这个“VIP”，我喜欢

显示全部楼层 · 发表于 2007-10-29 08:30:42

其实是天使下载器

00003574 00404174    0 Http://rrr.jopenkk.com/down/html.exe
000035A4 004041A4    0 C:\Program Files\100.exe
000035C0 004041C0    0 Http://rrr.jopenkk.com/game/100.exe
000035E4 004041E4    0 C:\Program Files\101.exe
00003600 00404200    0 Http://rrr.jopenkk.com/game/101.exe
00003624 00404224    0 C:\Program Files\102.exe
00003640 00404240    0 Http://rrr.jopenkk.com/game/102.exe
00003664 00404264    0 C:\Program Files\103.exe
00003680 00404280    0 Http://rrr.jopenkk.com/game/103.exe
000036A4 004042A4    0 C:\Program Files\104.exe
000036C0 004042C0    0 Http://rrr.jopenkk.com/game/104.exe
000036E4 004042E4    0 C:\Program Files\105.exe
00003700 00404300    0 Http://rrr.jopenkk.com/game/105.exe
00003724 00404324    0 C:\Program Files\106.exe
00003740 00404340    0 Http://rrr.jopenkk.com/game/106.exe
00003764 00404364    0 C:\Program Files\107.exe
00003780 00404380    0 Http://rrr.jopenkk.com/game/107.exe
000037A4 004043A4    0 C:\Program Files\108.exe
000037C0 004043C0    0 Http://rrr.jopenkk.com/game/108.exe
000037E4 004043E4    0 C:\Program Files\109.exe
00003800 00404400    0 Http://rrr.jopenkk.com/game/109.exe
00003824 00404424    0 C:\Program Files\110.exe
00003840 00404440    0 Http://rrr.jopenkk.com/game/110.exe
00003864 00404464    0 C:\Program Files\111.exe
00003880 00404480    0 Http://rrr.jopenkk.com/game/111.exe
000038A4 004044A4    0 C:\Program Files\112.exe
000038C0 004044C0    0 Http://rrr.jopenkk.com/game/112.exe
000038E4 004044E4    0 C:\Program Files\113.exe
00003900 00404500    0 Http://rrr.jopenkk.com/game/113.exe
00003924 00404524    0 C:\Program Files\114.exe
00003940 00404540    0 Http://rrr.jopenkk.com/game/114.exe
00003964 00404564    0 C:\Program Files\115.exe
00003980 00404580    0 Http://rrr.jopenkk.com/game/115.exe
000039A4 004045A4    0 C:\Program Files\dogdel.exe
000039C0 004045C0    0 Http://rrr.jopenkk.com/down/dogdel.exe
000039E8 004045E8    0 c:\WINDOWS\system32\drivers\pcihdd.sys
00003A10 00404610    0 C:\Program Files\explorer.exe
00003A30 00404630    0 Http://rrr.jopenkk.com/down/dog.exe
00003A54 00404654    0 C:\Program Files\arpkk.exe
00003A70 00404670    0 Http://rrr.jopenkk.com/down/arpkk.exe

文中连接不做处理

Http://rrr.jopenkk.com/down/dog.exe
这个是机器狗

Http://rrr.jopenkk.com/down/arpkk.exe
ARP的东东，感染局域

其他的看了一点，都是盗号木马

没什么看头

显示全部楼层 · 发表于 2007-10-29 08:32:01

另外建议把 Http://rrr.jopenkk.com

这个域名屏蔽了

[:27:]

显示全部楼层 · 发表于 2007-10-29 09:29:12

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\vip.rar'
C:\Users\morgan\Documents\
  vip.rar
[0] Archive type: RAR
--> vip.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Murlo.HY
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-10-29 09:31:55

Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD'
C:\TDDOWNLOAD\
  100.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
   [WARNING] The file was ignored!
  101.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!
  102.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ges
   [WARNING] The file was ignored!
  103.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!
  104.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
  105.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
  106.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gey
   [WARNING] The file was ignored!
  107.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
  108.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
  109.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.fnn
   [WARNING] The file was ignored!
  110.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!
  111.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
  112.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.22620.1
   [WARNING] The file was ignored!
  113.exe
   [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
   [WARNING] The file was ignored!
  arpkk.exe
[0] Archive type: RAR SFX (self extracting)
--> wpcap.dll
--> npptools.dll
--> 3.vbs
--> drivers\npf.sys
--> Vml.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> Packet.dll
--> run.bat
--> WanPacket.dll
      [WARNING] The file was ignored!
  dog.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.blm.3
   [WARNING] The file was ignored!
  dogdel.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.19968.14
   [WARNING] The file was ignored!

End of the scan: 2007年10月28日  18:31
Used time: 00:06 min

The scan has been done completely.

   1 Scanning directories
   25 Files were scanned
   17 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   8 Files not concerned
   1 Archives were scanned
   18 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-10-29 09:40:59

楼主！里面有没有盗号魔兽世界的酷狮子木马

显示全部楼层 · 发表于 2007-10-29 10:41:43

不知道,没有看

显示全部楼层 · 发表于 2007-10-29 12:07:42

小姑老师

显示全部楼层 · 发表于 2007-10-29 13:04:45

Result: 1 malware found
Trojan-Downloader.Win32.Murlo.hy (virus)
C:\Users\Administrator\Desktop\vip.rar\vip.exe

显示全部楼层 · 发表于 2007-10-29 13:13:42

C:\vip.rar\vip.exe - infected with Trojan.PWS.Lineage

Archive contains an infected item

DRWEB 4.44 Kill

显示全部楼层 · 发表于 2007-10-29 14:41:18

nod32 miss

[病毒样本] 这个“VIP”，我喜欢

本帖子中包含更多资源