2014-08-18 #32

显示全部楼层 · 发表于 2014-8-19 04:02:35

http://kuai.xunlei.com/d/XLDoFPm6R1ryUwQA103 / http://rghost.net/private/575427 ... 398b271e95b4c21f0f9 / https://folders.io/get/ABNUAc

密码 infected

已将以下杀软漏报的文件上报至对应厂商:

Anvisoft
Avast
Avira
BitDefender
Comodo
Dr.Web
Emsisoft
ESET
F-Prot
F-Secure
Fortinet
Ikarus
Immunet
K7
Kaspersky
Kompas
Malwarebytes
McAfee
Microsoft
Nano
Nictatech
Outpost
Panda
PCMAV
Qihoo 360
Quick Heal
Sophos
Spybot
Symantec
TotalDefense
Trend Micro
Trojan Killer
Twister
Vipre
VirIT
Xvirus
Zillya

显示全部楼层 · 发表于 2014-8-19 04:28:56

凑巧楼主刚发文章，马上试了一下。ess7杀27个，剩余6个文件打包上传2个世界杀毒网，依然报毒。
剩余文件测试
http://r.virscan.org/report/a06d5864e55431b847acf37d5d92bc58
https://www.virustotal.com/en/file/fed300ebf9653687bd40ed2b3840687b7191702e6887aa6b79e5b80f502fe00a/analysis/1408393573/

显示全部楼层 · 发表于 2014-8-19 04:37:45

360TS（自家引擎）

显示全部楼层 · 发表于 2014-8-19 08:32:47

火绒，kill 4X，剩28X，TO

Huorong Network Security Suite v2.5.0.35 (Last update: 2014-08-18 15:46)
Copyright (C) Huorong Security Lab. All rights reserved.

Scan started on 2014-08-19 08:30:16

E:\下载\2014-08-18_32\8.exe Backdoor/Xbot
E:\下载\2014-08-18_32\ogwiq.exe DEEP:VirTool/Obfuscator.gen!A
E:\下载\2014-08-18_32\s.exe Trojan/KillAV
E:\下载\2014-08-18_32\server.exe GEN:Backdoor/Fynloski

Scan ended on 2014-08-19 08:30:22

Time: 6 second(s). [00:00:06]
Objects scanned: 0
Malware found: 4

显示全部楼层 · 发表于 2014-8-19 09:42:04

本帖最后由 Dust-;羅錠于 2014-8-19 10:06 编辑

Dr.Web扫描检测出29x.

C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\athena.exe - infected with Trojan.DownLoader11.27834
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\8.exe - infected with Trojan.DownLoader11.23121
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\ca2yjrhygrfgf.exe - infected with Trojan.PWS.Stealer.13174
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\Bla.exe - infected with Trojan.PWS.Panda.7634
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\bnew.exe - infected with Win32.HLLW.Autoruner2.1926
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\and.exe - infected with Trojan.Hottrend
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\coejock.exe - infected with Win32.HLLW.Autoruner.25074
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\egtmm.exe - infected with Trojan.Encoder.514
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\dqnew.exe - infected with Win32.HLLW.Autoruner2.1926
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\canada2.exe - is hacktool program Tool.PassView.849
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\canada1.exe - infected with Trojan.PWS.Panda.4795
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\Notification.scr - infected with Trojan.DownLoader11.27728
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\order-2947-8.17.2014.pdf - infected with Exploit.PDF.8440
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\ogwiq.exe - infected with Trojan.PWS.Stealer.3277
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\adlad.scr - infected with Trojan.PWS.Panda.655
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\nature.jpg - infected with Trojan.Betabot.3
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\olisa.exe - is hacktool program Tool.PassView.859
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\s.exe - infected with Trojan.DownLoader11.8737
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\ng.exe - infected with BackDoor.IRC.NgrBot.42
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\Purchase Order.exe - infected with Trojan.PWS.Stealer.13173
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\Purchase-Order.exe - infected with Trojan.PWS.Stealer.13173
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\purchase-order (1).exe - infected with Trojan.PWS.Stealer.13173
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\Roblox lvl 2 Exploit.exe - infected with BackDoor.Comet.1783
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\server.exe - infected with BackDoor.Comet.1783
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\truth.exe - infected with Trojan.PWS.Panda.7633
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\IMG_067.scr - infected with BackDoor.Comet.1783
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\LaCrypt_Plasma_.exe - infected with BackDoor.Comet.1783
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\zpm.exe - infected with Trojan.Hottrend
C:\Users\lin\Downloads\2014-08-18_32\2014-08-18_32\aw.EXE\s.exe - infected with Trojan.DownLoader11.8737

Total 13591962 bytes in 32 files scanned (34 objects, 1 container)
Total 3 files (4 objects) are clean
Total 29 files are infected
Total 29 files are neutralized

扫描剩余3x，沙盘内双击，DPH干掉DarkAngle+.exe.

显示全部楼层 · 发表于 2014-8-19 10:10:13

Dust-;羅錠发表于 2014-8-19 09:42
Dr.Web扫描检测出29x.

大大又换蜘蛛了啊。。看来也是得吃药。

显示全部楼层 · 发表于 2014-8-19 10:44:25

avast2015双击杀了好多
貌似是病毒库延迟的原因
剩8个

显示全部楼层 · 发表于 2014-8-19 10:51:14

卡巴 kill 8

显示全部楼层 · 发表于 2014-8-19 11:08:54

N360只有5个文件不能通过文件信誉判别，已提交

显示全部楼层 · 发表于 2014-8-19 11:11:06

欧阳宣发表于 2014-8-19 11:08
N360只有5个文件不能通过文件信誉判别，已提交

感觉诺顿的文件智能分析快变成大杀器了

[病毒样本] 2014-08-18 #32

本帖子中包含更多资源

本帖子中包含更多资源