收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 HIPS区一包 红伞84
12
返回列表 发新帖
楼主: gwg829
 收起左侧

[病毒样本] HIPS区一包 红伞84

[复制链接]
CZH
发表于 2008-2-5 13:06:24 | 显示全部楼层
Duration:        0:00:03

Scan result:

Scanned files:                 8
Infected objects:         73
Disinfected objects:         0
Quarantined files:         1

F-prot 扫描只用3秒
回复

举报

CZH
发表于 2008-2-5 13:13:03 | 显示全部楼层
105 Files scanned
          (1 Archiv with 104 files)
        72 Signatures found
        2 Suspect code-parts found
        Used time: 0:04.329
IK 病毒库未更新

[ 本帖最后由 CZH 于 2008-2-5 13:24 编辑 ]
回复

举报

wangjay1980
发表于 2008-2-5 13:14:17 | 显示全部楼层
看来我的库老了,只有两个未杀

Hello,

17.exek, aa17[1].exek, SHAProc.exek - Trojan-PSW.Win32.OnLineGames.qnb,
24.exek, aa24[1].exek - Trojan-PSW.Win32.OnLineGames.qnd,
3.exek, aa3[1].exek, WSockDrv32.exek - Trojan-PSW.Win32.OnLineGames.qnc,
aa12[1].exek, mswwwdj32.dll - Trojan-PSW.Win32.OnLineGames.qna,
ahpyqvbdj.dll - Trojan-PSW.Win32.Nilage.bza,
dlufntywow.dll - Trojan-PSW.Win32.Nilage.bzc,
SHAProc.dll - Trojan-PSW.Win32.OnLineGames.qnf,
WSockDrv32.dll - Trojan-PSW.Win32.OnLineGames.qne

These files are already detected. Please update your antivirus bases.

3auhad.cfg, caca76450c340569.batk, cuhad.cfg, DFD353147.batk, joerrueq.dat, niluw.cfg, nucwxhami.exe.hiv, verclsid.exek, WIN.INI

No malicious code were found in these files.

cuhad.dll - Trojan-PSW.Win32.OnLineGames.qnv,
wyrsdj.dll - Trojan.Win32.Agent.ewi

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Vladimir Krylov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.
回复

