Dr.web 扫不到的50枚病毒样本..

显示全部楼层 · 发表于 2007-10-17 19:04:59

Dr.web 掃不到的50隻樣本

樣本下載位址: http://pickup.mofile.com/4316121245660174

解壓密碼:virus

下载链接在如下图的位置。。MAXTHON归纳为非IE浏览器类

文件标签：

下载文件(IE浏览器) 下载文件(非IE浏览器)

显示全部楼层 · 发表于 2007-10-17 21:20:59

那请把病毒样本上传给大蜘蛛官方网站让他们去分析更新病毒资料库吧!

显示全部楼层 · 发表于 2007-10-18 00:32:14

反病毒专家 AntiVirusKit 2006 扫描病毒日志记录
版本 16.0.5
双引擎反病毒签名 2008-8-8
开始时间: 2007-10-18 0:28
引擎: KAV 引擎 (AVK 18.888), BD 引擎 (BD 18.888)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: virus (11).jpg
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan-PSW.Win32.Nilage.up (KAV 引擎)
对象: virus (13).bat
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan.BAT.KillFire.d (KAV 引擎)
对象: virus (14).pif
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan.Small.WS (BD 引擎)
对象: virus (15).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Backdoor.Win32.Hupigon.cme (KAV 引擎)
对象: virus (16).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Backdoor.Win32.Hupigon.exb (KAV 引擎)
对象: data.rar tt.bat
在压缩档案里: D:\病毒测试\临时解压\virus (17).exe
Status: 已发现病毒
病毒: Trojan-Downloader.BAT.Ftp.da (KAV 引擎)
对象: data.rar soft.vbs
在压缩档案里: D:\病毒测试\临时解压\virus (17).exe
Status: 已发现病毒
病毒: Trojan-Downloader.BAT.Ftp.da (KAV 引擎)
对象: virus (17).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan-Downloader.BAT.Ftp.da (2x) (KAV 引擎)
对象: virus (19).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan.Win32.VB.bcf (KAV 引擎)
对象: virus (2).js
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan-Downloader.JS.Psyme.kb (KAV 引擎)
对象: virus (20).pif
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Email-Worm.Win32.Warezov.po (KAV 引擎)
对象: virus (21).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Backdoor.Win32.Bifrose.acs (KAV 引擎)
对象: virus (22).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Adware.Baidu.Sobar.A (BD 引擎)
对象: virus (23).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Backdoor.Win32.Hupigon.cme (KAV 引擎)
对象: WISE0011.BIN
在压缩档案里: D:\病毒测试\临时解压\virus (24).EXE
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Agent.afb (KAV 引擎)
对象: WISE0012.BIN
在压缩档案里: D:\病毒测试\临时解压\virus (24).EXE
Status: 已发现病毒
病毒: not-a-virus:AdWare.Win32.AdMoke.gs (KAV 引擎)
对象: virus (24).EXE
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Agent.afb, not-a-virus:AdWare.Win32.AdMoke.gs (KAV 引擎)
对象: virus (27).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Backdoor.Win32.Hupigon.cme (KAV 引擎)
对象: data.rar tt.bat
在压缩档案里: D:\病毒测试\临时解压\virus (28).exe
Status: 已发现病毒
病毒: Trojan-Downloader.BAT.Ftp.da (KAV 引擎)
对象: data.rar soft.vbs
在压缩档案里: D:\病毒测试\临时解压\virus (28).exe
Status: 已发现病毒
病毒: Trojan-Downloader.BAT.Ftp.da (KAV 引擎)
对象: virus (28).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan-Downloader.BAT.Ftp.da (2x) (KAV 引擎)
对象: virus (29).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Backdoor.Win32.Hupigon.cda (KAV 引擎)
对象: virus (3).js
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan-Downloader.VBS.Agent.ei (KAV 引擎)
对象: virus (30).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan.Agent.BCS (BD 引擎)
对象: virus (31).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Worm.Win32.Viking.lt (KAV 引擎)
对象: virus (32).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Spyware.Tool.D (BD 引擎)
对象: virus (34).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Application.Evid.M (BD 引擎)
对象: virus (36).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan.Win32.Pakes (KAV 引擎)
对象: virus (37).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan-Proxy.Win32.Small.du (KAV 引擎)
对象: virus (38).dll
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: not-a-virus:AdWare.Win32.Agent.bz (KAV 引擎)
对象: virus (4).bat
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Virus.BAT.Clicker.a (KAV 引擎)
对象: virus (40).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Application.Spyware.Pcinetpatrol.AN (BD 引擎)
对象: virus (41).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Spyware.Qqstealer.A (BD 引擎)
对象: virus (42).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Virus.Win32.AutoRun.bu (KAV 引擎)
对象: virus (46).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Virus.Win32.AutoRun.bu (KAV 引擎)
对象: virus (47).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Spyware.Qqstealer.A (BD 引擎)
对象: virus (48).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Agent.are (KAV 引擎)
对象: virus (49).EXE
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan-Spy.Win32.KeyLogger.nj (KAV 引擎)
对象: virus (6).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan-PSW.Win32.Delf.wt (KAV 引擎)
对象: virus (9).sys
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Trojan.DV (BD 引擎)
对象: virus(50).exe
路径: D:\病毒测试\临时解压
Status: 已发现病毒
病毒: Spyware.Sniffer.E (BD 引擎)
扫描完成: 2007-10-18 0:28
已检查 50 个文件
已发现 35 个染毒文件
发现 0 个可疑文件

