查看: 3527|回复: 21
收起左侧

[病毒样本] 5个

[复制链接]
qianwenxiang
发表于 2008-2-1 23:31:15 | 显示全部楼层 |阅读模式
唉。。不小心运行了下样本。。猥琐的中毒了。。先发5个上来。。睡觉鸟。。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
qianwenxiang
 楼主| 发表于 2008-2-1 23:31:51 | 显示全部楼层
发现我鼠标单击变成双击了。。昏。。
su-tt
发表于 2008-2-1 23:32:18 | 显示全部楼层
Begin scan in 'C:\Documents and Settings\Administrator\桌面\temp.rar'
C:\Documents and Settings\Administrator\桌面\temp.rar
  [0] Archive type: RAR
  --> winlogan.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.hcm
  --> 00011lt.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.igf
  --> tmp2E8.tmp
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr.1
      [INFO]      The file was deleted!


End of the scan: 2008年2月1日  23:32
Used time: 00:05 min

The scan has been done completely.

      0 Scanning directories
      6 Files were scanned
      3 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes
sam.to
发表于 2008-2-1 23:32:33 | 显示全部楼层
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.hcm        檔案: C:\Documents and Settings\kato9096\桌面\197059.rar/winlogan.exe//PE_Patch.PECompact//PecBundle//PECompact
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.igf        檔案: C:\Documents and Settings\kato9096\桌面\197059.rar/00011lt.dll//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olr        檔案: C:\Documents and Settings\kato9096\桌面\197059.rar/tmp2E8.tmp

2个不报,上报
碧水寒潭
发表于 2008-2-1 23:33:38 | 显示全部楼层
Start of the scan: 2008年2月1日  23:33

Starting the file scan:

Begin scan in 'I:\样本'
I:\样本\temp.rar
  [0] Archive type: RAR
  --> winlogan.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.hcm
  --> 00011lt.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.igf
  --> tmp2E8.tmp
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr.1
      [INFO]      The file was deleted!


End of the scan: 2008年2月1日  23:33
Used time: 00:09 min

The scan has been done completely.

