3个

显示全部楼层 · 发表于 2007-11-21 19:08:31

瑞星病毒分析上面的

这是一个蠕虫病毒,采用FSG 2.0 -> bart/xt进行保护
病毒运行后,先将四串加密后的字符串进行解密,得到如下的网址:http://218.61.17.233/haohao.exe,http://218.61.17.233/wei.exe
http://218.61.17.233/weiwei.exe,http://218.61.17.233/11.exe.然后利用GetSystemDirectory得到%SYSTEM32%目录.病毒遍历当前系统进程,查找 "360tray.exe","360safe.exe","runiep.exe","avp.exe"一旦发现这四个进程存在,则利用OpenProcess得到该进程的句柄,再使用TerminateProcess将进程关闭.

http://218.61.17.233/haohao.exe
http://218.61.17.233/wei.exe (貌似失效)
http://218.61.17.233/weiwei.exe
http://218.61.17.233/11.exe

显示全部楼层 · 发表于 2007-11-21 19:28:51

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Win32.Downloader.n

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.19.21

显示全部楼层 · 发表于 2007-11-21 21:34:55

McAfee 报了2个！
weiwei.exe PWS-LegMir
haohao.exe W32/Autorun.worm.f

显示全部楼层 · 发表于 2007-11-21 21:45:33

ESS一个

显示全部楼层 · 发表于 2007-11-22 02:19:16

Roboon：木马名称:Backdoor.Win32.GreyPigeon.bao

程序:
C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8MZH4FWI\HAOHAO[1].EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2007-11-22 03:43:48

Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD\weiwei.exe'
C:\TDDOWNLOAD\
  weiwei.exe
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
   [INFO]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\11.exe'
C:\TDDOWNLOAD\
  11.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Delf.Symu Backdoor server programs
   [INFO]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\haohao.exe'
C:\TDDOWNLOAD\
  haohao.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [INFO]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\wei.exe'
C:\TDDOWNLOAD\
  wei.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was deleted!

End of the scan: 2007年11月21日  11:43
Used time: 00:05 min

The scan has been done completely.

   0 Scanning directories
   4 Files were scanned
   4 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   4 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-11-22 11:07:45

detected: Trojan program Backdoor.Win32.Hupigon.ywg URL: http://218.61.17.233/haohao.exe//PE_Patch
detected: Trojan program Backdoor.Win32.Delf.cgk URL: http://218.61.17.233/weiwei.exe//ASPack

显示全部楼层 · 发表于 2007-11-22 11:11:33

毒霸和瑞星都只报一个。

显示全部楼层 · 发表于 2007-11-22 18:24:38

小A： Win32:Delf-GAM

[病毒样本] 3个

一个未杀！

本帖子中包含更多资源

浏览过的版块