Threat Spotlight: "A String of Paerls"

显示全部楼层 · 发表于 2014-7-9 09:30:24

http://blogs.cisco.com/security/a-string-of-paerls/
http://vrt-blog.snort.org/2014/0 ... of-paerls-part.html

显示全部楼层 · 发表于 2014-7-9 09:37:10

显示全部楼层 · 发表于 2014-7-9 09:40:30

火绒

Huorong Network Security Suite v2.5.0.19 (Last update: 2014-07-08 15:47)
Copyright (C) Huorong Security Lab. All rights reserved.

Scan started on 2014-07-09 09:36:50

E:\下载\新建文件夹\16de397d64d7de2305eef4f0977b6e9f3cf60a168ee7db2ae8f160ff004f1765 X97M/DL.Agent
E:\下载\新建文件夹\1a4467339ddcd952dbfd896624d07ea67c236fa71a372fb073652eb0f9768e7d X97M/DL.Agent
E:\下载\新建文件夹\2568a39e5c48513d23cc4f0b37601362696e8cf69cc3f0ad9beed22f3df623b2 X97M/DL.Agent
E:\下载\新建文件夹\2bed9b4f1ca797982585ce4a24c452f9fd3fc29fab3657bd826faa108770d5ce X97M/DL.Agent
E:\下载\新建文件夹\383a09fccae8b1394c372c98c727061fa8abe351416f5a595d6bc26d0343d349 X97M/DL.Agent
E:\下载\新建文件夹\4b7e4f4d088a0489a90214a2151021546c824bd227ff0420f9d0c9ffc5bdd113 X97M/DL.Agent
E:\下载\新建文件夹\5aaec7072f097c86800d35288ea8ee296b50ff55976cdf080efcf424ed5b293f X97M/Ledod
E:\下载\新建文件夹\5be3ef36567271299d658529b889bdb8c83f07b6bc6ff4bd2a92ccfbce15c781 X97M/Ledod
E:\下载\新建文件夹\65aef52741602b9a8cea97d9bd70027d6a303ac6f689d0c02a03fa649b5270ee X97M/DL.Agent
E:\下载\新建文件夹\85bfde332657dc588fbe25d350cfbc1bf89ca831e6b9c335c534ad66d6efc2dc X97M/DL.Agent
E:\下载\新建文件夹\8dd00867daa965908826a801a08124ff269fcc2614055891ea7cff35e752d0c8 X97M/DL.Agent
E:\下载\新建文件夹\9f620738782b5ba75df8548568be21c74b84705d86051c874685e38c5f5a0e10 X97M/Ledod

Scan ended on 2014-07-09 09:36:52

Time: 2 second(s). [00:00:02]
Objects scanned: 0
Malware found: 12

清除12X，剩10X

清除后的：

显示全部楼层 · 发表于 2014-7-9 09:59:38

费尔
D:\桌面\新建文件夹\18a604c2721611e9982f8c3edd0975076b1fe51969497880b9045372e80959fa Injector.DKU.ghzp 病毒只报告
D:\桌面\新建文件夹\5840731e7d03c39287ae3046b0ae68cacf99cb942f8b37a7cbb769e4e8edd0fa Backdoor.Androm.edsu.psge 后门只报告
D:\桌面\新建文件夹\6c902c62b14a29d5d42a6a342dc4befb537075efe3dcb03045740c217f947fb9 Backdoor.Androm.duin.xvjv 后门只报告
D:\桌面\新建文件夹\ad80e4d0e9b8bae2cd653f68d43750f61113c0d1ef9b09373ed70abb3626c9c5 Trojan.Inject.ndtc.vezr 木马只报告
D:\桌面\新建文件夹\af4e4b3592a65519741a5628fb9b09a772c28e9cb27227153a4f5e0b071d1398 Injector.DMP.svcj 病毒只报告
D:\桌面\新建文件夹\f9b4579d428ca0a6be7aff8fa356f4590ce377d7a48a3a56ae6d9eb0d7a42934 TrojanDldr.Wauchos.A.hmee 木马只报告

显示全部楼层 · 发表于 2014-7-9 10:34:31

360杀毒扫描日志

病毒库版本：
扫描时间：2014-07-09 10:34:08
扫描用时：00:00:06
扫描类型：右键扫描
扫描文件总数：22
项目总数：10
清除项目数：10

扫描选项
----------------------
扫描所有文件：是
扫描压缩包：是
发现病毒处理方式：由用户选择处理
扫描磁盘引导区：是
扫描 Rootkit：否
使用云查杀引擎：是
使用QVM人工智能引擎：是
扫描建议修复项：否
常规引擎设置：未使用