      1 Scanning directories
      9 Files were scanned
      3 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      6 Files not concerned
      2 Archives were scanned
      0 Warnings
      0 Notes
woai_jolin
发表于 2008-2-1 23:34:11 | 显示全部楼层
2008-2-1 23:34:04        Real-time file system protection        file        G:\v\tmp2E8.tmp        Win32/PSW.OnLineGames.OLR trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-1 23:34:03        Real-time file system protection        file        G:\v\00011lt.dll        probably a variant of Win32/Genetik trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-1 23:34:02        Real-time file system protection        file        G:\v\winlogan.exe        Win32/TrojanDownloader.Small.NTQ trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
woai_jolin
发表于 2008-2-1 23:35:29 | 显示全部楼层
2008-2-1 23:34:46        Kernel        File  'G:\v\773675006.exe' was sent to ESET for analysis.       
2008-2-1 23:34:41        Kernel        File  'G:\v\763675006.exe' was sent to ESET for analysis.
wangjay1980
发表于 2008-2-1 23:35:37 | 显示全部楼层
那两个
<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google</title><style>body,td,a,p,.h{font-family:arial,sans-serif}.h{font-size:20px}.h{color:#3366cc}.q{color:#00c}.ts td{padding:0}.ts{border-collapse:collapse}#gbar{float:left;font-weight:bold;height:22px;padding-left:2px}.gbh,.gb2 div{border-top:1px solid #c9d7f1;font-size:0;height:0}.gbh{position:absolute;top:24px;width:100%}.gb2 div{margin:5px}#gbi{background:#fff;border:1px solid;border-color:#c9d7f1 #36c #36c #a2bae7;font-size:13px;top:24px;z-index:1000}#guser{padding-bottom:7px !important}#gbar,#guser{font-size:13px;padding-top:1px !important}@media all{.gb1,.gb3{height:22px;margin-right:.73em;vertical-align:top}}#gbi,.gb2{display:none;position:absolute;width:8em}.gb2{z-index:1001}#gbar a,#gbar a:active,#gbar a:visited{color:#00c;font-weight:normal}.gb2 a,.gb3 a{text-decoration:none}.gb2 a{display:block;padding:.2em .5em}#gbar .gb2 a:hover{background:#36c;color:#fff}</style><script>window.google={kEI:"hC2jR8DFOpGasAL8rICFAw",kEXPI:"17259,17735",kHL:"en"};
function sf(){document.f.q.focus()}
window.clk=function(b,c,d,e,f,g){if(document.images){var a=encodeURIComponent||escape;(new Image).src="/url?sa=T"+(c?"&oi="+a(c):"")+(d?"&cad="+a(d):"")+"&ct="+a(e)+"&cd="+a(f)+(b?"&url="+a(b.replace(/#.*/,"")).replace(/\+/g,"%2B"):"")+"&ei=hC2jR8DFOpGasAL8rICFAw"+g}return true};
window.gbar={};(function(){var a=window.gbar,d,h,i;function l(b,f,e){b.display=i?"none":"block";b.left=f+"px";b.top=e+"px"}a.tg=function(b){var f=0,e=0,c,m=0,n,j=window.navExtra,k,g=document;h=h||g.getElementById("gbar").getElementsByTagName("span");(b||window.event).cancelBubble=!m;if(!d){d=g.createElement(Array.every||window.createPopup?"iframe":"DIV");d.frameBorder="0";d.scrolling="no";d.src="#";g.body.appendChild(d).id="gbi";if(j&&h[7])for(n in j){k=g.createElement("span");k.appendChild(j[n]);h[7].parentNode.insertBefore(k,h[7]).className="gb2"}g.onclick=a.close}while(c=h[++m]){if(e){l(c.style,e+1,f+25);f+=c.firstChild.tagName=="DIV"?9:20}if(c.className=="gb3"){do e+=c.offsetLeft;while(c=c.offsetParent)}}d.style.height=f+"px";l(d.style,e,24);i=!i};a.close=function(b){i&&a.tg(b)}})();</script></head><body bgcolor=#ffffff text=#000000 link=#0000cc vlink=#551a8b alink=#ff0000 onload="sf();if(document.images){new Image().src='/images/nav_logo3.png'}" topmargin=3 marginheight=3><div id=gbar><nobr><span class=gb1>Web</a></span> <span class=gb1><a href="http://images.google.com/imghp?hl=en&tab=wi">Images</a></span> <span class=gb1><a href="http://maps.google.com/maps?hl=en&tab=wl">Maps</a></span> <span class=gb1><a href="http://news.google.com/nwshp?hl=en&tab=wn">News</a></span> <span class=gb1><a href="http://www.google.com/prdhp?hl=en&tab=wf">Shopping</a></span> <span class=gb1><a href="http://mail.google.com/mail/?hl=en&tab=wm">Gmail</a></span> <span class=gb3><a href="http://www.google.com/intl/en/options/" onclick="this.blur();gbar.tg(event);return !1"><u>more</u> <small>▼</small></a></span> <span class=gb2><a href="http://video.google.com/?hl=en&tab=wv">Video</a></span> <span class=gb2><a href="http://groups.google.com/grphp?hl=en&tab=wg">Groups</a></span> <span class=gb2><a href="http://books.google.com/bkshp?hl=en&tab=wp">Books</a></span> <span class=gb2><a href="http://scholar.google.com/schhp?hl=en&tab=ws">Scholar</a></span> <span class=gb2><a href="http://finance.google.com/finance?hl=en&tab=we">Finance</a></span> <span class=gb2><a href="http://blogsearch.google.com/?hl=en&tab=wb">Blogs</a></span> <span class=gb2><div></div></a></span> <span class=gb2><a href="http://www.youtube.com/?hl=en&tab=w1">YouTube</a></span> <span class=gb2><a href="http://www.google.com/calendar/render?hl=en&tab=wc">Calendar</a></span> <span class=gb2><a href="http://picasaweb.google.com/home?hl=en&tab=wq">Photos</a></span> <span class=gb2><a href="http://docs.google.com/?hl=en&tab=wo">Documents</a></span> <span class=gb2><a href="http://www.google.com/reader/view/?hl=en&tab=wy">Reader</a></span> <span class=gb2><div></div></a></span> <span class=gb2><a href="http://www.google.com/intl/en/options/">even more &raquo;</a></span> </nobr></div><div class=gbh style=left:0></div><div class=gbh style=right:0></div><div align=right id=guser style="font-size:84%;padding:0 0 4px" width=100%><nobr><a href="/url?sa=p&pref=ig&pval=3&q=http://www.google.com/ig%3Fhl%3Den%26source%3Diglk&usg=AFQjCNFA18XPfgb7dKnXfKz7x7g1GDH1tg">iGoogle</a> | <a href="https://www.google.com/accounts/Login?continue=http://www.google.com/&hl=en">Sign in</a></nobr></div><center><br clear=all id=lgpd><img alt="Google" height=110 src="/intl/en_ALL/images/logo.gif" width=276><br><br><form action="/search" name=f><table cellpadding=0 cellspacing=0><tr valign=top><td width=25%>&nbsp;</td><td align=center nowrap><input name=hl type=hidden value=en><input maxlength=2048 name=q size=55 title="Google Search" value=""><br><input name=btnG type=submit value="Google Search"><input name=btnI type=submit value="I'm Feeling Lucky"></td><td nowrap width=25%><font size=-2>&nbsp;&nbsp;<a href=/advanced_search?hl=en>Advanced Search</a><br>&nbsp;&nbsp;<a href=/preferences?hl=en>Preferences</a><br>&nbsp;&nbsp;<a href=/language_tools?hl=en>Language Tools</a></font></td></tr></table></form><br><br><font size=-1><span id=hp style="behavior:url(#default#homepage)"></span><script><!--
(function() {var a="http://www.google.com/",b=document.getElementById("hp"),c=b.isHomePage(a);_rptHp=function(){(new Image).src="/gen_204?sa=X&ct=mgyhp&cd="+(b.isHomepage(a)?1:0)};if(!c){document.write('<p><a href=/mgyhp.html onClick=document.getElementById("hp").setHomepage("'+a+'");_rptHp();>Make Google Your Homepage!</a><br><br>')};(new Image).src="/gen_204?atyp=i&ghp="+(c?"t":"f");;
})();//-->
</script><a href="/intl/en/ads/">Advertising&nbsp;Programs</a> - <a href="/services/">Business Solutions</a> - <a href="/intl/en/about.html">About Google</a> -
leonfg
发表于 2008-2-1 23:36:04 | 显示全部楼层
都是3个?
C:\Documents and Settings\GUNDAM\桌面\temp.rar » RAR » winlogan.exe - Win32/TrojanDownloader.Small.NTQ trojan
C:\Documents and Settings\GUNDAM\桌面\temp.rar » RAR » 00011lt.dll - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\GUNDAM\桌面\temp.rar » RAR » tmp2E8.tmp - Win32/PSW.OnLineGames.OLR trojan
woai_jolin
发表于 2008-2-1 23:37:01 | 显示全部楼层
Starting the file scan:
Begin scan in 'G:\v\temp.rar'
G:\v\temp.rar
  [0] Archive type: RAR
  --> winlogan.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.hcm
  --> 00011lt.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.igf
  --> tmp2E8.tmp
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr.1
      [INFO]      The file was deleted!

End of the scan: 2008年2月1日  23:37
Used time: 00:08 min
The scan has been done completely.
      0 Scanning directories
      7 Files were scanned
      3 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      4 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-6-16 23:02 , Processed in 0.138281 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表