查看: 5226|回复: 18
收起左侧

[已鉴定] 幻想游戏网挂马

 关闭 [复制链接]
绅博周幸
发表于 2007-10-3 02:27:39 | 显示全部楼层 |阅读模式
http://www.hxgame.net/news/shownews.asp?ID=872

xiazai[1].rar

18.49 KB, 下载次数: 240

绅博周幸
 楼主| 发表于 2007-10-3 02:30:48 | 显示全部楼层
A-Squared  Found nothing
AntiVir  Found TR/Spy.QQLogger.E  
ArcaVir  Found Trojan.Spy.Qqlogger.E  
Avast  Found Win32:QQLogger-B  
AVG Antivirus  Found PSW.Generic5.PQM  
BitDefender  Found Generic.PWStealer.C022D54A  
ClamAV  Found nothing
CPsecure  Found Troj.Spy.W32.QQLogger.D  
Dr.Web  Found Trojan.PWS.Gamania.4455  
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found Trojan-Spy.Win32.QQLogger.e  
Fortinet  Found SPY/QQPass  
Kaspersky Anti-Virus  Found Trojan-Spy.Win32.QQLogger.e  
NOD32  Found Win32/PSW.QQPass.NCE  
Norman Virus Control  Found nothing
Panda Antivirus  Found Trj/QQPass.APR  
Rising Antivirus  Found nothing
Sophos Antivirus  Found Mal/QQPass-B, Mal/Dropper-H  
VirusBuster  Found Trojan.QQPass.Gen  
VBA32  Found MalwareScope.Trojan-PSW.Game.7
绅博周幸
 楼主| 发表于 2007-10-3 02:35:50 | 显示全部楼层
a-squared 3.0.0.123 2007.10.01 2007-10-01 - 23.151
AntiVir 7.6.0.18 7.0.0.45 2007-10-02 TR/Spy.QQLogger.E 3.322
Arcavir 1.0.4 200710021004 2007-10-02 Trojan.Spy.Qqlogger.E 1.397
AVAST 1.0.8 000778-1 2007-10-02 Win32:QQLogger-B [Trj] 3.484
AVG 7.5.49.442 269.13.37/1042 2007-10-01 PSW.Generic5.PQM 3.071
BitDefender 7.60825.897972 7.15084 2007-10-03 Generic.PWStealer.C022D54A 3.689
CA (VET) 8.4.0.24 31.2.5179 2007-10-02 Win32/Dowque!generic trojan.  0.966
ClamAV  0.91.2 4456 2007-10-03 - 0.487
Comodo 2.11 2.0.0.301 2007-10-02 - 1.125
Dr.WEB 4.33 2007.10.02 2007-10-02 Trojan.PWS.Gamania.4455 5.582
ewido 4.0.0.2 2007.10.02 2007-10-02 - 2.471
F-PROT 4.4.0.50 20070930 2007-09-30 - 1.709
F-SECURE 5.51.6100 2007.10.02.03 2007-10-02 Trojan-Spy.Win32.QQLogger.e 0.144
IKARUS T3.1.1.12 2007.10.02.69606 2007-10-02 Trojan-Spy.Win32.Delf.OG 1.529
MKS_VIR 2.01 2007.10.02 2007-10-02 - 3.640
NOD32 2.70.10 2566 2007-10-02 Win32/PSW.QQPass.NCE trojan 0.004
NORMAN 5.91.08 5.90 2007-10-02 W32/Malware.AVEY 6.920
nProtect 2007-10-02.00 960570 2007-10-02 Trojan-Spy/W32.QQLogger.20828 17.647
QuickHeal 9.00 2007.10.02 2007-10-02 TrojanSpy.QQLogger.e 4.929
SOPHOS 2.49.1 4.21 2007-10-02 Mal/QQPass-B 8.048
The Hacker 6.2.6 v00075 2007-10-01 Trojan/Spy.QQLogger.e 1.018
VBA32 3.12.2.4 20071002.0508 2007-10-02 MalwareScope.Trojan-PSW.Game.7 1.639
ViRobot 20071002 2007.10.02 2007-10-02 - 0.821
VirusBuster 4.3.19:9 9.107.5/11.0 2007-10-02 Trojan.QQPass.Gen 1.560
卡巴斯基 5.5.10 2007.10.02 2007-10-02 Trojan-Spy.Win32.QQLogger.e 0.062
江民杀毒 10.00.650 2007.09.30 2007-09-30 TrojanSpy.QQLogger.c 1.009
熊猫卫士 9.04.03.0001 2007.10.02 2007-10-02 - 1.161
瑞星 19.0 19.43.10.00 2007-10-02 Trojan.PSW.Win32.OnlineGames.yyd 4.098
赛门铁克 1.3.0.24 20071002.017 2007-10-02 Trojan.PWS.QQPass 0.384
趋势 8.500-1001 4.751.00 2007-10-01 Possible_Infostl 0.078
迈克菲 5.2.00 5132 2007-10-02 PWS-QQPass.dll 2.152
金山毒霸 2007.6.20.249 2007.10.2 2007-10-02 Win32.Troj.Delf.ba.86650 2.757
飞塔 2.81-3.11 8.181 2007-10-02 - 0.967
changzheng2
发表于 2007-10-3 02:59:43 | 显示全部楼层
xiazai[1].exe : INFECTED with W32/Malware (Signature: W32/Malware.AVEY)


