毒网继续挖出39个

显示全部楼层 · 发表于 2007-11-17 23:29:47

原帖由 EQ2 于 2007-11-17 22:55 发表
其实是两种方案。。。。。。一种是根据目前nod32的查杀方式改进而来。。。另外一种是norman的sandbox+微点联想起来的。。。。

虚拟机+行为分析？当前NOD32不就是这样的方式么？

显示全部楼层 · 发表于 2007-11-18 00:00:18

其实，到底是什么新方式？

显示全部楼层 · 发表于 2007-11-18 10:43:48

Scan Log
Version of virus signature database: 2665 (20071117)
Date: 2007-11-18 Time: 10:43:08
Scanned disks, folders and files: G:\V\样本.rar
Number of scanned objects: 40
Number of threats found: 35
Time of completion: 10:43:15 Total scanning time: 7 sec (00:00:07)
Notes:
[7] Object is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-11-18 14:29:01

江民30个，17日病毒库

显示全部楼层 · 发表于 2007-11-18 14:54:09

Remaining issues:Object Name Threat Name Final Status
D:\My Downloads\病毒样本\样本.rar=]rsmyhpm.dll BehavesLike:Trojan.WUDisable Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]ratbjpi.dll BehavesLike:Trojan.WUDisable Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]kvdxjma.dll BehavesLike:Trojan.WUDisable Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]kawdezy.dll BehavesLike:Trojan.WUDisable Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]avwldmn.dll BehavesLike:Trojan.WUDisable Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]avwgemn.dll BehavesLike:Trojan.WUDisable Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]svchost.exe BehavesLike:Win32.Malware Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]kawdeaz.exe DeepScan:Generic.Dld.Agent.3E7C74DD Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]kaqhiaz.exe DeepScan:Generic.Dld.Agent.85CBE3C0 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]ratbjtl.exe DeepScan:Generic.Dld.Agent.C6976C43 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]rsmyhsp.exe DeepScan:Generic.Dld.Agent.EFBB02C6 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]kvdxjis.exe DeepScan:Generic.Dld.Agent.F873B4C1 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]SVCCtrl01.dll DeepScan:Generic.Onlinegames.2.4A89EA46 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]cmdbcs.dll DeepScan:Generic.PWS.Games.1.644FE617 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]swchost.exe DeepScan:Generic.PWS.Games.4.73E2536B Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]a5.exe DeepScan:Generic.PWS.Games.4.752ACC73 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]a12.exe DeepScan:Generic.PWS.Games.4.876645D2 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]KVBatch01.dll DeepScan:Generic.PWS.Games.4.8785A033 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]IGM.exe DeepScan:Generic.PWS.Games.4.F7393576 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]asvliuliu32.dll DeepScan:Generic.PWS.WoW.4BD23E2C Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]ad.exe Dropped:Trojan.Exploit.Dcomrpc.AW Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]LYLOADER.EXE Dropped:Trojan.PWS.Onlinegames.AVH Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]avwldst.exe Generic.Malware.SBdldg.42BA139F Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]avwgest.exe Generic.Malware.SBdldg.FEA7C8CF Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]MSDEG32.DLL Generic.PWS.Games.3.9AA6D727 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]cmdbcs.exe Generic.PWS.Games.4.D5625D23 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]glrxekpvaf.dll Generic.PWS.WoW.02019683 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]svcos.exe Generic.PWStealer.BCAE606D Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]SysWin7k.Jmp Generic.PWStealer.E458EC26 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]608769MM.DLL Trojan.Generic.70804 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]608769WL.DLL Trojan.Generic.70904 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]a17.exe Trojan.Generic.73373 Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]REGKEY.hiv Trojan.PWS.Onlinegames.AVH Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]scvhost.exe Trojan.Spy.Pcapbased.A Delete Failed (file was in an archive)
D:\My Downloads\病毒样本\样本.rar=]Wn_Sys8x.Sys Win32.Worm.Autorun.FF Delete Failed (file was in an archive)

