金山发威[fb86f5]

显示全部楼层 · 发表于 2007-10-21 13:11:23

a-squared	3.0.0.126	2007.10.19	2007-10-19	-	10.441
AntiVir	7.6.0.27	7.0.0.112	2007-10-20	-	2.551
Arcavir	1.0.4	200710201828	2007-10-20	-	1.458
AVAST	1.0.8	000782-4	2007-10-20	-	3.049
AVG	7.5.49.442	269.15.3/1082	2007-10-20	-	1.789
BitDefender	7.60825.933437	7.15396	2007-10-21	Dropped:Trojan.Agent.AFNF	4.355
CA (VET)	8.4.0.24	31.2.5225	2007-10-20	-	1.354
ClamAV	0.91.2	4546	2007-10-20	-	0.769
Comodo	2.11	2.0.0.319	2007-10-20	-	1.507
Dr.WEB	4.33	2007.10.20	2007-10-20	-	9.500
ewido	4.0.0.2	2007.10.20	2007-10-20	-	4.582
F-PROT	4.4.0.50	20071018	2007-10-18	-	4.284
F-SECURE	5.51.6100	2007.10.19.07	2007-10-19	Trojan-Downloader.Win32.Agent.ehg [AVP]	5.299
IKARUS	T3.1.1.12	2007.10.20.69694	2007-10-20	Trojan.Win32.Inject.bn	1.440
MKS_VIR	2.01	2007.10.20	2007-10-20	-	2.798
NOD32	2.70.10	2604	2007-10-19	-	0.187
NORMAN	5.91.08	5.90	2007-10-19	-	29.538
nProtect	2007-10-19.00	983365	2007-10-19	Dropped:Trojan.Agent.AFNF	32.414
Prevx	V2	20071021	2007-10-21	-	10.414
QuickHeal	9.00	2007.10.20	2007-10-20	-	4.232
SOPHOS	2.49.1	4.21	2007-10-21	-	3.706
The Hacker	6.2.9	v00101	2007-10-20	-	1.645
VBA32	3.12.2.4	20071019.1939	2007-10-19	-	0.810
ViRobot	20071019	2007.10.19	2007-10-19	-	0.474
VirusBuster	4.3.19:9	9.112.1/11.0	2007-10-20	-	4.027
卡巴斯基	5.5.10	2007.10.21	2007-10-21	Trojan-Downloader.Win32.Agent.ehg	6.212
安博士V3	2007.10.20.00	2007.10.20	2007-10-20	-	1.009
江民杀毒	10.00.650	2007.10.20	2007-10-20	-	1.947
熊猫卫士	9.04.03.0001	2007.10.20	2007-10-20	-	0.452
瑞星	19.0	19.45.60.00	2007-10-20	-	1.604
赛门铁克	1.3.0.24	20071020.006	2007-10-20	-	14.160
趋势	8.500-1001	4.786.18	2007-10-20	-	0.046
迈克菲	5.2.00	5145	2007-10-19	-	1.027
金山毒霸	2007.6.20.249	2007.10.20	2007-10-20	Win32.Troj.Downloader.dn.53248	1.212
飞塔	2.81-3.11	8.251	2007-10-18	-	1.239

显示全部楼层 · 发表于 2007-10-21 13:12:52

木马名称:Trojan-Downloader.Win32.Adload.ajh

程序:
C:\PROGRAM FILES\WINABLE\WINABLE.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.DDB55590E8074DB\桌面\B122.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\TEMPORARY\WININSTALL.EXE
2) C:\PROGRAM FILES\WINABLE\WINABLE.EXE
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2007-10-21 13:27:07

新建文件：C:\Program Files\Temporary\wininstall.exe.lzma
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\WinAble\winable.exe.lzma
C:\Program Files\WinAble\winable.exe
删除文件：C:\Program Files\Temporary\wininstall.exe.lzma
C:\Program Files\WinAble\winable.exe.lzma
修改注册表：HKEY_CURRENT_USER\Software\WinAble "remove" = ok
HKEY_CURRENT_USER\Software\Classes\CLSID\{F0060354-067B-1033-0720-041028030001} "b122" = yes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "WinAble" = C:\Program Files\WinAble\winable.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAble "DisplayName" = WinAble
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAble "UninstallString" = "C:\Program Files\WinAble\winable.exe" -uninstall
HKEY_CURRENT_USER\Software\Classes\CLSID\{20060354-067B-1033-0720-041028030001} "Param3" = MTA=
HKEY_CURRENT_USER\Software\Classes\CLSID\{20060354-067B-1033-0720-041028030001} "Param4" = MzAw
HKEY_CURRENT_USER\Software\Classes\CLSID\{20060354-067B-1033-0720-041028030001} "Param2" = MA==
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow "*.starsdoor.com" = [REG_BINARY, size: 0 bytes]
HKEY_CURRENT_USER\Software\Classes\CLSID\{20060354-067B-1033-0720-041028030001} "Param1" = MTI4Mzc0MjcyMDAwMDAwMDAw

不是下载者吧，没看到下东西

显示全部楼层 · 发表于 2007-10-21 15:40:01

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 656
Paranoia Database - 48035
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\b122.exe

C:\Documents and Settings\uhthn\Desktop\b122.exe - Suspected Trojan-Downloader.Agent.2

1 Files scanned
0 Infected files found
1 Suspected files found
0 Files cured
0 Files deleted

显示全部楼层 · 发表于 2007-10-21 18:00:16

瑞星pass

显示全部楼层 · 发表于 2007-10-21 18:03:09

[病毒样本] 金山发威[fb86f5]

本帖子中包含更多资源

本帖子中包含更多资源