10个样本 附5.exe的仔

lanvin

4.exe
修改系统时间
5.exe
木马名称:Rootkit.Win32.Agent.adc
程序:
C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Backdoor.Win32.Agent.eqh
程序:
C:\WINDOWS\SYSTEM32\DRIVERS\RUNTIME.SYS
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Backdoor.Win32.Agent.eqh
程序:
C:\WINDOWS\SYSTEM32\DRIVERS\RUNTIME.SYS
是木马程序!
已成功阻止其运行,是否要删除此文件?

8.exe
程序:
D:\NEW FOLDER\8.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\DOSKEY.DLL
是否删除木马程序及其衍生物?

3.exe 7.exe 9.exe可能为误报

woai_jolin

BitDefender Log File !!!!!
Product : BitDefender Antivirus 2008
Version : BitDefender UIScanner v.11
Log date : 01:30:25 21/10/2007
Log path : C:\Documents and Settings\Administrator\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1192901425_1_02.xml

Scan Paths:Path0000: G:\V\Desktop.rar


Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : No


Target selection options:Scan registry keys : No
Scan cookies : No
Scan boot sectors : No
Scan memory processes : No
Scan archives : No
Scan runtime packers : No
Scan emails : No
Scan all files : No
Heuristic Scan : No
Scanned extensions : (null)
Excluded extensions :  


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 0
Archive plugins : 0
Email plugins : 0
Scan plugins : 0
Archive plugins : 0
System plugins : 0
Unpack plugins : 0


Overall scan summaryScanned items : 0
Infected items : 0
Suspicious items : 0
Resolved items : 0
Individual viruses found : 0
Scanned directories : 0
Scanned boot sectors : 0
Scanned archives : 0
Input-output errors : 0
Scan time : 00:00:00:01
Files per second : 0


Scanned processes summaryScanned : 0
Infected : 0


Scanned registry keys summaryScanned : 0
Infected : 0


Scanned cookies summaryScanned : 0
Infected : 0


Remaining issues:Object Name Threat Name Final Status
G:\V\Desktop.rar=]RUNTIME.SYS Trojan.Pandex.S Disinfect Failed
G:\V\Desktop.rar=]IP6FW.SYS Trojan.Rootkit.GDX Disinfect Failed


Resolved issues:Object Name Threat Name Final Status

woai_jolin

BitDefender Log File !!!!!

Product	:	BitDefender Antivirus 2008
Version	:	BitDefender UIScanner v.11
Log date	:	01:31:10 21/10/2007
Log path	:	C:\Documents and Settings\Administrator\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1192901470_1_02.xml

Scan Paths:

Path0000:

G:\V\New_Folder.zip

Scan Options:

Scan for viruses	:	Yes
Scan for adware	:	Yes
Scan for spyware	:	Yes
Scan for applications	:	Yes
Scan for dialers	:	Yes
Scan for rootkits	:	No

Target selection options:

Scan registry keys	:	No
Scan cookies	:	No
Scan boot sectors	:	No
Scan memory processes	:	No
Scan archives	:	No
Scan runtime packers	:	No
Scan emails	:	No
Scan all files	:	No
Heuristic Scan	:	No
Scanned extensions	:	(null)
Excluded extensions	:

Target Processing

Default action for infected objects	:	Disinfect
Default action for suspicious objects	:	None
Default action for hidden objects	:	None

Scan engines summary

Number of virus signatures	:	0
Archive plugins	:	0
Email plugins	:	0
Scan plugins	:	0
Archive plugins	:	0
System plugins	:	0
Unpack plugins	:	0

Overall scan summary

Scanned items	:	0
Infected items	:	0
Suspicious items	:	0
Resolved items	:	0
Individual viruses found	:	0
Scanned directories	:	0
Scanned boot sectors	:	0
Scanned archives	:	0
Input-output errors	:	0
Scan time	:	00:00:00:01
Files per second	:	0

Scanned processes summary

Scanned	:	0
Infected	:	0

Scanned registry keys summary

Scanned	:	0
Infected	:	0

Scanned cookies summary

Scanned	:	0
Infected	:	0

Remaining issues:

Object Name	Threat Name	Final Status
G:\V\New_Folder.zip=]New Folder/3.exe=](Quarantine-4)	Trojan.DX	Disinfect Failed
G:\V\New_Folder.zip=]New Folder/10.exe	Trojan.FatObfus.2.Gen	Disinfect Failed
G:\V\New_Folder.zip=]New Folder/4.exe	Trojan.Generic.26359	Disinfect Failed
G:\V\New_Folder.zip=]New Folder/5.exe	Trojan.Kobcka.W	Disinfect Failed
G:\V\New_Folder.zip=]New Folder/6.exe	Trojan.Peed.IMR	Disinfect Failed

Resolved issues:

Object Name	Threat Name	Final Status
G:\V\New_Folder.zip=]New Folder/1.exe	Trojan.Downloader.Small.AAFK	Deleted
G:\V\New_Folder.zip=]New Folder/2.exe	Trojan.Downloader.Small.AAFK	Deleted

mofunzone

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\Desktop.rar'
C:\Users\morgan\Documents\
  Desktop.rar
    [0] Archive type: RAR
    --> RUNTIME.SYS
        [DETECTION] Is the Trojan horse TR/Dldr.Agent.DPE.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> DOSKEY.DLL
    --> IP6FW.SYS
        [DETECTION] Contains detection pattern of the rootkit RKIT/Ntech.I
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!