[ DetectionInfo ]
    * Sandbox name: W32/Malware
    * Signature name: W32/Malware.AVEY
    * Compressed: YES

[ General information ]
    * Decompressing UPX.
    * **Locates window "ssss [class zzzzzzzzzzzzzzz]" on desktop.
    * Accesses executable file from resource section.
    * **Locates window "tixiaoa [class ListBox]" on desktop.
    * **Locates window "xilanan [class ListBox]" on desktop.
    * File length:        20421 bytes.
    * MD5 hash: da3771294504b4785690e8592d6820e7.

[ Changes to filesystem ]
    * Creates file C:\Program Files\Common Files\system.dt2.
    * Deletes file C:\Program Files\Common Files\SyInfo.bps.
    * Creates file C:\Program Files\Common Files\SyInfo.bps.

[ Changes to registry ]
    * Creates key "HKCR\CLSID\{72204F90-5CD6-41B1-BD69-62CD84C9FB24}".
    * Sets value ""="" in key "HKCR\CLSID\{72204F90-5CD6-41B1-BD69-62CD84C9FB24}".
    * Creates key "HKCR\CLSID\{72204F90-5CD6-41B1-BD69-62CD84C9FB24}\InProcServer32".
    * Sets value ""="C:\Program Files\Common Files\SyInfo.bps" in key "HKCR\CLSID\{72204F90-5CD6-41B1-BD69-62CD84C9FB24}\InProcServer32".
    * Sets value "ThreadingModel"="Apartment" in key "HKCR\CLSID\{72204F90-5CD6-41B1-BD69-62CD84C9FB24}\InProcServer32".
    * Creates value "{72204F90-5CD6-41B1-BD69-62CD84C9FB24}"="" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks".

[ Network ]
    * Hooks into Shell explorer.

[ Signature Scanning ]
    * C:\Program Files\Common Files\system.dt2 (20421 bytes) : no signature detection.
    * C:\Program Files\Common Files\SyInfo.bps (25537 bytes) : no signature detection.
solcroft
发表于 2007-10-3 03:01:09 | 显示全部楼层
jotti上的瑞星引擎真的该更新一下了
rav.PNG
微点卫士
发表于 2007-10-3 06:27:29 | 显示全部楼层
木马名称:Trojan-Spy.Win32.QQLogger.o

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\XIAZAI[1].EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
king6808
发表于 2007-10-3 09:43:43 | 显示全部楼层
已删除:木马程序 Trojan-Spy.Win32.QQLogger.e        文件: F:\10.3\xiazai[1].rar/xiazai[1].exe//UPX
moonsilver
发表于 2007-10-3 12:28:12 | 显示全部楼层
清除病毒种类列表:
病毒: Trojan.PSW.Win32.OnlineGames.yyd
hsjj2005
发表于 2007-10-3 14:52:05 | 显示全部楼层
KAV7.0
未命名.PNG
uhthn2002
发表于 2007-10-3 18:57:09 | 显示全部楼层
Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 289
Paranoia Database - 6697
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\xiazai[1].exe

C:\Documents and Settings\uhthn\Desktop\xiazai[1].exe - Infected Win32.Trojan-Spy.qqlogger.1

1 Files scanned
1 Infected files found
0 Suspicious files found
0 Files cured
1 Files deleted
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-13 15:19 , Processed in 0.169483 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表