收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 19只毒网产物
12下一页
返回列表 发新帖
查看: 2855|回复: 11
收起左侧

[病毒样本] 19只毒网产物

[复制链接]
promised
发表于 2007-9-3 19:37:08 | 显示全部楼层 |阅读模式
[MD5: 9F2E08 F9F0DB FF2E91 02908E CBD249 7AD34B 62E4EE D7189E A91150 7F734C BC837E B563A4 34D197 2719F9 AB374F 46F68D 7FE0A4 DD696F D72A25]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

promised
 楼主| 发表于 2007-9-3 19:37:12 | 显示全部楼层
C:\ABC\1.exe - 可疑代码段 被发现 (Level: 30)
C:\ABC\10.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\11.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\12.exe - 特征码 'BehavesLikeWin32.ExplorerHijack' 被发现
C:\ABC\13.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\14.exe - 特征码 'MalwareScope.Backdoor.Hupigon.1' 被发现
C:\ABC\15.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\16.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\17.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\18.exe - 特征码 'Trojan.Agent.ABOY' 被发现
C:\ABC\19.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.dm' 被发现
C:\ABC\20.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\3.exe - 特征码 'Generic.PWS.Games.3' 被发现
C:\ABC\4.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\5.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\6.exe - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\7.exe - 特征码 'Generic.PWS.Games.2' 被发现
C:\ABC\8.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\9.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现

        19 文件被扫描
          (0 压缩档 0 文件)
        18 特征码被侦测
        1 可疑代码段被发现
        耗时: 0:01.594
回复

举报

qigang
发表于 2007-9-3 19:42:02 | 显示全部楼层

34/10

瑞星病毒查杀结果报告

清除病毒种类列表:

病毒: Trojan.PSW.Win32.WorldOnline.kp
病毒: Trojan.PSW.Win32.OnlineGames.yda
病毒: Trojan.PSW.Win32.Asktao.bu
病毒: Trojan.PSW.Win32.XYOnline.gr
病毒: Trojan.PSW.Win32.RocOnline.cz
病毒: Trojan.PSW.Win32.OnlineGames.yer
病毒: Trojan.PSW.Win32.AskTao.bt
病毒: Trojan.PSW.Win32.OnLineGames.yed
病毒: Trojan.PSW.Win32.ZeroOnline.ak
病毒: Trojan.PSW.Win32.OnlineGames.xzf

MAC地址:00:11:5B:F3:6D:69

用户来源:互联网

软件版本:19.39.02
回复

举报

mofunzone
发表于 2007-9-3 19:46:09 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\样本.rar'
C:\Documents and Settings\Administrator\My Documents\
  样本.rar
    [0] Archive type: RAR
    --> 3.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 4.exe
        [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
        [WARNING]   Infected files in archives cannot be repaired!
    --> 5.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bjt
        [WARNING]   Infected files in archives cannot be repaired!
    --> 6.exe
        [DETECTION] Contains signature of the dropper DR/Delphi.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 7.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 8.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 9.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bgc.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> 10.exe
        [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
        [WARNING]   Infected files in archives cannot be repaired!
    --> 11.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 12.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bki
        [WARNING]   Infected files in archives cannot be repaired!
    --> 13.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 14.exe
        [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 15.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 16.exe
        [DETECTION] Is the Trojan horse TR/Dldr.Agent.csa.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> 17.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bke
        [WARNING]   Infected files in archives cannot be repaired!
    --> 18.exe
        [DETECTION] Is the Trojan horse TR/Agent.ABOY.4
        [WARNING]   Infected files in archives cannot be repaired!
    --> 19.exe
        [DETECTION] Contains signature of the dropper DR/Delphi.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 20.exe
        [DETECTION] Is the Trojan horse TR/Hijack.Explor.4126
        [WARNING]   Infected files in archives cannot be repaired!
    --> 1.exe
        [DETECTION] Contains suspicious code HEUR/Crypted
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!


End of the scan: 2007年9月4日  04:45
Used time: 00:05 min

The scan has been done completely.

      0 Scanning directories
     20 Files were scanned
     19 viruses and/or unwanted programs were found
      6 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     -5 Files not concerned
      1 Archives were scanned
     20 Warnings
      0 Notes
      0 Hidden objects were found
回复

举报

uhthn2002
发表于 2007-9-3 20:15:31 | 显示全部楼层
Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Paranoia Database - 2704
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder

