幻想游戏网挂马

显示全部楼层 · 发表于 2007-10-3 02:27:39

http://www.hxgame.net/news/shownews.asp?ID=872

显示全部楼层 · 发表于 2007-10-3 02:30:48

A-Squared  Found nothing
AntiVir  Found TR/Spy.QQLogger.E
ArcaVir  Found Trojan.Spy.Qqlogger.E
Avast  Found Win32:QQLogger-B
AVG Antivirus  Found PSW.Generic5.PQM
BitDefender  Found Generic.PWStealer.C022D54A
ClamAV  Found nothing
CPsecure  Found Troj.Spy.W32.QQLogger.D
Dr.Web  Found Trojan.PWS.Gamania.4455
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found Trojan-Spy.Win32.QQLogger.e
Fortinet  Found SPY/QQPass
Kaspersky Anti-Virus  Found Trojan-Spy.Win32.QQLogger.e
NOD32  Found Win32/PSW.QQPass.NCE
Norman Virus Control  Found nothing
Panda Antivirus  Found Trj/QQPass.APR
Rising Antivirus  Found nothing
Sophos Antivirus  Found Mal/QQPass-B, Mal/Dropper-H
VirusBuster  Found Trojan.QQPass.Gen
VBA32  Found MalwareScope.Trojan-PSW.Game.7

显示全部楼层 · 发表于 2007-10-3 02:35:50

a-squared 3.0.0.123 2007.10.01 2007-10-01 - 23.151
AntiVir 7.6.0.18 7.0.0.45 2007-10-02 TR/Spy.QQLogger.E 3.322
Arcavir 1.0.4 200710021004 2007-10-02 Trojan.Spy.Qqlogger.E 1.397
AVAST 1.0.8 000778-1 2007-10-02 Win32:QQLogger-B [Trj] 3.484
AVG 7.5.49.442 269.13.37/1042 2007-10-01 PSW.Generic5.PQM 3.071
BitDefender 7.60825.897972 7.15084 2007-10-03 Generic.PWStealer.C022D54A 3.689
CA (VET) 8.4.0.24 31.2.5179 2007-10-02 Win32/Dowque!generic trojan. 0.966
ClamAV 0.91.2 4456 2007-10-03 - 0.487
Comodo 2.11 2.0.0.301 2007-10-02 - 1.125
Dr.WEB 4.33 2007.10.02 2007-10-02 Trojan.PWS.Gamania.4455 5.582
ewido 4.0.0.2 2007.10.02 2007-10-02 - 2.471
F-PROT 4.4.0.50 20070930 2007-09-30 - 1.709
F-SECURE 5.51.6100 2007.10.02.03 2007-10-02 Trojan-Spy.Win32.QQLogger.e 0.144
IKARUS T3.1.1.12 2007.10.02.69606 2007-10-02 Trojan-Spy.Win32.Delf.OG 1.529
MKS_VIR 2.01 2007.10.02 2007-10-02 - 3.640
NOD32 2.70.10 2566 2007-10-02 Win32/PSW.QQPass.NCE trojan 0.004
NORMAN 5.91.08 5.90 2007-10-02 W32/Malware.AVEY 6.920
nProtect 2007-10-02.00 960570 2007-10-02 Trojan-Spy/W32.QQLogger.20828 17.647
QuickHeal 9.00 2007.10.02 2007-10-02 TrojanSpy.QQLogger.e 4.929
SOPHOS 2.49.1 4.21 2007-10-02 Mal/QQPass-B 8.048
The Hacker 6.2.6 v00075 2007-10-01 Trojan/Spy.QQLogger.e 1.018
VBA32 3.12.2.4 20071002.0508 2007-10-02 MalwareScope.Trojan-PSW.Game.7 1.639
ViRobot 20071002 2007.10.02 2007-10-02 - 0.821
VirusBuster 4.3.19:9 9.107.5/11.0 2007-10-02 Trojan.QQPass.Gen 1.560
卡巴斯基 5.5.10 2007.10.02 2007-10-02 Trojan-Spy.Win32.QQLogger.e 0.062
江民杀毒 10.00.650 2007.09.30 2007-09-30 TrojanSpy.QQLogger.c 1.009
熊猫卫士 9.04.03.0001 2007.10.02 2007-10-02 - 1.161
瑞星 19.0 19.43.10.00 2007-10-02 Trojan.PSW.Win32.OnlineGames.yyd 4.098
赛门铁克 1.3.0.24 20071002.017 2007-10-02 Trojan.PWS.QQPass 0.384
趋势 8.500-1001 4.751.00 2007-10-01 Possible_Infostl 0.078
迈克菲 5.2.00 5132 2007-10-02 PWS-QQPass.dll 2.152
金山毒霸 2007.6.20.249 2007.10.2 2007-10-02 Win32.Troj.Delf.ba.86650 2.757
飞塔 2.81-3.11 8.181 2007-10-02 - 0.967

