收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) 11ge
12下一页
返回列表 发新帖
查看: 4649|回复: 12
收起左侧

[已鉴定] 11ge

 关闭 [复制链接]
mofunzone
发表于 2008-1-25 16:12:45 | 显示全部楼层 |阅读模式
懒得一个一个发了,自己数数,11个就对了,没重复的
File: My_Documents.rar
Status: INFECTED/MALWARE
MD5: c088c9dae5af426f41129473eca9fb81
Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT, EXECRYPTOR
Bit9 reports: File not found
Scanner results
Scan taken on 25 Jan 2008 08:10:16 (GMT)
A-Squared Found Adware.Win32.ZenoSearch.ad
AntiVir Found ADSPY/ZenoSearch.AD.1, ADSPY/TTC.A.5, ADSPY/PurityScan.GT, TR/BHO.AB.6, DR/Dldr.VB.cge, DR/Scapur.K.15, TR/Drop.Click.JF.7, TR/BHO.AB.4, TR/Crypt.NSPM.Gen, TR/Dldr.Purity.BV.7, DR/PurityScan.GP
ArcaVir Found Adware.Ttc.A, Adware.Purityscan.Gt, Trojan.Bho.Ab, Trojan.Downloader.Vb.Cge, Trojan.Downloader.Purityscan.Fj, Trojan.Clicker.Small.If, Trojan.Clicker.Small.Jf, Trojan.Clicker.Html.Iframe.Dn
Avast Found Win32:Adloader-KH, Win32:Agent-RY, Win32:Small-AHY, Win32:Adware-gen
AVG Antivirus Found Generic2.VYA, Generic2.JEG, Generic2.AAID, Generic4.GI, Dropper.Generic_c.SM, Generic3.UNS, Downloader.Zlob.RZ, Generic9.ARKP
BitDefender Found Adware.TTC, Trojan.BHO.AW, Adware.Purityscan.JA, Dropped:Trojan.Clicker.Small.YD
ClamAV Found Trojan.Clicker-79
CPsecure Found nothing
Dr.Web Found Adware.ClickSpring, Adware.Ttc, Adware.ClickSpring.origin, Trojan.StartPage.19992, Trojan.DownLoader.24715, Trojan.Click.1237, Trojan.StartPage.19993, Adware.MediaTicket.origin, Adware.Outer
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.ZenoSearch.ad (4, 1, 400), not-a-virus:AdWare.Win32.TTC.a (4, 1, 400), not-a-virus:AdWare.Win32.PurityScan.gt (4, 1, 400), Trojan.Win32.BHO.ab, Trojan-Downloader.Win32.VB.cge, Trojan.Win32.Scapur.k, Trojan-Clicker.Win32.Small.jf, Trojan-Clicker.HTML.IFrame.dn, not-a-virus:AdWare.Win32.PurityScan.gp (4, 1, 400)
Fortinet Found Adware/ZenoSearch
Ikarus Found not-a-virus:AdWare.Win32.ZenoSearch.ad, not-a-virus:AdWare.Win32.TTC.a, not-a-virus:AdWare.Win32.PurityScan.ak, Trojan.Win32.BHO.ab, Trojan-Downloader.Win32.VB.awj, Trojan-Clicker.Win32.Small.jf, Suspect code-parts, Trojan-Downloader.Win32.Dluca.cc, not-a-virus:AdWare.Win32.PurityScan.gp (probable variant)
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.ZenoSearch.ad, not-a-virus:AdWare.Win32.TTC.a, not-a-virus:AdWare.Win32.PurityScan.gt, Trojan.Win32.BHO.ab, Trojan-Downloader.Win32.VB.cge, Trojan.Win32.Scapur.k, Trojan-Clicker.Win32.Small.jf, Trojan-Clicker.HTML.IFrame.dn, not-a-virus:AdWare.Win32.PurityScan.gp
NOD32 Found probably a variant of Win32/Adware.PurityScan application, Win32/Adware.ZQuest application, a variant of Win32/TrojanDownloader.VB.AW, probably a variant of Win32/TrojanDownloader.PurityScan, Win32/TrojanClicker.Small.JF (probable variant)
Norman Virus Control Found nothing
Panda Antivirus Found Generic, Trj/Downloader.PLF
Rising Antivirus Found Trojan.BHO.eh, Trojan.Win32.BHO.ab, AdWare.Win32.TTC.d
Sophos Antivirus Found Troj/TTC-Gen, Mal/Heuri-E, Troj/LegMir-ARJ, Mal/Generic-A, Troj/Small-ECV, Troj/Dloadr-BGU
VirusBuster Found Trojan.BHO.GF, Trojan.BHO.GA
VBA32 Found AdWare.Win32.ZenoSearch.ad, AdWare.Win32.TTC.a, AdWare.Win32.PurityScan.gt, Trojan.StartPage.19992, Trojan.Win32.Scapur.k, Trojan-Clicker.Win32.Small.jf, Application.Win32.Adware.ZQuest, AdWare.Win32.PurityScan.gp

