在线的来查查看～～全过哦？

显示全部楼层 · 发表于 2007-11-4 00:08:01

VirSCAN.org Scanned Report :
Scanned time : 2007/11/03 23:56:58 (CST)
Scanner results: 全部的杀毒软件报告没有发现病毒!
File Name    : dl[1].rar
File Size    : 2547 byte
File Type    : RAR archive data, v1d, os
MD5          : 4ef69d64cff67f2a91a6217ea965577e
SHA1          : 6d46ff0a00bfb473b3a87fdd206a5b34927f13d5
Online report  : 这只被费尔显示为下载者！

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    3.0.0.126    2007.11.02       2007-11-02  2.72 -
安博士V3    2007.11.03.00 2007.11.03       2007-11-03  0.88 -
AntiVir       7.6.0.30       7.0.0.165       2007-11-02  2.04 -
Arcavir       1.0.4          200711020959    2007-11-02  1.28 -
AVAST       1.0.8          071103-0       2007-11-03  3.26 -
AVG          7.5.49.442    269.15.14/1100 2007-10-30  1.69 -
BitDefender 7.60825.937626  7.15645          2007-11-03  3.42 -
CA (VET)    8.4.0.24       31.2.5264       2007-11-03  0.69 -
ClamAV       0.91.2       4666             2007-11-03  0.01 -
Comodo       2.11          2.0.0.333       2007-11-03  0.91 -
Dr.WEB       4.44.0.9170    2007.11.03       2007-11-03  3.02 -
ewido       4.0.0.2       2007.11.02       2007-11-02  1.75 -
F-PROT       4.4.1.52       20071102       2007-11-02  1.62 -
F-SECURE    5.51.6100    2007.11.02.02    2007-11-02  4.82 -
飞塔          2.81-3.11    8.316          2007-11-02  4.15 -
ViRobot       20071102       2007.11.02       2007-11-02  0.69 -
IKARUS       T3.1.01.15    2007.11.03.69759  2007-11-03  1.61 -
江民杀毒    10.00.650    2007.11.01       2007-11-01  1.31 -
卡巴斯基    5.5.10       2007.11.03       2007-11-03  14.69  -
金山毒霸    2007.6.20.249 2007.11.2       2007-11-02  0.66 -
迈克菲       5.2.00       5155             2007-11-02  3.56 -
MKS_VIR       2.01          2007.11.03       2007-11-03  7.59 -
NOD32       2.70.10       2636             2007-11-03  0.01 -
NORMAN       5.91.08       5.90             2007-11-02  4.25 -
熊猫卫士    9.04.03.0001 2007.11.03       2007-11-03  3.87 -
趋势          8.500-1001    4.810.15       2007-11-03  0.04 -
Prevx       V2             20071103       2007-11-03  3.74 -
QuickHeal    9.00          2007.11.03       2007-11-03  2.47 -
瑞星          19.0          20.16.50.00    2007-11-03  0.65 -
SOPHOS       2.49.1       4.21             2007-11-03  4.03 -
赛门铁克    1.3.0.24       20071102.016    2007-11-02  0.22 -
nProtect    2007-11-03.00 1019615          2007-11-03  7.92 -
The Hacker    6.2.9          v00110          2007-10-26  0.99 -
VBA32       3.12.2.4       20071103.0757    2007-11-03  1.84 -
VirusBuster 4.3.19:9       9.113.10/11.0    2007-11-03  2.28 -

下面这只在用费尔清除时被EQ拦截了：
2007-11-03 23:47:48 创建注册表值    操作:允许
进程路径:C:\Program Files\Filseclab\Twister\Twister.exe
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
注册表名称:PendingFileRenameOperations
注册表数据:\??\C:\Documents and Settings\小飞侠.net\Local Settings\Temporary Internet Files\Content.IE5\ZKZBI2W8\ki[1].htm
触发规则:所有程序规则->系统自动运行->HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Control\Session Manager

2007-11-03 23:47:54 修改文件    操作:阻止
进程路径:C:\Program Files\Maxthon2\Maxthon.exe
文件路径:C:\WINDOWS\system32\drivers\etc\hosts
触发规则:所有程序规则->系统文件->%WinDir%\system32\drivers\etc\hosts