显示全部楼层 · 发表于 2007-10-3 02:59:43

xiazai[1].exe : INFECTED with W32/Malware (Signature: W32/Malware.AVEY)

[ DetectionInfo ]
* Sandbox name: W32/Malware
* Signature name: W32/Malware.AVEY
* Compressed: YES

[ General information ]
* Decompressing UPX.
* **Locates window "ssss [class zzzzzzzzzzzzzzz]" on desktop.
* Accesses executable file from resource section.
* **Locates window "tixiaoa [class ListBox]" on desktop.
* **Locates window "xilanan [class ListBox]" on desktop.
* File length: 20421 bytes.
* MD5 hash: da3771294504b4785690e8592d6820e7.

[ Changes to filesystem ]
* Creates file C:\Program Files\Common Files\system.dt2.
* Deletes file C:\Program Files\Common Files\SyInfo.bps.
* Creates file C:\Program Files\Common Files\SyInfo.bps.

[ Changes to registry ]
* Creates key "HKCR\CLSID\{72204F90-5CD6-41B1-BD69-62CD84C9FB24}".
* Sets value ""="" in key "HKCR\CLSID\{72204F90-5CD6-41B1-BD69-62CD84C9FB24}".
* Creates key "HKCR\CLSID\{72204F90-5CD6-41B1-BD69-62CD84C9FB24}\InProcServer32".
* Sets value ""="C:\Program Files\Common Files\SyInfo.bps" in key "HKCR\CLSID\{72204F90-5CD6-41B1-BD69-62CD84C9FB24}\InProcServer32".
* Sets value "ThreadingModel"="Apartment" in key "HKCR\CLSID\{72204F90-5CD6-41B1-BD69-62CD84C9FB24}\InProcServer32".
* Creates value "{72204F90-5CD6-41B1-BD69-62CD84C9FB24}"="" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks".

[ Network ]
* Hooks into Shell explorer.

[ Signature Scanning ]
* C:\Program Files\Common Files\system.dt2 (20421 bytes) : no signature detection.
* C:\Program Files\Common Files\SyInfo.bps (25537 bytes) : no signature detection.

显示全部楼层 · 发表于 2007-10-3 03:01:09

jotti上的瑞星引擎真的该更新一下了

显示全部楼层 · 发表于 2007-10-3 06:27:29

木马名称:Trojan-Spy.Win32.QQLogger.o

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\XIAZAI[1].EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2007-10-3 09:43:43

已删除：木马程序 Trojan-Spy.Win32.QQLogger.e 文件: F:\10.3\xiazai[1].rar/xiazai[1].exe//UPX

显示全部楼层 · 发表于 2007-10-3 12:28:12

清除病毒种类列表：
病毒： Trojan.PSW.Win32.OnlineGames.yyd

显示全部楼层 · 发表于 2007-10-3 14:52:05

KAV7.0

显示全部楼层 · 发表于 2007-10-3 18:57:09

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 289
Paranoia Database - 6697
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\xiazai[1].exe

C:\Documents and Settings\uhthn\Desktop\xiazai[1].exe - Infected Win32.Trojan-Spy.qqlogger.1

1 Files scanned
1 Infected files found
0 Suspicious files found
0 Files cured
1 Files deleted

[已鉴定] 幻想游戏网挂马