扫描内容
----------------------
C:\Documents and Settings\Administrator\桌面\新建文件夹

白名单设置
----------------------

扫描结果
======================
高危风险项
----------------------
C:\Documents and Settings\Administrator\桌面\新建文件夹\18a604c2721611e9982f8c3edd0975076b1fe51969497880b9045372e80959fa HEUR/Malware.QVM03.Gen 已删除
C:\Documents and Settings\Administrator\桌面\新建文件夹\58b49802b53b4ab8556d5dac487d4b95296dd4ee268a7eb37d467d904129299b HEUR/Malware.QVM03.Gen 已删除
C:\Documents and Settings\Administrator\桌面\新建文件夹\5840731e7d03c39287ae3046b0ae68cacf99cb942f8b37a7cbb769e4e8edd0fa HEUR/Malware.QVM03.Gen 已删除
C:\Documents and Settings\Administrator\桌面\新建文件夹\6c902c62b14a29d5d42a6a342dc4befb537075efe3dcb03045740c217f947fb9 HEUR/Malware.QVM03.Gen 已删除
C:\Documents and Settings\Administrator\桌面\新建文件夹\97be1b30dccc33a73980ad166d04e563d8a57df2ea184c411eb91d166593b699 HEUR/Malware.QVM03.Gen 已删除
C:\Documents and Settings\Administrator\桌面\新建文件夹\9e7875c84afa98acb6d240a327dd0a8dd20a37480d0bd90752c14e6b11c58395 HEUR/Malware.QVM03.Gen 已删除
C:\Documents and Settings\Administrator\桌面\新建文件夹\ad80e4d0e9b8bae2cd653f68d43750f61113c0d1ef9b09373ed70abb3626c9c5 HEUR/Malware.QVM03.Gen 已删除
C:\Documents and Settings\Administrator\桌面\新建文件夹\8f573a74b71d6db58e129c9ec08c93c151a10c289e22af76886cec412d937e07 HEUR/Malware.QVM03.Gen 已删除
C:\Documents and Settings\Administrator\桌面\新建文件夹\f9b4579d428ca0a6be7aff8fa356f4590ce377d7a48a3a56ae6d9eb0d7a42934 HEUR/Malware.QVM03.Gen 已删除
C:\Documents and Settings\Administrator\桌面\新建文件夹\af4e4b3592a65519741a5628fb9b09a772c28e9cb27227153a4f5e0b071d1398 HEUR/Malware.QVM03.Gen 已删除

显示全部楼层 · 发表于 2014-7-9 10:40:57

小a干掉10x

显示全部楼层 · 发表于 2014-7-9 11:23:10

包含12个文档，bav和巡警均检出9个，bav内部版修复成功9个、
剩下10个pe文件
巡警启发清空
bav云清空。

显示全部楼层 · 发表于 2014-7-9 12:06:23

显示全部楼层 · 发表于 2014-7-9 22:01:09

Dr.Web

1a4467339ddcd952dbfd896624d07ea67c236fa71a372fb073652eb0f9768e7d - infected with W97M.DownLoader.16
5840731e7d03c39287ae3046b0ae68cacf99cb942f8b37a7cbb769e4e8edd0fa - is hacktool program Tool.PassView.849
18a604c2721611e9982f8c3edd0975076b1fe51969497880b9045372e80959fa - infected with Trojan.DownLoader10.20382
58b49802b53b4ab8556d5dac487d4b95296dd4ee268a7eb37d467d904129299b - infected with BackDoor.Andromeda.22
6c902c62b14a29d5d42a6a342dc4befb537075efe3dcb03045740c217f947fb9 - is hacktool program Tool.PassView.849

97be1b30dccc33a73980ad166d04e563d8a57df2ea184c411eb91d166593b699 - is hacktool program Tool.PassView.859
8f573a74b71d6db58e129c9ec08c93c151a10c289e22af76886cec412d937e07 - infected with BackDoor.Comet.1439
9e7875c84afa98acb6d240a327dd0a8dd20a37480d0bd90752c14e6b11c58395 - infected with Trojan.Betabot.3
ad80e4d0e9b8bae2cd653f68d43750f61113c0d1ef9b09373ed70abb3626c9c5 - is hacktool program Tool.PassView.849
af4e4b3592a65519741a5628fb9b09a772c28e9cb27227153a4f5e0b071d1398 - infected with Trojan.AVKill.21448

f9b4579d428ca0a6be7aff8fa356f4590ce377d7a48a3a56ae6d9eb0d7a42934 - infected with Trojan.Inject1.42290

Others are sent to Dr.Web

显示全部楼层 · 发表于 2014-7-10 11:58:56

费尔报9个，火绒11个，还剩11个

[病毒样本] Threat Spotlight: "A String of Paerls"

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块