微点来测

显示全部楼层 · 发表于 2007-9-19 20:04:16

有趣的东东

[ 本帖最后由 Nblock 于 2007-9-19 20:06 编辑 ]

显示全部楼层 · 发表于 2007-9-19 20:16:37

大型木马群：

http://mm.guama.net/Game/100.exe

http://mm.guama.net/Game/101.exe

http://mm.guama.net/Game/102.exe

http://mm.guama.net/Game/103.exe

http://mm.guama.net/Game/104.exe

http://mm.guama.net/Game/105.exe

http://mm.guama.net/Game/106.exe

http://mm.guama.net/Game/107.exe

http://mm.guama.net/Game/108.exe

http://mm.guama.net/Game/109.exe

http://mm.guama.net/Game/110.exe

http://mm.guama.net/Game/111.exe

http://mm.guama.net/Game/112.exe

http://mm.guama.net/Game/1113.exe

http://mm.guama.net/fuzhu/arpkk.exe

http://mm.guama.net/fuzhu/hosts.exe

显示全部楼层 · 发表于 2007-9-19 20:18:21

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.DL.Win32.Agent.ydm

MAC地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：19.41.22

显示全部楼层 · 发表于 2007-9-19 20:20:31

已检测到: 木马程序 Trojan-Downloader.Win32.Agent.blm URL: http://bbs.kafan.cn/attachment.php?aid=129739//userinit.exe

显示全部楼层 · 发表于 2007-9-19 20:38:01

显示全部楼层 · 发表于 2007-9-19 21:26:53

Scan performed at: 2007-9-19 21:26:43
Scanning Log
NOD32 version 2540 (20070919) NT
Command line: C:\Documents and Settings\Don johnson\桌面\108.exe C:\Documents and Settings\Don johnson\桌面\107.exe C:\Documents and Settings\Don johnson\桌面\106.exe C:\Documents and Settings\Don johnson\桌面\105.exe C:\Documents and Settings\Don johnson\桌面\104.exe C:\Documents and Settings\Don johnson\桌面\103.exe C:\Documents and Settings\Don johnson\桌面\102.exe C:\Documents and Settings\Don johnson\桌面\101.exe C:\Documents and Settings\Don johnson\桌面\110.exe C:\Documents and Settings\Don johnson\桌面\hosts.exe C:\Documents and Settings\Don johnson\桌面\arpkk.exe C:\Documents and Settings\Don johnson\桌面\100.exe C:\Documents and Settings\Don johnson\桌面\109.exe
Operating memory - is OK

Date: 19.9.2007 Time: 21:26:46
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\108.exe; C:\Documents and Settings\Don johnson\桌面\107.exe; C:\Documents and Settings\Don johnson\桌面\106.exe; C:\Documents and Settings\Don johnson\桌面\105.exe; C:\Documents and Settings\Don johnson\桌面\104.exe; C:\Documents and Settings\Don johnson\桌面\103.exe; C:\Documents and Settings\Don johnson\桌面\102.exe; C:\Documents and Settings\Don johnson\桌面\101.exe; C:\Documents and Settings\Don johnson\桌面\110.exe; C:\Documents and Settings\Don johnson\桌面\hosts.exe; C:\Documents and Settings\Don johnson\桌面\arpkk.exe; C:\Documents and Settings\Don johnson\桌面\100.exe; C:\Documents and Settings\Don johnson\桌面\109.exe
C:\Documents and Settings\Don johnson\桌面\107.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\106.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\105.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\104.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\103.exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\102.exe - probably a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\101.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\110.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\hosts.exe - Win32/TrojanDownloader.SMW.A trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\arpkk.exe - Win32/Delf.NFD trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\100.exe - probably a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\109.exe - a variant of Win32/PSW.OnLineGames.NEN trojan
Number of scanned files: 13
Number of threats found: 12
Number of files cleaned: 12
Time of completion: 21:26:49 Total scanning time: 3 sec (00:00:03)