2007-11-03 23:47:56 修改文件    操作:阻止
进程路径:C:\Program Files\Maxthon2\Maxthon.exe
文件路径:C:\WINDOWS\system32\drivers\tcpip.sys
触发规则:所有程序规则->系统文件->%WinDir%\system32\drivers\*.sys

2007-11-03 23:47:57 修改文件    操作:阻止
进程路径:C:\Program Files\Maxthon2\Maxthon.exe
文件路径:C:\WINDOWS\system32\drivers\tcpip.sys
触发规则:所有程序规则->系统文件->%WinDir%\system32\drivers\*.sys

2007-11-03 23:48:02 修改文件    操作:阻止
进程路径:C:\Program Files\Maxthon2\Maxthon.exe
文件路径:C:\WINDOWS\system32\drivers\tcpip.sys
触发规则:所有程序规则->系统文件->%WinDir%\system32\drivers\*.sys

2007-11-03 23:48:03 修改文件    操作:阻止
进程路径:C:\Program Files\Maxthon2\Maxthon.exe
文件路径:C:\WINDOWS\system32\drivers\tcpip.sys
触发规则:所有程序规则->系统文件->%WinDir%\system32\drivers\*.sys

VirSCAN.org Scanned Report :
Scanned time : 2007/11/04 00:00:59 (CST)
Scanner results: 9%的杀软(3/35)报告发现病毒
File Name    : ki[1].rar
File Size    : 8066 byte
File Type    : RAR archive data, v1d, os
MD5          : 78a360f64fc3f4a9af5fc04aae358f3a
SHA1          : 156091650a398a639f8026b565a2317b5a545970
Online report  :

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    3.0.0.126    2007.11.02       2007-11-02  3.06 -
安博士V3    2007.11.03.00 2007.11.03       2007-11-03  1.03 -
AntiVir       7.6.0.30       7.0.0.165       2007-11-02  2.18 HTML/Dldr.Agen.E.32
Arcavir       1.0.4          200711020959    2007-11-02  1.27 -
AVAST       1.0.8          071103-0       2007-11-03  3.04 -
AVG          7.5.49.442    269.15.14/1100 2007-10-30  1.67 -
BitDefender 7.60825.937626  7.15645          2007-11-03  3.67 -
CA (VET)    8.4.0.24       31.2.5264       2007-11-03  0.80 -
ClamAV       0.91.2       4666             2007-11-03  0.02 -
Comodo       2.11          2.0.0.333       2007-11-03  0.79 -
Dr.WEB       4.44.0.9170    2007.11.03       2007-11-03  5.31 -
ewido       4.0.0.2       2007.11.02       2007-11-02  2.09 -
F-PROT       4.4.1.52       20071102       2007-11-02  1.93 JS/Agent.BL (exact)
F-SECURE    5.51.6100    2007.11.02.02    2007-11-02  4.13 -
飞塔          2.81-3.11    8.316          2007-11-02  1.84 -
ViRobot       20071102       2007.11.02       2007-11-02  0.67 -
IKARUS       T3.1.01.15    2007.11.03.69759  2007-11-03  1.63 -
江民杀毒    10.00.650    2007.11.01       2007-11-01  1.38 -
卡巴斯基    5.5.10       2007.11.03       2007-11-03  8.16 -
金山毒霸    2007.6.20.249 2007.11.2       2007-11-02  0.71 -
迈克菲       5.2.00       5155             2007-11-02  1.14 -
MKS_VIR       2.01          2007.11.03       2007-11-03  2.93 -
NOD32       2.70.10       2636             2007-11-03  0.01 -
NORMAN       5.91.08       5.90             2007-11-02  3.76 -
熊猫卫士    9.04.03.0001 2007.11.03       2007-11-03  2.56 -
趋势          8.500-1001    4.810.15       2007-11-03  0.04 JS_PSYME.BBS
Prevx       V2             20071103       2007-11-03  12.80  -
QuickHeal    9.00          2007.11.03       2007-11-03  2.13 -
瑞星          19.0          20.16.50.00    2007-11-03  0.54 -
SOPHOS       2.49.1       4.21             2007-11-03  5.76 -
赛门铁克    1.3.0.24       20071102.016    2007-11-02  0.18 -
nProtect    2007-11-03.00 1019615          2007-11-03  7.99 -
The Hacker    6.2.9          v00110          2007-10-26  1.42 -
VBA32       3.12.2.4       20071103.0757    2007-11-03  1.46 -
VirusBuster 4.3.19:9       9.113.10/11.0    2007-11-03  3.77 -