显示全部楼层 · 发表于 2007-10-18 00:38:02

单独的AVAST也杀了35个，用AVAST和AVK06扫完后还余下8只

显示全部楼层 · 发表于 2007-10-18 00:42:30

余下的随便扫了一个，估计不是病毒

文件名称 :    virus (28).exe
文件大小 :    96475 byte
文件类型 :    MS-DOS executable (EXE), OS/2 or MS Windows
MD5 :    a891de2d76f504b4c8d6167572ae0ba0
SHA1 :    48ed98f347ba32111980de212ed7d8558096f9f7

扫描结果扫描结果 :    6%的杀软(2/34)报告发现病毒
时间 :    2007/10/18 00:39:10 (CST)
软件名称引擎版本病毒库版本病毒库时间扫描结果时间
a-squared 3.0.0.123 2007.10.16 2007-10-16 - 4.655
AntiVir 7.6.0.23 7.0.0.100 2007-10-17 - 2.026
Arcavir 1.0.4 200710171232 2007-10-17 - 1.550
AVAST 1.0.8 000782-1 2007-10-17 - 3.044
AVG 7.5.49.442 269.14.12/1073 2007-10-16 - 1.656
BitDefender 7.60825.900421 7.15349 2007-10-17 - 3.445
CA (VET) 8.4.0.24 31.2.5216 2007-10-17 - 0.901
ClamAV 0.91.2 4543 2007-10-17 - 0.096
Comodo 2.11 2.0.0.316 2007-10-17 - 1.044
Dr.WEB 4.33 2007.10.17 2007-10-17 - 8.077
ewido 4.0.0.2 2007.10.16 2007-10-16 - 4.519
F-PROT 4.4.0.50 20071016 2007-10-16 - 1.298
F-SECURE 5.51.6100 2007.10.17.06 2007-10-17 - 2.777
IKARUS T3.1.1.12 2007.10.16.69674 2007-10-16 - 2.832
MKS_VIR 2.01 2007.10.17 2007-10-17 - 2.677
NOD32 2.70.10 2597 2007-10-17 - 0.068
NORMAN 5.91.08 5.90 2007-10-17 Sandbox: W32/Malware 5.075
nProtect 2007-10-17.00 941040 2007-10-17 - 24.349
Prevx V2 20071017 2007-10-17 BACKDOOR.G_DOOR.R 10.536
QuickHeal 9.00 2007.10.17 2007-10-17 - 3.350
SOPHOS 2.49.1 4.21 2007-10-17 - 4.010
The Hacker 6.2.8 v00096 2007-10-17 - 1.179
VBA32 3.12.2.4 20071017.0841 2007-10-17 - 0.850
ViRobot 20071017 2007.10.17 2007-10-17 - 0.966
VirusBuster 4.3.19:9 9.110.3/11.0 2007-10-17 - 1.039
卡巴斯基 5.5.10 2007.10.17 2007-10-17 - 4.433
江民杀毒 10.00.650 2007.10.17 2007-10-17 - 1.949
熊猫卫士 9.04.03.0001 2007.10.16 2007-10-16 - 7.413
瑞星 19.0 19.45.22.00 2007-10-17 - 2.151
赛门铁克 1.3.0.24 20071016.009 2007-10-16 - 0.815
趋势 8.500-1001 4.780.02 2007-10-17 - 0.064
迈克菲 5.2.00 5142 2007-10-16 - 0.988
金山毒霸 2007.6.20.249 2007.10.17 2007-10-17 - 1.797

