N只肉鸡上的样本

gzg

大家扫扫看

jimmyleo

D:\Download\Scan\桌面\桌面\1.exe - Signature 'Backdoor.Win32.HacDef.073.B' found
D:\Download\Scan\桌面\桌面\12.EXE - Signature 'Packed.Win32.Klone.af' found
D:\Download\Scan\桌面\桌面\2008.exe - Signature 'Trojan-PWS.Win32.Lmir' found
D:\Download\Scan\桌面\桌面\autorun.inf
D:\Download\Scan\桌面\桌面\Down(0).exe - Signature 'Trojan-PWS.Win32.Agent.iu' found
D:\Download\Scan\桌面\桌面\Down(1).exe - Signature 'Trojan-PWS.Win32.QQPass.pb' found
D:\Download\Scan\桌面\桌面\iexplore.exe - Signature 'Trojan-PWS.Win32.QQPass.pb' found
D:\Download\Scan\桌面\桌面\key - Signature 'Virus.Packed.Win32.Klone.af' found
D:\Download\Scan\桌面\桌面\mysetup1020.exe
D:\Download\Scan\桌面\桌面\ohlala.exe - Signature 'Backdoor.Pigeon.805' found
D:\Download\Scan\桌面\桌面\servic.exe - Signature 'Virus.Win32.Hupigon.FGX' found
D:\Download\Scan\桌面\桌面\setupol0165.exe - Signature 'Trojan-PWS.Win32.Lmir' found
D:\Download\Scan\桌面\桌面\snow.exe - Signature 'not-a-virus:AdWare.Win32.Boran.z' found
D:\Download\Scan\桌面\桌面\uusee.exe - Signature 'Trojan-Spy.Win32.Banker.bxq' found

        14 Files scanned
          (0 Archives with 0 files)
        12 Signatures found
        0 Suspect code-parts found
        Used time: 0:07.223

wangjay1980

detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\×ÀÃæ\×ÀÃæ\1.exe//ExeStealth//Expressor           
detected: Trojan program Trojan.Win32.Agent.cxn        File: C:\Documents and Settings\Owner\×ÀÃæ\×ÀÃæ\×ÀÃæ\12.EXE//NSPack
detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\×ÀÃæ\×ÀÃæ\Down(0).exe
detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\×ÀÃæ\×ÀÃæ\Down(1).exe
detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\×ÀÃæ\×ÀÃæ\iexplore.exe
detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\×ÀÃæ\×ÀÃæ\ohlala.exe//PE_Patch.AvSpoof
detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\×ÀÃæ\×ÀÃæ\servic.exe
detected: virus Heur.Worm.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\×ÀÃæ\×ÀÃæ\snow.exe//ExeStealth
detected: virus Heur.Downloader (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\×ÀÃæ\×ÀÃæ\uusee.exe//PE_Patch.PECompact//PecBundle//PECompact

jimmyleo

D:\Download\Scan\桌面\桌面\1.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [INFO]      A backup was created as '47bb9db9.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
D:\Download\Scan\桌面\桌面\12.EXE
      [DETECTION] Is the Trojan horse TR/Agent.12288.D
      [INFO]      A backup was created as '47849dbd.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
D:\Download\Scan\桌面\桌面\2008.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47869dbb.qua'!
D:\Download\Scan\桌面\桌面\Down(1).exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47cd9dfa.qua'!
D:\Download\Scan\桌面\桌面\iexplore.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47ce9df0.qua'!
D:\Download\Scan\桌面\桌面\key
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/SVKP). Please verify the origin of the file
      [INFO]      A backup was created as '47c19de7.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
D:\Download\Scan\桌面\桌面\mysetup1020.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Cdn.B.1
      [INFO]      A backup was created as '47c99e04.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
D:\Download\Scan\桌面\桌面\ohlala.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Graybird.GN.275456 Backdoor server programs
      [INFO]      A backup was created as '47c29df3.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
D:\Download\Scan\桌面\桌面\servic.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      A backup was created as '47c89df0.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
D:\Download\Scan\桌面\桌面\setupol0165.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47ca9df1.qua'!
D:\Download\Scan\桌面\桌面\snow.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [INFO]      A backup was created as '47c59dfa.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
D:\Download\Scan\桌面\桌面\uusee.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      A backup was created as '47c99e01.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!