[ 本帖最后由小飞侠.net 于 2007-11-4 00:09 编辑 ]

显示全部楼层 · 发表于 2007-11-4 00:13:54

ki那个我记得分析过我找找

http://down.18dd.net/bb/014.exe

[ 本帖最后由 jimmyleo 于 2007-11-4 00:20 编辑 ]

显示全部楼层 · 发表于 2007-11-4 00:17:04

dl会下这个 http://www.v180.net/mm/mm.exe

显示全部楼层 · 发表于 2007-11-4 00:22:51

fil在这方面还是蛮有造诣的

显示全部楼层 · 发表于 2007-11-4 00:32:15

这些时间收Google的关键字邮件，老是遇上利用新漏洞的毒站～～

显示全部楼层 · 发表于 2007-11-4 00:35:41

这边有，霏凡那边不知搞什么，我下载不了附件

显示全部楼层 · 发表于 2007-11-4 00:43:12

原帖由 dikex 于 2007-11-4 00:35 发表
这边有，霏凡那边不知搞什么，我下载不了附件

这边回帖速度快

显示全部楼层 · 发表于 2007-11-4 01:29:09

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\ki[1].htm'
C:\Users\morgan\Documents\
  ki[1].htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Dldr.Agen.E.32
   [INFO]    The file was deleted!
Begin scan in 'C:\Users\morgan\Documents\dl[1].js'
C:\Users\morgan\Documents\
  dl[1].js

显示全部楼层 · 发表于 2007-11-4 06:58:53

他利用iexplore.exe，下載了20隻病毒

[ 本帖最后由 a256886572008 于 2007-11-4 07:01 编辑 ]

显示全部楼层 · 发表于 2007-11-4 07:07:18

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\dload.rar'
C:\Users\morgan\Documents\
  dload.rar
[0] Archive type: RAR
--> 0.exe
      [DETECTION] Is the Trojan horse TR/Delf.IUA.2
      [WARNING] Infected files in archives cannot be repaired!
--> 1.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.22376
      [WARNING] Infected files in archives cannot be repaired!
--> 2.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqg
      [WARNING] Infected files in archives cannot be repaired!
--> 3.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.23906
      [WARNING] Infected files in archives cannot be repaired!
--> 4.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.20842
      [WARNING] Infected files in archives cannot be repaired!
--> 5.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 6.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 7.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gis
      [WARNING] Infected files in archives cannot be repaired!
--> 8.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 9.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqb
      [WARNING] Infected files in archives cannot be repaired!
--> 10.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqj
      [WARNING] Infected files in archives cannot be repaired!
--> 11.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.grj
      [WARNING] Infected files in archives cannot be repaired!
--> 12.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.grh
      [WARNING] Infected files in archives cannot be repaired!
--> 13.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gri
      [WARNING] Infected files in archives cannot be repaired!
--> 14.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 15.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gie
      [WARNING] Infected files in archives cannot be repaired!
--> 16.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqn
      [WARNING] Infected files in archives cannot be repaired!
--> 17.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqo
      [WARNING] Infected files in archives cannot be repaired!
--> 18.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.grg
      [WARNING] Infected files in archives cannot be repaired!
--> 19.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.21346
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    The file was deleted!

End of the scan: 2007年11月3日  16:07
Used time: 01:18 min

The scan has been done completely.

   0 Scanning directories
   21 Files were scanned
   20 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   20 Warnings
   0 Notes

[病毒样本] 在线的来查查看～～全过哦？

本帖子中包含更多资源

回复 2楼 jimmyleo 的帖子

本帖子中包含更多资源

浏览过的版块