显示全部楼层 · 发表于 2007-10-18 00:47:53

有个问题
不是FS用的是NORMAN的Sandbox吗？
怎么NORMAN的Sandbox报了
而FS的没有报？

显示全部楼层 · 发表于 2007-10-18 10:39:09

或许是没运行的关系所以FS的沙盘没报。。。

显示全部楼层 · 发表于 2007-10-18 13:31:51

是有很多查不出来啊

显示全部楼层 · 发表于 2007-10-18 13:55:45

Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD\Virus-1'
C:\TDDOWNLOAD\Virus-1\
  virus (1).jpg
  virus (10).txt
  virus (11).jpg
   [DETECTION] Is the Trojan horse TR/Agent.14848.36
   [INFO]    The file was deleted!
  virus (12).txt
  virus (13).bat
   [DETECTION] Contains detection pattern of the batch virus BAT/Agent.R
   [INFO]    The file was deleted!
  virus (14).pif
  virus (15).exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [INFO]    The file was deleted!
  virus (16).exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [INFO]    The file was deleted!
  virus (17).exe
   [DETECTION] Contains detection pattern of the dropper DR/Agent.yhj
   [INFO]    The file was deleted!
  virus (18).exe
  virus (19).exe
   [DETECTION] Is the Trojan horse TR/VB.bcf
   [INFO]    The file was deleted!
  virus (2).js
   [DETECTION] Is the Trojan horse TR/Dldr.Psyme.KB.1
   [INFO]    The file was deleted!
  virus (20).pif
   [DETECTION] Contains detection pattern of the worm WORM/Stration.Gen
   [INFO]    The file was deleted!
  virus (21).exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bifrose.NU Backdoor server programs
   [INFO]    The file was deleted!
  virus (22).exe
  virus (23).exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [INFO]    The file was deleted!
  virus (24).EXE
   [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.afb.5
   [INFO]    The file was deleted!
  virus (25).scr
[0] Archive type: ZIP SFX (self extracting)
--> ¤Û·Q±ý±æ.jpg
  virus (26).exe
   [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Asprotect). Please verify the origin of the file
   [INFO]    The file was deleted!
  virus (27).exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [INFO]    The file was deleted!
  virus (28).exe
   [DETECTION] Contains detection pattern of the dropper DR/Agent.yhj
   [INFO]    The file was deleted!
  virus (29).exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [INFO]    The file was deleted!
  virus (3).js
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Piftie.3
   [INFO]    The file was deleted!
  virus (30).exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
   [INFO]    The file was deleted!
  virus (31).exe
   [DETECTION] Contains detection pattern of the worm WORM/Viking.LT
   [INFO]    The file was deleted!
  virus (32).exe
   [DETECTION] Contains detection pattern of the SPR/Tool.2 program
   [INFO]    The file was deleted!
  virus (33).exe
  virus (34).exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Virkel.A.8 Backdoor server programs
   [INFO]    The file was deleted!
  virus (35).exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
