来几个厉害的样本160FE9

显示全部楼层 · 发表于 2007-9-15 11:39:48

是优盘病毒在每个盘都生成一个autorun.inf 和administrator.vbs
病毒修改了文件串联破坏了显隐形功能我用最新的卡巴扫过没有用
用清理助手也察不到所以把病毒文件发上来让大家练练手

此压缩包中还有其他样本

[ 本帖最后由 promised 于 2007-9-15 11:51 编辑 ]

显示全部楼层 · 发表于 2007-9-15 11:40:54

显示全部楼层 · 发表于 2007-9-15 11:41:13

NOD:
Win32/Genetik trojan
这个Genetik真强啊

显示全部楼层 · 发表于 2007-9-15 11:44:38

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: bbs.kafan.cn/attachment.php?aid=127844
Information: Contains a detection pattern of the (dangerous) backdoor program BDS/Exaal.45056 Backdoor server programs

--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 7.01.00.11, AVE 7.6.0.10, VDF 6.39.1.134

显示全部楼层 · 发表于 2007-9-15 11:50:24

C:\ABC\Administrator.rar:\D597CB0D.EXE - 特征码 'Backdoor.Win32.Agent.aqw' 被发现
C:\ABC\Administrator.rar:\pagefileconfig.vbs
C:\ABC\Administrator.rar:\STWINSDAT.EXE-3529398C.pf
C:\ABC\Administrator.rar:\更新后Administrator.vbs\Administrator.vbs
C:\ABC\Administrator.rar:\Administrator.vbs
C:\ABC\Administrator.rar

6 文件被扫描
(1 压缩档 5 文件)
1 特征码被侦测
0 可疑代码段被发现
耗时: 0:00.188

显示全部楼层 · 发表于 2007-9-15 11:50:27

detected: virus Virus.Win32.AutoRun.mg URL: http://bbs.kafan.cn/attachment.p ... 597CB0D.EXE//ASPack

显示全部楼层 · 发表于 2007-9-15 11:51:19

Begin scan in 'C:\Documents and Settings\dell\桌面\Administrator.rar'
C:\Documents and Settings\dell\桌面\Administrator.rar
  [0] Archive type: RAR
  --> D597CB0D.EXE
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Exaal.45056 Backdoor server programs
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-9-15 11:56:26

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Paranoia Database - 4945
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder

C:\Documents and Settings\uhthn\Desktop\New Folder\D597CB0D.EXE - Suspicious of Trojan-PSW.Game.8
C:\Documents and Settings\uhthn\Desktop\New Folder\pagefileconfig.vbs - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\STWINSDAT.EXE-3529398C.pf - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\Administrator.vbs - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\更新后Administrator.vbs\Administrator.vbs - OK

5 Files scanned
0 Infected files found
1 Suspicious files found
0 Files cured
0 Files deleted

显示全部楼层 · 发表于 2007-9-15 11:59:35

很看好你的软件，公测后一定会试试看的

显示全部楼层 · 发表于 2007-9-15 12:18:35

Scan performed at: 2007-9-15 12:17:54
Scanning Log
NOD32 version 2531 (20070915) NT
Command line: D:\Documents and Settings\EKINCHENG\桌面\Administrator.rar

Date: 15.9.2007 Time: 12:17:56
Anti-Stealth technology is enabled.
Scanned disks, folders and files: D:\Documents and Settings\EKINCHENG\桌面\Administrator.rar
D:\Documents and Settings\EKINCHENG\桌面\Administrator.rar ?RAR ?D597CB0D.EXE - probably a variant of Win32/Genetik trojan
Number of scanned files: 6
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 12:17:56 Total scanning time: 0 sec (00:00:00)

[病毒样本] 来几个厉害的样本160FE9

本帖子中包含更多资源

本帖子中包含更多资源

回复 8楼 uhthn2002 的帖子