Backdoor runtime

ALEXBLAIR

原帖由 garyyan456 于 2008-1-23 18:35 发表
测试报告（都是NOD不杀的，杀了我不报告了）
1.exe经过测试，发现就是疯狂下网页 除此无任何可疑动作

ecard.exe尝试加载驱动RUNTIME被沙盘阻止 估计是修改系统时间的东东

deleted: Trojan program Backdoor.Win32.Agent.dps File: F:\ZHANGQIUREN\DESKTOP\sb.vbs\Temp.rar/Temp\1.bat
deleted: Trojan program Backdoor.Win32.Agent.cpj File: F:\ZHANGQIUREN\DESKTOP\sb.vbs\Temp.rar/Temp\guai.exe//SimplePack
deleted: Trojan program Trojan-Downloader.VBS.Agent.ir File: F:\ZHANGQIUREN\DESKTOP\sb.vbs\Temp.rar/Temp\ip.vbs
其余的交给实验室。。。。

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\taskmgre'
C:\Documents and Settings\Administrator\My Documents\taskmgre\
  1.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.cpj.4 Backdoor server programs
      [INFO]      The file was deleted!
  2008.exe
  21.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  22.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  AIO.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Expressor). Please verify the origin of the file
      [INFO]      The file was deleted!
  baidu.exe
      [DETECTION] Contains detection pattern of the worm WORM/Delf.O.8
      [INFO]      The file was deleted!
  cherry.exe
      [DETECTION] Contains detection pattern of the worm WORM/AgoBot.aor
      [INFO]      The file was deleted!
  eCard.scr
      [DETECTION] Contains detection pattern of the worm WORM/Ntech.AI
      [INFO]      The file was deleted!
  File3.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
  ht2.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.vzw Backdoor server programs
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  taskmgre.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Sma.dat.4.B
      [INFO]      The file was deleted!
  号码.com
    [0] Archive type: RAR SFX (self extracting)
      --> ﾱﾡﾽ￬ﾯﾺﾸￜￄ￲ﾶﾰ.exe
        [1] Archive type: RAR SFX (self extracting)
        --> ﾱﾡﾽ￬ﾯﾺﾸￜￄ￲ﾶﾰ.txt
    --> 6.exe
        [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
        [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!


End of the scan: 2008年1月23日  08:05
Used time: 00:04 min

The scan has been done completely.

      1 Scanning directories
     15 Files were scanned
     11 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     11 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      4 Files not concerned
      5 Archives were scanned
      2 Warnings
      0 Notes

woai_jolin

Scan Log
Version of virus signature database: 2818 (20080123)
Date: 2008-1-24  Time: 4:25:25
Scanned disks, folders and files: G:\v\Backdoor.rar
G:\v\Backdoor.rar » RAR » cherry.exe - is OK
G:\v\Backdoor.rar » RAR » eCard.scr - Win32/Wigon.AO trojan - was a part of the deleted object
G:\v\Backdoor.rar » RAR » File3.exe - Win32/Wigon.AM trojan - was a part of the deleted object
G:\v\Backdoor.rar » RAR » baidu.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object
G:\v\Backdoor.rar » RAR » 1.exe - is OK
G:\v\Backdoor.rar » RAR » ht2.exe - probably a variant of Win32/Spy.Delf.PG trojan - was a part of the deleted object
G:\v\Backdoor.rar » RAR » AIO.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object
Number of scanned objects: 8
Number of threats found: 5
Time of completion: 4:25:27  Total scanning time: 2 sec (00:00:02)

woai_jolin

Scan Log
Version of virus signature database: 2818 (20080123)
Date: 2008-1-24  Time: 4:25:52
Scanned disks, folders and files: G:\v\号码.rar
G:\v\号码.rar » RAR » 号码.com » RAR » 薄届?杠尿栋.exe » RAR » 薄届?杠尿栋.txt - is OK
G:\v\号码.rar » RAR » 号码.com » RAR » 6.exe - a variant of Win32/Pacex.Gen virus - was a part of the deleted object
G:\v\号码.rar » RAR » 22.exe - a variant of Win32/PSW.OnLineGames.MUG trojan - was a part of the deleted object
G:\v\号码.rar » RAR » 21.exe - a variant of Win32/PSW.OnLineGames.MUG trojan - was a part of the deleted object
G:\v\号码.rar » RAR » 2008.exe - is OK
Number of scanned objects: 7
Number of threats found: 3
Time of completion: 4:25:53  Total scanning time: 1 sec (00:00:01)

capsshift

红伞杀的好。

kkgh

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Packer.Win32.Mian007.a   
病毒： Trojan.PSW.Win32.GameOL.ljo
病毒： Trojan.PSW.Win32.QQGame.by
病毒： RootKit.Win32.RESSDT .b  
病毒： Malicious Code           
病毒： Trojan.IMMSG.Win32.MsgSender.am

用户来源：互联网

软件版本：20.28.22