sam.to

已隔離: 病毒 Heur.Trojan.Generic (修改)        檔案: C:\Documents and Settings\kato9096\桌面\桌面\桌面\桌面\1.exe//ExeStealth//Expressor           
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.cxn        檔案: C:\Documents and Settings\kato9096\桌面\桌面\桌面\桌面\12.EXE//NSPack
已隔離: 病毒 Heur.Trojan.Generic (修改)        檔案: C:\Documents and Settings\kato9096\桌面\桌面\桌面\桌面\Down(1).exe
已隔離: 病毒 Heur.Trojan.Generic (修改)        檔案: C:\Documents and Settings\kato9096\桌面\桌面\桌面\桌面\iexplore.exe
已隔離: 病毒 Heur.Downloader (修改)        檔案: C:\Documents and Settings\kato9096\桌面\桌面\桌面\桌面\uusee.exe//PE_Patch.PECompact//PecBundle//PECompact

4个变种,9个没报,已上报13个

[ 本帖最后由 kato9096 于 2007-12-5 20:53 编辑 ]

gogo8989

不错，突破了我的规则，
先吧免疫autorun.inf文件夹改名为AnHao，然后在各盘下生成一个snow.exe不断创建
然后金山清理 360等用不起了，任务管理器打不开了，冰刀不能启动

007-12-05 21:23:54    创建文件      操作:阻止
进程路径:F:\迅雷和浏览器下载\____\桌面\桌面\snow.exe
文件路径:E:\autorun.inf



PS：还好俺开影子全盘保护，没穿

[ 本帖最后由 gogo8989 于 2007-12-5 22:01 编辑 ]

chenrui19930

MS比较强

uhthn2002

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 1022
Paranoia Database - 49642
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\Uhthn\Desktop\桌面

C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\1.exe - OK
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\12.EXE - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\2008.exe - Suspected MaliciousScope:WIN32.GENERIC.MALWARE.16
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\autorun.inf - Infected VIRUS.AUTORUN.12 - Deleted
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\Down(0).exe - Infected WIN32.BACKDOOR.HUPIGON.10 - Deleted
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\Down(1).exe - Infected WIN32.BACKDOOR.PROSTI.1 - Deleted
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\iexplore.exe - Infected WIN32.BACKDOOR.PROSTI.1 - Deleted
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\key - OK
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\mysetup1020.exe - Suspected MaliciousScope:WIN32.GENERIC.MALWARE.16
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\ohlala.exe - OK
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\servic.exe - OK
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\setupol0165.exe - Suspected MaliciousScope:WIN32.GENERIC.MALWARE.16
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\snow.exe - OK
C:\Documents and Settings\Uhthn\Desktop\桌面\桌面\uusee.exe - Suspected MaliciousScope:WIN32.GENERIC.MALWARE.16

14 Files scanned
4 Infected files found
5 Suspected files found
0 Files disinfected
4 Files deleted

LUKY

不说什么了，解压完了，什么都没有，我还以为是空的呢。

看看红伞的隔离区，我考，这么多！15个啊！

sam.to

Hello,

1.exe_ - Backdoor.Win32.Hupigon.abad,
Down(0).exe_ - Backdoor.Win32.Hupigon.aazx,
down(1).exe_ - Backdoor.Win32.Hupigon.aazy,
iexplore.exe_ - Backdoor.Win32.Hupigon.aazz,
key - Backdoor.Win32.Hupigon.abaa,
ohlala.exe_ - Backdoor.Win32.Hupigon.abab,
servic.exe_ - Backdoor.Win32.Hupigon.abac,
snow.exe_ - Virus.Win32.AutoRun.ajq,
uusee.exe_ - Trojan-Downloader.Win32.Delf.dgm

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

2008.exe_ - not-a-virus:AdWare.Win32.Agent.wy

This file is an Advertizing Tool, It's detection will be included in the next
update of extended databases set. See more info about
extended databases here: http://www.kaspersky.com/extraavupdates

autorun.inf, mysetup1020.exe_, setupol0165.exe_

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Vladimir Krylov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.