显示全部楼层 · 发表于 2007-11-18 15:00:55

nod 35个

显示全部楼层 · 发表于 2007-11-18 15:08:48

DR WEB 34个
样本.rar\Wn_Sys8x.Sys;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Lineage.origin;;
样本.rar\SysWin7k.Jmp;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Qqpass.origin;;
样本.rar\swchost.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;可能 MULDROP.Trojan;;
样本.rar\svcos.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.origin;;
svchost.exe\data001;C:\Documents and Settings\Johnny\桌面\样本.rar\svchost.exe;Trojan.Sniff;;
svchost.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;发现档案文件中有受感染的对象;;
样本.rar\scvhost.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.Sniff;;
样本.rar\rsmyhsp.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5633;;
样本.rar\rsmyhpm.dll;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5633;;
样本.rar\ratbjtl.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5662;;
样本.rar\ratbjpi.dll;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5662;;
样本.rar\LYMANGR.DLL;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Wsgame.origin;;
样本.rar\LYLOADER.EXE;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.DownLoader.origin;;
样本.rar\kvdxjma.dll;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5663;;
样本.rar\kvdxjis.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5663;;
样本.rar\KVBatch01.dll;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5630;;
样本.rar\kawdezy.dll;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.origin;;
样本.rar\kawdeaz.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5662;;
样本.rar\kaqhiaz.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5664;;
样本.rar\IGM.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Legmir.1964;;
样本.rar\glrxekpvaf.dll;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Wow.origin;;
样本.rar\cmdbcs.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Wsgame.1964;;
样本.rar\cmdbcs.dll;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Wsgame.1963;;
样本.rar\avwldst.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5581;;
样本.rar\avwldmn.dll;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5581;;
样本.rar\avwgest.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5672;;
样本.rar\avwgemn.dll;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5672;;
样本.rar\asvliuliu32.dll;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Wow.origin;;
样本.rar\ad.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Win32.HLLW.Rubbish;;
样本.rar\a17.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Gamania.5517;;
样本.rar\a12.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.DownLoader.36508;;
样本.rar\a5.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.MulDrop.9564;;
样本.rar\a3.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.DownLoader.origin;;
样本.rar\a1.exe;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.Packed.194;;
样本.rar\608769MM.DLL;C:\Documents and Settings\Johnny\桌面\样本.rar;Trojan.PWS.Legmir.1964;;
样本.rar;C:\Documents and Settings\Johnny\桌面;发现档案文件中有受感染的对象;已重命名。;

显示全部楼层 · 发表于 2007-11-18 15:11:08

AVG 6个。。
VG Anti-Spyware - 扫描报告
---------------------------------------------------------

+ 创建时间: 15:14:44 2007-11-18

+ 扫描结果:

C:\Documents and Settings\Johnny\桌面\样本.#ar/asvliuliu32.dll -> Downloader.Agent.bhc : 未进行操作.
C:\Documents and Settings\Johnny\桌面\样本.#ar/svcos.exe -> Logger.Delf.aql : 未进行操作.
C:\Documents and Settings\Johnny\桌面\样本.#ar/scvhost.exe -> Logger.Pcap.a : 未进行操作.
C:\Documents and Settings\Johnny\桌面\样本.#ar/avwgest.exe -> Trojan.OnLineGames.eza : 未进行操作.
C:\Documents and Settings\Johnny\桌面\样本.#ar/rsmyhsp.exe -> Trojan.OnLineGames.fyp : 未进行操作.
C:\Documents and Settings\Johnny\桌面\样本.#ar/kaqhiaz.exe -> Trojan.OnLineGames.gih : 未进行操作.

::报告结束

显示全部楼层 · 发表于 2007-11-18 15:14:59

费尔20个

显示全部楼层 · 发表于 2007-11-18 18:21:22

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Worm.Win32.PaBug.dr
病毒： Worm.Win32.PaBug.dr
病毒： Trojan.PSW.Win32.LMir.yyn
病毒： Trojan.PSW.Win32.GameOnline.agl
病毒： Trojan.Win32.Mnless.zhs
病毒： Trojan.PSW.Win32.GameOnline.afu
病毒： Backdoor.Win32.Agent.yff
病毒： Trojan.PSW.Win32.XYOnline.sf
病毒： Trojan.PSW.Win32.RocOnline.hv
病毒： Trojan.PSW.Win32.LMir.yyr
病毒： Trojan.PSW.Win32.GameOnline.agd
病毒： Trojan.PSW.Win32.XYOnline.se
病毒： Trojan.PSW.Win32.XYOnline.sr
病毒： Trojan.PSW.Win32.XYOnline.sr
病毒： Trojan.PSW.Win32.XYOnline.sn
病毒： Trojan.PSW.Win32.XYOnline.sn
病毒： Trojan.PSW.Win32.GameOnline.aem
病毒： Trojan.PSW.Win32.AskTao.eo
病毒： Trojan.PSW.Win32.NSword.ck
病毒： Trojan.PSW.Win32.WoWar.uz
病毒： Trojan.PSW.Win32.WoWar.afg
病毒： Trojan.PSW.Win32.GameOnline.abf
病毒： Trojan.PSW.Win32.GameOnline.abc
病毒： Trojan.PSW.Win32.GameOnline.aax
病毒： Trojan.PSW.Win32.GameOnline.aaz
病毒： Trojan.PSW.Win32.GameOnline.agz
病毒： Trojan.PSW.Win32.GameOnline.aiw
病毒： Trojan.PSW.Win32.GameOnline.aix
病毒： Trojan.Win32.Mnless.zgw
病毒： Trojan.PSW.Win32.QQSG.aa
病毒： Trojan.PSW.Win32.GameOnline.aen
病毒： Trojan.PSW.Win32.XYOnline.sv
病毒： Trojan.PSW.Win32.Agent.vph
病毒： Trojan.PSW.Win32.LMir.yyn
病毒： Trojan.PSW.Win32.LMir.yym

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.18.61

[病毒样本] 毒网继续挖出39个

59/37