  virus (36).exe
   [DETECTION] Is the Trojan horse TR/Pakes.A.295
   [INFO]    The file was deleted!
  virus (37).exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ayd.356
   [INFO]    The file was deleted!
  virus (38).dll
   [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/TCent.J
   [INFO]    The file was deleted!
  virus (39).scr
[0] Archive type: RAR SFX (self extracting)
--> m6.jpg
  virus (4).bat
   [DETECTION] Contains detection pattern of the batch virus BAT/Iframe.A
   [INFO]    The file was deleted!
  virus (40).exe
  virus (41).exe
   [DETECTION] Contains detection pattern of the SPR/QQStealer.A program
   [INFO]    The file was deleted!
  virus (42).exe
   [DETECTION] Is the Trojan horse TR/Agent.25889
   [INFO]    The file was deleted!
  virus (43).scr
[0] Archive type: ZIP SFX (self extracting)
--> photo01.jpg
  virus (44).scr
[0] Archive type: ZIP SFX (self extracting)
--> photo01.jpg
  virus (45).scr
[0] Archive type: ZIP SFX (self extracting)
--> photo01.jpg
  virus (46).exe
   [DETECTION] Is the Trojan horse TR/Agent.25889
   [INFO]    The file was deleted!
  virus (47).exe
   [DETECTION] Contains detection pattern of the SPR/QQStealer.A program
   [INFO]    The file was deleted!
  virus (48).exe
   [DETECTION] Is the Trojan horse TR/Agent.APJ
   [INFO]    The file was deleted!
  virus (49).EXE
   [DETECTION] Is the Trojan horse TR/SPY.KeyLogger.NJ
   [INFO]    The file was deleted!
  virus (5).exe
  virus (6).exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.WT.1
   [INFO]    The file was deleted!
  virus (7).cpx
  virus (8).cpx
  virus (9).sys
   [DETECTION] Is the Trojan horse TR/DV.A
   [INFO]    The file was deleted!
  virus(50).exe
   [DETECTION] Contains detection pattern of the SPR/Sniffer.E.1 program
   [INFO]    The file was deleted!

End of the scan: 2007年10月17日  22:55
Used time: 00:08 min

The scan has been done completely.

   1 Scanning directories
   55 Files were scanned
   34 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   34 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   21 Files not concerned
   5 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-10-18 21:11:52

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.DL.JS.Agent.lkb
病毒： Trojan.JS.Agent.an
病毒： Trojan.Win32.Agent.tzq
病毒： RootKit.Win32.Agent.nfi
病毒： Trojan.Win32.Agent.lu
病毒： Backdoor.Win32.Gpigeon.zst
病毒： Backdoor.Win32.Gpigeon.zvy
病毒： Harm.Win32.Agent.g
病毒： Worm.Mail.Warezov.ck
病毒： Trojan.Win32.Agent.iew
病毒： Backdoor.Win32.Gpigeon.zwy
病毒： Worm.Win32.Viking.kd
病毒： Trojan.Xema.dm
病毒： Trojan.Pakes.db
病毒： Trojan.PSW.Win32.OnlineGames.dfy
病毒： Adware.Win32.Agent.nsl
病毒： Hack.Exploit.Win32.PHP168.a
病毒： Worm.Win32.VB.jn
病毒： Trojan.KillAV.alp
病毒： Trojan.Spy.Win32.KeyLogger.nd
病毒： Trojan.Win32.Agent.ku

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.14.32

Dr.web 扫不到的50枚病毒样本..

本帖子中包含更多资源