以身试毒的结果

ooo-ppp

看了一个据说很牛的样本，便运行了，当然裸机，结果，下载了一群病毒，共20个可疑文件，也不清楚它们的隶属关系，有点乱，可能已经被上报了。因为没有装杀软，如果已经报过，就抱歉了。

[ 本帖最后由 ooo-ppp 于 2007-10-24 15:38 编辑 ]

kp2006

病毒

wangfeng66

C:\yangben.rar\dllh8jkd1q2.exe - infected with Trojan.Packed.184
C:\yangben.rar\dllh8jkd1q5.exe - infected with Trojan.Packed.184
C:\yangben.rar\dllh8jkd1q6.exe - infected with Trojan.Packed.184
C:\yangben.rar\dllh8jkd1q7.exe - infected with Trojan.Packed.184
C:\yangben.rar\kernelw.sys - infected with Trojan.NtRootKit.426
C:\yangben.rar\m1ax1d1213216143v.exe - infected with Trojan.DownLoader.based
C:\yangben.rar\max1d11643v.exe - infected with Dialer.Maxd
C:\yangben.rar\newmaxxsv234.exe - infected with Trojan.Packed.184
C:\yangben.rar\Oays60.sys - infected with Trojan.NtRootKit.414
C:\yangben.rar\spooldr.sys - infected with Trojan.NtRootKit.421
C:\yangben.rar\vedxg6ame4.exe - infected with Trojan.Packed.184
C:\yangben.rar\vedxga5me3.exe - infected with Trojan.DownLoader.35265
C:\yangben.rar\wincheck071008.dll - infected with Trojan.DownLoader.35772
C:\yangben.rar\wincheck071008.exe - infected with Trojan.DownLoader.35784
C:\yangben.rar\winsys16_071010.dll - infected with Trojan.Hitpop

Archive contains 15 infected items

DRWEB 4.44  Kill 15

nosferatu

14个

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\yangben.rar'
C:\Documents and Settings\Administrator\桌面\yangben.rar
  [0] Archive type: RAR
  --> dllh8jkd1q2.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
  --> dllh8jkd1q5.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
  --> dllh8jkd1q6.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
  --> dllh8jkd1q7.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
  --> kernelw.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> m1ax1d1213216143v.exe
      [DETECTION] Is the Trojan horse TR/Small.Crypted.Gen
  --> max1d11643v.exe
      [DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
  --> newmaxxsv234.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
  --> Oays60.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> spooldr.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> vedxg6ame4.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
  --> vedxga5me3.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> wincheck071008.dll
      [DETECTION] Is the Trojan horse TR/Spy.Agent.adp
  --> wincheck071008.exe
      [DETECTION] Is the Trojan horse TR/Spy.Agent.adp
      [INFO]      The file was deleted!

BING126

2007-10-24 16:05:01        Administrator        3016        Sign of "Win32:Tibs-BBQ [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\yangben.rar\kernelw.sys" file.  
2007-10-24 16:05:08        Administrator        3016        Sign of "Win32:Downloader-gen [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\yangben.rar\m1ax1d1213216143v.exe" file.  
2007-10-24 16:05:10        Administrator        3016        Sign of "Win32:Dialer-407 [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\yangben.rar\max1d11643v.exe" file.  
2007-10-24 16:05:17        Administrator        3016        Sign of "Win32:Agent-MET [Rtk]" has been found in "C:\Documents and Settings\Administrator\桌面\yangben.rar\Oays60.sys" file.  
2007-10-24 16:05:20        Administrator        3016        Sign of "Win32:Tibser" has been found in "C:\Documents and Settings\Administrator\桌面\yangben.rar\vedxg6ame4.exe" file.  
2007-10-24 16:05:21        Administrator        3016        Sign of "Win32:Small-IAK [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\yangben.rar\vedxga5me3.exe\[UPX]" file.  
2007-10-24 16:05:23        Administrator        3016        Sign of "Win32:Agent-MFV [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\yangben.rar\wincheck071008.dll" file.  
2007-10-24 16:05:24        Administrator        3016        Sign of "Win32:Agent-MFW [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\yangben.rar\wincheck071008.exe\[Upack]\[Embedded#DEDLL]" file.

458506

Web content virus scan

Address:         bbs.kafan.cn
Virus:         Email-Worm.Win32.Zhelatin.kt (3x), Packed.Win32.Tibs.ap, Trojan-Downloader.Win32.Obfuscated.n, not-a-virus:Porn-Dialer.Win32.GBDialer.j, Rootkit.Win32.Agent.kb, Email-Worm.Win32.Zhelatin.ki, Email-Worm.Win32.Zhelatin.ks, Trojan-Downloader.Win32.Small.fxy, Trojan-Spy.Win32.Agent.adp, Trojan-Spy.Win32.Agent.adq, Virus.Win32.AutoRun.tp
Status:         Access has been denied.

wangjay1980

detected: virus Email-Worm.Win32.Zhelatin.kt        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/dllh8jkd1q5.exe
detected: virus Email-Worm.Win32.Zhelatin.kt        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/dllh8jkd1q6.exe
detected: virus Packed.Win32.Tibs.ap        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/kernelw.sys
detected: Trojan program Trojan-Downloader.Win32.Obfuscated.n        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/m1ax1d1213216143v.exe
detected: auto-dialer not-a-virus:Porn-Dialer.Win32.GBDialer.j        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/max1d11643v.exe
detected: virus Email-Worm.Win32.Zhelatin.kt        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/newmaxxsv234.exe
detected: Trojan program Rootkit.Win32.Agent.kb        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/Oays60.sys
detected: virus Email-Worm.Win32.Zhelatin.ki        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/spooldr.sys
detected: virus Email-Worm.Win32.Zhelatin.ks        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/vedxg6ame4.exe
detected: Trojan program Trojan-Downloader.Win32.Small.fxy        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/vedxga5me3.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX
detected: Trojan program Trojan-Spy.Win32.Agent.adp        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/wincheck071008.dll
detected: Trojan program Trojan-Spy.Win32.Agent.adq        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/wincheck071008.exe//PE_Patch//UPack
detected: virus Virus.Win32.AutoRun.tp        File: C:\Documents and Settings\Owner\×ÀÃæ\yangben.rar/winsys16_071010.dll

ilyf44

扫描开始时间: 2007-10-24 18:30:39
扫描日志
NOD32 版本 2611 (20071023) NT
命令行: C:\Documents and Settings\Administrator\桌面\yangben.rar

日期: 2007年10月24日  时间: 18:30:40
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: C:\Documents and Settings\Administrator\桌面\yangben.rar
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?dllh8jkd1q2.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?dllh8jkd1q5.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?dllh8jkd1q6.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?dllh8jkd1q7.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?kernelw.sys<病毒 - Win32/Agent.NMO 木马>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?max1d11643v.exe<病毒 - Win32/Dialer.NAD 木马>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?newmaxxsv234.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?Oays60.sys<病毒 - Win32/Rootkit.Agent.HU 木马>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?spooldr.sys<病毒 - Win32/Nuwar.AU 蠕虫>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?vedxg6ame4.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?vedxga5me3.exe<病毒 - Win32/TrojanDownloader.Small.FXY 木马>
C:\Documents and Settings\Administrator\桌面\yangben.rar ?RAR ?wincheck071008.exe<病毒 - 可能是 Win32/Genetik 木马 变种>
已扫描文件数量: 20
已发现病毒数量: 12
完成时间: 18:31:00 总共扫描时间: 20 秒 (00:00:20)

注意:
[7] 文件可能感染了未知病毒。

huaxiang954

如图

伊の星

小红伞14个。