[病毒样本] 44

显示全部楼层 · 发表于 2008-1-20 12:41:22

http://bbs.kafan.cn/viewthread.php?tid=190885&extra=page%3D1
里的第一和第二个下载者挖的

显示全部楼层 · 发表于 2008-1-20 12:50:35

29
deleted: Trojan program Trojan-Downloader.Win32.Small.hsh File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\0.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan.Win32.Vaklik.eg File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\1.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.boy File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\10.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.boy File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\10[1].exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.onw File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\11.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.okn File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\12.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.oml File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\13.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\14.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\14[1].exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.odi File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\15.exe//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.oku File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\16.exe//#
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.owu File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\17.exe//FSG
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\18.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.omm File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\19.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.owf File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\2.exe//UPack
deleted: Trojan program Trojan.Win32.Vaklik.eb File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\20.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.owv File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\21.exe//FSG
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.omo File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\3.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.orb File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\4.exe//FSG
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.oku File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\5.exe//#
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ooy File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\6.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.okx File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\7.exe//#//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nis File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\8.exe//PE_Patch//UPack
deleted: virus Worm.Win32.Downloader.dq File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\down[1].exe//PE_Patch//UPack
deleted: virus Worm.Win32.Downloader.dq File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\usb32k.sys//PE_Patch//UPack
deleted: virus Worm.Win32.Downloader.dn File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\wxptdi.sys
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj File: c:\documents and settings\administrator\×ÀÃæ\virus\16.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj File: c:\documents and settings\administrator\×ÀÃæ\virus\5.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj File: c:\documents and settings\administrator\×ÀÃæ\virus\7.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2008-1-20 12:51:09

NOD~~~

其中两个解压错误了

显示全部楼层 · 发表于 2008-1-20 12:54:24

tart of the scan: 2008年1月20日  12:51

Starting the file scan:

Begin scan in 'C:\TEST\virus[1].part2.rar'
C:\TEST\virus[1].part2.rar
  [0] Archive type: RAR
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 1[1].exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 2.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 3.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.omo.7
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.bxd
  --> 4[1].exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oga.2
  --> 7.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.nis.2
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 10[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.Lmir.boy.22
  --> 11.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku.4
  --> 12.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oiv.2
   [INFO]    The file was moved to '4804d3ba.qua'!
Begin scan in 'C:\TEST\virus[1].part3.rar'
C:\TEST\virus[1].part3.rar
  [0] Archive type: RAR
  --> 13.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.omf
  --> 14.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    The file was moved to '4804d3bb.qua'!
Begin scan in 'C:\TEST\virus[1].part1.rar'
C:\TEST\virus[1].part1.rar
  [0] Archive type: RAR
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.147
  --> 15[1].exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 16.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 17.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 17[1].exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 18.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku.1
  --> 19.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 19[1].exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 20.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 20[1].exe
   [DETECTION] Contains suspicious code HEUR/Crypted
  --> 21.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 21[1].exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> down[1].exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> usb32k.sys
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> wxptdi.sys
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
   [INFO]    The file was moved to '4804d3bd.qua'!

End of the scan: 2008年1月20日  12:51
Used time: 00:10 min

The scan has been done completely.

   0 Scanning directories
   49 Files were scanned
   23 viruses and/or unwanted programs were found
   8 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   3 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   26 Files not concerned
   3 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-20 12:55:21

很多的尸体

Hello,

11[1].exek - Trojan-Downloader.Win32.ConHook.jh,
13[1].exek - Trojan-Downloader.Win32.Zlob.gef,
16[1].exek - Trojan-Downloader.Win32.Zlob.geg,
17[1].exek, 21[1].exek, 4[1].exek - Trojan.Win32.Pakes.bzp,
18[1].exek - Trojan-Downloader.Win32.Zlob.geh,
5[1].exek - Trojan-Downloader.Win32.Zlob.gei,
6[1].exek - Trojan-Downloader.Win32.Zlob.gej,
7[1].exek - Trojan-Downloader.Win32.ConHook.ji,
8[1].exek - Trojan-Downloader.Win32.Zlob.gek

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

12[1].exek, 15[1].exek, 19[1].exek, 1[1].exek, 20[1].exek, 2[1].exek, 3[1].exek

These files are corrupted.

test[1].htmk

No malicious code was found in this file.

Please quote all when answering.

[ 本帖最后由 wangjay1980 于 2008-1-20 14:05 编辑 ]

显示全部楼层 · 发表于 2008-1-20 13:01:11

d:\download\virusscan\virus[1]\15[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\19[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\20[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\1[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\2[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\3[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\12[1].exe: Broken.Executable FOUND

7个

显示全部楼层 · 发表于 2008-1-20 13:08:25

后面有[1]基本都是尸体的样子

[ 本帖最后由风野胤于 2008-1-20 13:14 编辑 ]

显示全部楼层 · 发表于 2008-1-20 13:08:40

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.PSW.Win32.GamesOnline.gq
病毒： Trojan.PSW.Win32.ZhengTu.ymm
病毒： Trojan.PSW.Win32.QQGame.bw
病毒： Trojan.PSW.Win32.GameOL.lka
病毒： Trojan.PSW.Win32.DJOnline.bp
病毒： Trojan.Win32.Mnless.zyt
病毒： Trojan.Win32.Undef.bes
病毒： Trojan.PSW.Win32.GamesOnline.ir
病毒： Trojan.PSW.Win32.GameOL.ljz
病毒： Trojan.PSW.Win32.GameOL.liz
病毒： Trojan.PSW.Win32.GameOL.ljg
病毒： Trojan.PSW.Win32.ZhengTu.ymo
病毒： Trojan.PSW.Win32.GamesOnline.gd
病毒： Trojan.PSW.Win32.LMir.yys
病毒： Trojan.PSW.Win32.GamesOnline.ik
病毒： Trojan.PSW.Win32.GamesOnline.hr

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.27.60

显示全部楼层 · 发表于 2008-1-20 13:12:56

何止这么几个
起码17[1]和21[1]也是尸体

基本红伞报启发的都是尸体

这就是虚拟机的优势了
虚拟机脱壳鞭尸很少

[ 本帖最后由风野胤于 2008-1-20 13:16 编辑 ]

显示全部楼层 · 发表于 2008-1-20 13:27:45

被免杀的差出来的也很少

[病毒样本] 44

本帖子中包含更多资源

本帖子中包含更多资源

回复 5楼 wangjay1980 的帖子

67/22

回复 6楼 jimmyleo 的帖子

回复 9楼风野胤的帖子

[病毒样本] 44

本帖子中包含更多资源

本帖子中包含更多资源

回复 5楼 wangjay1980 的帖子

67/22

回复 6楼 jimmyleo 的帖子

回复 9楼 风野胤 的帖子

回复 9楼风野胤的帖子