xxx.exe [md5:7f188fe]

显示全部楼层 · 发表于 2007-10-1 09:51:16

几天前的垃圾
File: xxx.exe

Status: INFECTED/MALWARE
MD5: 7f188feeb5077495888cf6fa50efc49a
Packers detected: -
Bit9 reports: Not analyzed yet (more info)

Scanner results
Scan taken on 01 Oct 2007 01:48:10 (GMT)
A-Squared Found Trojan.Win32.DNSChanger.ka
AntiVir Found DR/DNSChanger.KA.84
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Dropped:Trojan.DNSCHanger.PR
ClamAV Found Trojan.Dropper-2260
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.DNSChanger.ka
Fortinet Found W32/DNSChanger.KA!tr
Kaspersky Anti-Virus Found Trojan.Win32.DNSChanger.ka
NOD32 Found nothing
Norman Virus Control Found DNSChanger.TMI
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Trojan.Win32.DNSChanger.ka

显示全部楼层 · 发表于 2007-10-1 09:57:41

TrustPort Antivirus On-Demand Scanner

   Status       Quarantined
   Target       G:\v\xxx.rar
                           Options
                                             , Requested action: Move to quarantine, Excluded extensions
                           disabled, Excluded objects disabled, Heuristics enabled, Sandbox enabled,
                           Scan archives

            Statistics       Details

                                                Files             Boot sectorsRegistry key

                           Scanned             3                      0                            0
                           Infected             1                      0                            0
                           Repaired             0                      0                            0
                           Renamed             0                      -                            -
                        Quarantined             1                      -                            -
                              Deleted             0                      -                            0

显示全部楼层 · 发表于 2007-10-1 10:07:50

2007-10-1 10:07:14 1191204434 SYSTEM 1300 Sign of "Win32:DNSChanger-NP [Trj]" has been found in "http://bbs.kafan.cn/attachment.php?aid=134118\xxx.exe\nsis.hdr" file.

显示全部楼层 · 发表于 2007-10-1 10:21:06

捆绑了个加密rar包

显示全部楼层 · 发表于 2007-10-1 10:24:23

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\tmp1.exe'
C:\Users\morgan\Documents\
  tmp1.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-10-1 11:08:05

微点干掉

显示全部楼层 · 发表于 2007-10-1 12:02:55

xxx.exe : Signature: DNSChanger.TMI

[ DetectionInfo ]
* Signature name: DNSChanger.TMI
* Compressed: NO

[ General information ]
* Creating several executable files on hard-drive.
* **Locates window "NULL [class #32770]" on desktop.

[ Changes to filesystem ]
* Creates directory C:\WINDOWS\TEMP.
* Creates file C:\WINDOWS\TEMP\nsx8999.tmp.
* Deletes file C:\WINDOWS\TEMP\nsx8999.tmp.
* Creates file C:\WINDOWS\TEMP\nsy8899.tmp.
* Creates directory C:\WINDOWS.
* Creates file C:\WINDOWS\TEMP\check.exe.
* Creates file C:\WINDOWS\TEMP\package.tmp.
* Creates file C:\WINDOWS\TEMP\nsc8099.tmp.
* Deletes file C:\WINDOWS\TEMP\nsc8099.tmp.
* Creates directory C:\WINDOWS\TEMP\nsc8099.tmp.
* Creates file C:\WINDOWS\TEMP\nsc8099.tmp\nsExec.dll.
* Creates file C:\WINDOWS\TEMP\nsc8099.tmp\ns0889.tmp.
* Deletes file C:\WINDOWS\TEMP\nsc8099.tmp\ns0889.tmp.
* Deletes file C:\WINDOWS\TEMP\CHECK.EXE.
* Deletes file C:\WINDOWS\TEMP\PACKAGE.TMP.
* Creates file C:\WINDOWS\TEMP\nsc8099.tmp\modern-header.bmp.
* Deletes file C:\WINDOWS\TEMP\nsc8099.tmp\NSEXEC.DLL.
* Deletes file C:\WINDOWS\TEMP\nsc8099.tmp\MODERN~1.BMP.
* Deletes directory C:\WINDOWS\TEMP\nsc8099.tmp\.

显示全部楼层 · 发表于 2007-10-1 12:42:25

木马名称:Trojan.Win32.DNSChanger.th

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP1.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2007-10-1 15:58:56

检测到：木马程序 Trojan.Win32.DNSChanger.ka URL: http://bbs.kafan.cn/attachment.p ... exe//stream//Script

[病毒样本] xxx.exe [md5:7f188fe]

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块