显示全部楼层 · 发表于 2007-9-19 21:32:40

detected: Trojan program Trojan-PSW.Win32.OnLineGames.czk File: E:\ÏÂÔØ»ùµØ\109.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dcu File: E:\ÏÂÔØ»ùµØ\110.exe//UPack
detected: Trojan program Backdoor.Win32.Delf.awy File: E:\ÏÂÔØ»ùµØ\arpkk.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.aas File: E:\ÏÂÔØ»ùµØ\hosts.exe//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.czj File: E:\ÏÂÔØ»ùµØ\100.exe//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dbw File: E:\ÏÂÔØ»ùµØ\101.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dcz File: E:\ÏÂÔØ»ùµØ\102.exe
detected: Trojan program Trojan-PSW.Win32.Delf.bao File: E:\ÏÂÔØ»ùµØ\103.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.cwa File: E:\ÏÂÔØ»ùµØ\104.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.cav File: E:\ÏÂÔØ»ùµØ\105.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.Delf.bap File: E:\ÏÂÔØ»ùµØ\106.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dbq File: E:\ÏÂÔØ»ùµØ\107.exe//UPack
detected: Trojan program Trojan-PSW.Win32.WOW.xj File: E:\ÏÂÔØ»ùµØ\108.exe//FSG//#//UPack

显示全部楼层 · 发表于 2007-9-19 22:28:42

Begin scan in 'C:\Documents and Settings\dell\桌面\userinit.rar'
C:\Documents and Settings\dell\桌面\userinit.rar
  [0] Archive type: RAR
  --> userinit.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.blm.4
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-9-19 22:31:10

The requested URL http://bbs.kafan.cn/attachment.php?aid=129739 is infected with Trojan-Downloader.Win32.Agent.blm virus

显示全部楼层 · 发表于 2007-9-20 08:41:11

2007-9-20 8:37:00 1190248620 SYSTEM 1404 Sign of "Win32:Autorun-BS [Wrm]" has been found in "http://mm.guama.net/Game/100.exe\[UPX]\[Embedded#05ef8]" file.
2007-9-20 8:37:35 1190248655 SYSTEM 1404 Sign of "Win32:Onlinegames-BBZ [Trj]" has been found in "http://mm.guama.net/Game/102.exe" file.
2007-9-20 8:38:00 1190248680 SYSTEM 1404 Sign of "Win32:Onlinegames-BCC [Trj]" has been found in "http://mm.guama.net/Game/103.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:38:13 1190248693 SYSTEM 1404 Sign of "Win32:Delf-FVM [Trj]" has been found in "http://mm.guama.net/Game/104.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:38:29 1190248709 SYSTEM 1404 Sign of "Win32:Onlinegames-BBY [Trj]" has been found in "http://mm.guama.net/Game/105.exe\[UPX]\[Embedded#1e60]" file.
2007-9-20 8:38:42 1190248722 SYSTEM 1404 Sign of "Win32:Onlinegames-BCC [Trj]" has been found in "http://mm.guama.net/Game/106.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:38:57 1190248737 SYSTEM 1404 Sign of "Win32:Onlinegames-BCC [Trj]" has been found in "http://mm.guama.net/Game/107.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:39:12 1190248752 SYSTEM 1404 Sign of "Win32:Delf-CSK [Trj]" has been found in "http://mm.guama.net/Game/108.exe" file.
2007-9-20 8:39:27 1190248767 SYSTEM 1404 Sign of "Win32:Onlinegames-BCC [Trj]" has been found in "http://mm.guama.net/Game/109.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:39:39 1190248779 SYSTEM 1404 Sign of "Win32:Delf-FVM [Trj]" has been found in "http://mm.guama.net/Game/110.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:40:32 1190248832 SYSTEM 1404 Sign of "Win32:Delf-FWD [Trj]" has been found in "http://mm.guama.net/fuzhu/arpkk.exe" file.
2007-9-20 8:40:46 1190248846 SYSTEM 1404 Sign of "Win32:Downloader-LL [Trj]" has been found in "http://mm.guama.net/fuzhu/hosts.exe" file.

[病毒样本] 微点来测

本帖子中包含更多资源

卡卡论坛baohe分析过

本帖子中包含更多资源

浏览过的版块