My Documents.rar

889.08 KB, 下载次数: 244
回复

举报

IllusionWing
发表于 2008-1-25 16:17:04 | 显示全部楼层
only 4...
未命名.GIF
回复

举报

zwl2828
发表于 2008-1-25 16:19:12 | 显示全部楼层

Avira AntiVir

C:\Users\Wesley\Downloads\My_Documents.rar
  [0] Archive type: RAR
  --> FF.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/ZenoSearch.AD.1
  --> hopes83122.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/TTC.A.5
  --> obpkymkw.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/PurityScan.GT
  --> labumuf.dll
      [DETECTION] Is the Trojan horse TR/BHO.AB.6
  --> snapsnet.exe
      [DETECTION] Contains detection pattern of the dropper DR/Dldr.VB.cge
  --> yazzsnet.exe
      [DETECTION] Contains detection pattern of the dropper DR/Scapur.K.15
  --> 83122[1].exe
      [DETECTION] Is the Trojan horse TR/Drop.Click.JF.7
  --> tk58[1].exe
      [DETECTION] Is the Trojan horse TR/BHO.AB.4
  --> wavvsnet[1].exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> Yazzle1281OinAdmin.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
  --> Yazzle1281OinUninstaller.exe
      [DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP
回复

举报

hj5abc
发表于 2008-1-25 16:35:02 | 显示全部楼层
VT上avast少了一个 ..

Sign of "Win32:Adloader-KH [Trj]" has been found in "F:\My Documents\hopes83122.dll" file.  
Sign of "Win32:Agent-RY [Trj]" has been found in "F:\My Documents\obpkymkw.dll\[PECompact]" file.
Sign of "Win32:Small-AHY [Trj]" has been found in "F:\My Documents\labumuf.dll" file.  
Sign of "Win32:Small-AHY [Trj]" has been found in "F:\My Documents\tk58[1].exe" file.
Sign of "Win32:Adware-gen [Adw]" has been found in "F:\My Documents\Yazzle1281OinUninstaller.exe" file.
回复

举报

鱼是一只我
发表于 2008-1-25 16:50:31 | 显示全部楼层
江民只杀掉3只
回复

举报

zhr5898
发表于 2008-1-25 17:03:04 | 显示全部楼层
木马名称:Trojan.Win32.BHO.gb
程序:
D:\MY DOCUMENTS\LABUMUF.DLL

木马名称:Trojan.Win32.BHO.gc
程序:
D:\MY DOCUMENTS\TK58[1].EXE
回复

举报

Nblock
发表于 2008-1-25 17:14:57 | 显示全部楼层
E:\HOPES83122.DLL
木马名称:未知后门程序
处理结果:成功清除!

LABUMUF.DLL
木马名称:Trojan.Win32.BHO.gb

TK58[1].EXE
木马名称:Trojan.Win32.BHO.gc

D:\TEMP\MSHTML3.EXE
是木马程序!

C:\PROGRAM FILES\FUNC.EXE
木马名称:Trojan-Clicker.Win32.Small.la

C:\WINDOWS\SYSTEM32\NGPXX01\NGPXX011065.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:3577
远端地址:64.225.156.193(美国)
远端端口:80


C:\WINDOWS\17PHOLMES572.EXE
是蠕虫程序!
蠕虫名称:未知邮件蠕虫
处理结果:成功清除!
回复

举报

leonfg
发表于 2008-1-25 17:50:13 | 显示全部楼层
写清除点吧:ESET  7
C:\Documents and Settings\GUNDAM\桌面\My » RAR » obpkymkw.dll - probably a variant of Win32/Adware.PurityScan application
C:\Documents and Settings\GUNDAM\桌面\My » RAR » labumuf.dll - Win32/Adware.ZQuest application
C:\Documents and Settings\GUNDAM\桌面\My » RAR » snapsnet.exe » NSIS » nGpxx011065.exe - a variant of Win32/TrojanDownloader.VB.AW trojan
C:\Documents and Settings\GUNDAM\桌面\My » RAR » yazzsnet.exe » NSIS » Yazzle1281OinAdmin.exe - probably a variant of Win32/TrojanDownloader.PurityScan trojan
C:\Documents and Settings\GUNDAM\桌面\My » RAR » 83122[1].exe » NSIS » func.exe - Win32/TrojanClicker.Small.JF trojan
C:\Documents and Settings\GUNDAM\桌面\My » RAR » tk58[1].exe - Win32/Adware.ZQuest application
C:\Documents and Settings\GUNDAM\桌面\My » RAR » Yazzle1281OinAdmin.exe - probably a variant of Win32/TrojanDownloader.PurityScan trojan
回复

举报

woai_jolin
发表于 2008-1-25 17:51:44 | 显示全部楼层
Scan Log
Version of virus signature database: 2821 (20080124)
Date: 2008-1-25  Time: 17:51:45
Scanned disks, folders and files: G:\v\My_Documents.rar
G:\v\My_Documents.rar:Zone.Identifier - is OK
Number of scanned objects: 32
Number of threats found: 7
Time of completion: 17:51:50  Total scanning time: 5 sec (00:00:05)
回复

举报

woai_jolin
发表于 2008-1-25 17:53:28 | 显示全部楼层
2008-1-25 17:53:30        Kernel        File  'G:\v\hopes83122.dll' was sent to ESET for analysis.       
2008-1-25 17:52:58        Kernel        File  'G:\v\FF.dll' was sent to ESET for analysis.
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2026-1-10 08:09 , Processed in 0.090890 second(s), 3 queries , Redis On.

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表