C:\Documents and Settings\uhthn\Desktop\New Folder\3.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder\4.exe - Infected with PDB-42 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\5.exe - Infected with PDB-2244 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\6.exe - Suspicious of Win32.Trojan-PSW.Game.1
C:\Documents and Settings\uhthn\Desktop\New Folder\7.exe - Suspicious of Trojan-Downloader.Small.2
C:\Documents and Settings\uhthn\Desktop\New Folder\8.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder\9.exe - Infected with PDB-927 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\10.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\11.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder\12.exe - Infected with PDB-2165 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\13.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder\14.exe - Infected with Win32.PDB-242 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\15.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\16.exe - Infected with PDB-2205 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\17.exe - Infected with PDB-663 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\18.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder\19.exe - Suspicious of Win32.Trojan-PSW.Game.8
C:\Documents and Settings\uhthn\Desktop\New Folder\20.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder\1.exe - Suspicious of Win32.Backdoor.Hupigon.5

19 Files scanned
7 Infected files found
12 Suspicious files found
0 Files cured
7 Files deleted
回复

举报

gho
发表于 2007-9-3 20:18:25 | 显示全部楼层
咖啡杀了15个
回复

举报

gho
发表于 2007-9-3 20:20:26 | 显示全部楼层
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.bki        文件: C:\Documents and Settings\gho\My Documents\卡巴小助手_V3[1].6\12.exe
已删除: 木马程序 Backdoor.Win32.Delf.awy        文件: C:\Documents and Settings\gho\My Documents\卡巴小助手_V3[1].6\14.exe
已删除: 病毒 Worm.Win32.Viking.lz        文件: C:\Documents and Settings\gho\My Documents\卡巴小助手_V3[1].6\12.exe//PE_Patch
已删除: 木马程序 Trojan-Spy.Win32.Delf.acb        文件: C:\Documents and Settings\gho\My Documents\卡巴小助手_V3[1].6\14.exe//UPack
回复

举报

wangjay1980
发表于 2007-9-3 20:32:22 | 显示全部楼层
detected: Trojan program Trojan-PSW.Win32.OnLineGames.blo        File: E:\Ñù±¾\н¨Îļþ¼Ð\3.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bkb        File: E:\Ñù±¾\н¨Îļþ¼Ð\4.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bjt        File: E:\Ñù±¾\н¨Îļþ¼Ð\5.exe//UPack
detected: virus Heur.Invader (modification)        File: E:\Ñù±¾\н¨Îļþ¼Ð\7.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bkr        File: E:\Ñù±¾\н¨Îļþ¼Ð\8.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bgc        File: E:\Ñù±¾\н¨Îļþ¼Ð\9.exe
detected: virus Heur.Trojan.Generic (modification)        File: E:\Ñù±¾\н¨Îļþ¼Ð\11.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bki        File: E:\Ñù±¾\н¨Îļþ¼Ð\12.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bla        File: E:\Ñù±¾\н¨Îļþ¼Ð\13.exe//PE_Patch//UPack
detected: Trojan program Backdoor.Win32.Delf.awy        File: E:\Ñù±¾\н¨Îļþ¼Ð\14.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.csa        File: E:\Ñù±¾\н¨Îļþ¼Ð\16.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bke        File: E:\Ñù±¾\н¨Îļþ¼Ð\17.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bje        File: E:\Ñù±¾\н¨Îļþ¼Ð\18.exe//PE_Patch//UPack//#//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.akj        File: E:\Ñù±¾\н¨Îļþ¼Ð\19.exe//ASPack
detected: Trojan program Trojan.Win32.Agent.ben        File: E:\Ñù±¾\н¨Îļþ¼Ð\20.exe//PE_Patch//UPack
detected: virus Heur.StartPage (modification)        File: E:\Ñù±¾\н¨Îļþ¼Ð\1.exe//PEPatch
回复

举报

欠妳緈諨
发表于 2007-9-3 20:34:48 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

微点卫士
发表于 2007-9-3 20:48:36 | 显示全部楼层
微点:
木马名称:Trojan-PSW.Win32.OnLineGames.jtj

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\4.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.jvn

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\5.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.jth

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\8.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.jqh

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\9.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.jry

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\12.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Backdoor.Win32.Delf.boc

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\14.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.jtf

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\17.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\1.EXE
修改注册表项:
HKCU\Software\Microsoft\Internet Explorer\Main\StArt PAge
是否阻止?
木马名称:Trojan-PSW.Win32.Agent.eqb

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\LYLOADER.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\3.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\LYLOADER.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\6.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP
2) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\7.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\RXAVPW0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\10.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\KULIONQJ.EXE
2) C:\WINDOWS.0\KULIONQJ.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\11.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVWLMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVWLMON.DAT
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\13.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVCQMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVCQMON.DAT
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\15.EXE
1) C:\DFD5163281.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\15.EXE
1) C:\DFD5163281.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\16.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVWDMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVWDMON.DAT
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\18.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~SA1A.TMP
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\20.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVZXMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVZXMON.DAT
是否删除木马程序及其衍生物?


19挂咯
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-16 12:56 , Processed in 0.177066 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表