀態: 已发现病毒
病毒: not-a-virus:AdWare.Win32.AdMoke.au (KAV 引擎)
扫描完成: 8/24/2007 21:04
已检查 14 个文件
已发现 8 个染毒文件

显示全部楼层 · 发表于 2007-8-24 21:22:11

_____________________________________________

         风暴微塔反病毒
                        [内测版]
               http://www.v0day.com/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\virus\d03\AA.exe]
                  …………引擎[2]发现病毒:Win32.Nop 譵
[C:\Documents and Settings\Administrator\桌面\virus\d03\1(1).exe]
                  …………引擎[2]发现病毒:Win32.NkHack.FSG.A
[C:\Documents and Settings\Administrator\桌面\virus\d03\he.exe]
                  …………引擎[2]发现病毒:Win32.NkHack.PeM.A
[C:\Documents and Settings\Administrator\桌面\virus\d03\sx.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\d03\sx.exe]
                  …………引擎[2]发现病毒:Win32.NkHack.BDX.A
[C:\Documents and Settings\Administrator\桌面\virus\d03\vedxg3am1et3.exe]
                  …………特征码引擎[1]发现病毒
文件数:14 病毒数:6  比重:0.4285714285714
OK  扫描完毕！

[ 本帖最后由 FBAV 于 2007-8-24 21:24 编辑 ]

显示全部楼层 · 发表于 2007-8-24 21:27:41

detected: adware not-a-virus:AdWare.Win32.Cinmus.f File: E:\Ñù±¾\bingdu\dodolook391.exe//stream//data0002//data0003
detected: adware not-a-virus:AdWare.Win32.Cinmus.j File: E:\Ñù±¾\bingdu\dodolook391.exe//stream//data0002//data0004
detected: Trojan program Trojan-Downloader.Win32.QQHelper.wd File: E:\Ñù±¾\bingdu\my_70201.exe
detected: Trojan program Trojan-Downloader.Win32.QQHelper.xx File: E:\Ñù±¾\bingdu\15d009.exe//data0002
detected: adware not-a-virus:AdWare.Win32.BHO.av File: E:\Ñù±¾\bingdu\15d009.exe//data0003
detected: Trojan program Trojan-PSW.Win32.Agent.mf File: E:\Ñù±¾\bingdu\a.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: adware not-a-virus:AdWare.Win32.AdMoke.au File: E:\Ñù±¾\bingdu\yuhan.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.Agent.mf File: E:\Ñù±¾\bingdu\b.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-PSW.Win32.Agent.mf File: E:\Ñù±¾\bingdu\d.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: adware not-a-virus:AdWare.Win32.AdMoke.au File: E:\Ñù±¾\bingdu\mimefilte.dll//ASPack

显示全部楼层 · 发表于 2007-8-24 22:13:53

原帖由 微点卫士 于 2007-8-24 21:07 发表
微点：
木马名称:Trojan-Downloader.Win32.QQHelper.fqm

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\082401[1]\MY_70201.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
C:\DOCUMENTS ...

yuhan我这报警了

显示全部楼层 · 发表于 2007-8-24 22:15:24

然后。。。。

[病毒样本] adware x 14

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块