mofunzone

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\New.rar'
C:\Users\morgan\Documents\
  New.rar
    [0] Archive type: ZIP
    --> New Folder/1.exe
        [DETECTION] Contains suspicious code HEUR/Crypted
        [WARNING]   Infected files in archives cannot be repaired!
    --> New Folder/10.exe
        [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> New Folder/2.exe
        [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> New Folder/3.exe
        [DETECTION] Is the Trojan horse TR/Agent.aox
        [WARNING]   Infected files in archives cannot be repaired!
    --> New Folder/4.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> New Folder/5.exe
        [DETECTION] Is the Trojan horse TR/Agent.CZP
        [WARNING]   Infected files in archives cannot be repaired!
    --> New Folder/6.exe
        [DETECTION] Contains detection pattern of the worm WORM/Storm.twa
        [WARNING]   Infected files in archives cannot be repaired!
    --> New Folder/7.exe
    --> New Folder/8.exe
        [DETECTION] Is the Trojan horse TR/Agent.cfg.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> New Folder/9.exe
        [WARNING]   The file was ignored!


End of the scan: 2007年10月20日  10:43
Used time: 00:05 min

The scan has been done completely.

      0 Scanning directories
     11 Files were scanned
      6 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      5 Files not concerned
      1 Archives were scanned
      9 Warnings
      0 Notes

The EQs

C:\Documents and Settings\Don johnson\桌面\New Folder.zip » ZIP » New Folder/10.exe - probably a variant of Win32/TrojanClicker.Agent.NBJ trojan
C:\Documents and Settings\Don johnson\桌面\New Folder.zip » ZIP » New Folder/4.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\New Folder.zip » ZIP » New Folder/5.exe - Win32/Rootkit.Agent.NDH trojan
C:\Documents and Settings\Don johnson\桌面\New Folder.zip » ZIP » New Folder/6.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\Desktop.rar » RAR » RUNTIME.SYS - Win32/Rootkit.Agent.NDF trojan
C:\Documents and Settings\Don johnson\桌面\Desktop.rar » RAR » IP6FW.SYS - Win32/Rootkit.Agent.DP trojan

woai_jolin

病毒        2007-10-21  11:24:01        G:\V\Desktop.rar\IP6FW.SYS        Win32.TrojDownloader.Agent.29056        清除成功       
病毒        2007-10-21  11:24:01        G:\V\Desktop.rar\RUNTIME.SYS        Win32.TrojDownloader.Agent.5504        清除成功

woai_jolin

病毒        2007-10-21  11:25:23        G:\V\New_Folder.zip\New Folder\10.exe        Win32.Troj.Swizzor.gm.424960        清除成功

promised

C:\ABC\Desktop.rar:\RUNTIME.SYS - 特征码 'Rootkit.Win32.Agent.dw' 被发现
C:\ABC\Desktop.rar:\DOSKEY.DLL
C:\ABC\Desktop.rar:\IP6FW.SYS - 特征码 'Trojan-Downloader.Win32.Agent.acl' 被发现
C:\ABC\Desktop.rar
C:\ABC\New_Folder.zip:\New Folder\1.exe - 特征码 'Trojan-Downloader.Small.AAFK' 被发现
C:\ABC\New_Folder.zip:\New Folder\10.exe - 特征码 'Trojan.Win32.Obfuscated.en' 被发现
C:\ABC\New_Folder.zip:\New Folder\2.exe - 特征码 'Trojan-Downloader.Small.AAFK' 被发现
C:\ABC\New_Folder.zip:\New Folder\3.exe - 特征码 'Trojan.DX' 被发现
C:\ABC\New_Folder.zip:\New Folder\4.exe - 特征码 'Trojan.Generic.26359' 被发现
C:\ABC\New_Folder.zip:\New Folder\5.exe - 特征码 'Trojan.Kobcka.W' 被发现
C:\ABC\New_Folder.zip:\New Folder\6.exe - 特征码 'Trojan.Peed.IMR' 被发现
C:\ABC\New_Folder.zip:\New Folder\7.exe - 特征码 'Trojan.Win32.AddUser.i' 被发现
C:\ABC\New_Folder.zip:\New Folder\8.exe - 特征码 'Trojan.Win32.Agent.cfg' 被发现
C:\ABC\New_Folder.zip:\New Folder\9.exe - 特征码 'Trojan.Win32.Autoit.ao' 被发现
C:\ABC\New_Folder.zip


        16 文件被扫描
          (2 压缩档 13 文件)
        12 特征码被侦测
        0 可疑代码段被发现
        耗时: 0:00.328

NobleT

VG Anti-Spyware - 扫描报告
---------------------------------------------------------

+ 创建时间:        12:21:26 2007-10-21

+ 扫描结果:       



F:\Desktop.rar/IP6FW.SYS -> Downloader.Agent.acl : 已清除并备份(已隔离).
F:\Desktop.rar/RUNTIME.SYS -> Rootkit.Agent.dw : 已清除并备份(已隔离).
F:\New_Folder.zip/New Folder/7.exe -> Trojan.AddUser.i : 已清除并备份(已隔离).


::报告结束