举报

CZH
发表于 2008-2-5 13:17:11 | 显示全部楼层
VBA32  71只
回复

举报

CZH
发表于 2008-2-5 13:22:38 | 显示全部楼层
BD  70
回复

举报

电影结束了
发表于 2008-2-5 13:22:40 | 显示全部楼层
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\W5MJ4PUN\xin[1].txt
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\W5MJ4PUN\aa7[1].exe - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\W5MJ4PUN\aa18[1].exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\HHRV2WE9\aa2[1].exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\HHRV2WE9\aa8[1].exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\HHRV2WE9\aa20[1].exe - Signature 'Trojan-Spy.Win32.Delf.uv' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\LXCM7J9P\aa3[1].exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\LXCM7J9P\aa9[1].exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\LXCM7J9P\aa21[1].exe - Signature 'Trojan-PWS.OnlineGames.OPH' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\W3EBC1KL\aa4[1].exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\W3EBC1KL\aa13[1].exe - Signature 'Generic.PWS.Games.1' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\W3EBC1KL\aa25[1].exe
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\UP2V8TSR\aa5[1].exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\UP2V8TSR\aa14[1].exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\8XYJWHAB\aa6[1].exe - Signature 'Trojan-PWS.Win32.Delf.ix' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\8XYJWHAB\aa16[1].exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\LP5QR3XU\aa10[1].exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\LP5QR3XU\aa22[1].exe
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YG9J72PB\aa11[1].exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YG9J72PB\aa23[1].exe - Signature 'Trojan-PWS.Win32.QQPass.hq' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\K12J0L63\aa12[1].exe - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\K12J0L63\aa24[1].exe - Suspect code-parts found (Level: 85)
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\G1KT25C1\aa15[1].exe - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\WD6RO1EF\aa17[1].exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\O9A3WTUJ\aa19[1].exe - Signature 'Trojan-Dropper.Win32.Agent.ebc' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temp\tmp6.tmp
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temp\tmp9.tmp - Signature 'Trojan-PWS.Win32.OnLineGames.qha' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temp\tmpC.tmp - Signature 'Trojan-PWS.Win32.OnLineGames.qha' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temp\tmpF.tmp - Signature 'Trojan-PWS.Win32.OnLineGames.prw' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temp\tmp12.tmp - Signature 'Trojan-PWS.Win32.OnLineGames.qha' found
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temp\tmp15.tmp - Signature 'Trojan-PWS.Win32.OnLineGames.qiv' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\WIN.INI
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\2.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\cuhad.cfg
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\cuhad.dll - Signature 'Trojan-PWS.Win32.Small.br' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\3.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\4.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\hjxr.cfg
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\hjxr.dll - Signature 'Trojan-PWS.Win32.Small.br' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\5.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\WSockDrv32.dll - Signature 'Trojan-PWS.OnlineGames.NSR' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\upxdnd.dll - Signature 'Trojan-PWS.OnlineGames.NSR' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\dlufntywow.dll - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\HHHCompress.dll - Signature 'Trojan-PWS.Win32.Delf.ix' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\8.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\wenwnsyzx.dll - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\mshxxbb32.dll - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\9.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\10.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\3auhad.cfg
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\3auhad.dll - Signature 'Trojan-PWS.Win32.Small.br' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\msepion.sys - Signature 'Trojan.Win32.Agent.anj' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\11.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\gnolnait.cfg
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\gnolnait.dll - Signature 'Trojan-PWS.Win32.Small.br' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\ahpyqvbdj.dll - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\mswwwdj32.dll - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\13.exe - Signature 'Generic.PWS.Games.1' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\JAA-JAA-1032.dll - Signature 'Trojan-PWS.Win32.Small.br' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\LotusHlp.dll - Signature 'Trojan-PWS.OnlineGames.NSR' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\14.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\verclsid.exe
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\niluw.cfg
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\niluw.dll - Signature 'Trojan-PWS.Win32.Small.br' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\qyhqhnswm.dll - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\mswmkkk32.dll - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\16.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\17.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\18.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\19.exe - Signature 'Trojan-Dropper.Win32.Agent.ebc' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\lnaixnauhqq.cfg
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\lnaixnauhqq.dll - Signature 'Trojan-PWS.Win32.Small.br' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\20.exe - Signature 'Trojan-Spy.Win32.Delf.uv' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\RAA_RAA_1002.dll - Signature 'Trojan-PWS.Win32.Small.br' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\22.exe
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\syiskpvqj.dll - Signature 'Trojan-PWS.Win32.Agent.jp' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\msqjmmm32.dll - Signature 'Trojan-PWS.OnlineGames.OPH' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\QAB_QAB_1011.dll - Signature 'Trojan-PWS.Win32.Small.br' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\24.exe - Suspect code-parts found (Level: 85)
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\eluewcizyzj.dll - Signature 'Trojan-PWS.Win32.QQPass.hq' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\mstfhncn32.dll - Signature 'Trojan-PWS.Win32.QQPass.hq' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\25.exe
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\wyrsdj.dll - Signature 'Trojan-Dropper.Win32.Agent.ane' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\PTSShell.dll - Signature 'Trojan-PWS.Win32.OnLineGames.ozu' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\SHAProc.dll - Signature 'Trojan-PWS.OnlineGames.NSR' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\system32\wyrsdj.dll.log
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\WSockDrv32.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\upxdnd.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\nucwxhami.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\nucwxhami.exe.hiv
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\joerrueq.dat
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\rujfeobq.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\irtuxjpf.dll - Signature 'Trojan-Dropper.Win32.Agent.ane' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\fhamqjhf.dat
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\LotusHlp.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\Fonts\gjcubxw.fon
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\Fonts\gjcsdzc.exe - Signature 'Trojan-Spy.Win32.Delf.uv' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\Fonts\gjcsdss.dll
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\Fonts\gjcsdyc.dll - Signature 'Virus.Win32.OnLineGames.BGD' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\PTSShell.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\WINDOWS\SHAProc.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
d:\DefaultBox.rar:\DefaultBox\drive\C\name.log
d:\DefaultBox.rar:\DefaultBox\drive\C\caca76450c340569.bat
d:\DefaultBox.rar:\DefaultBox\drive\C\DFD353147.bat
d:\DefaultBox.rar

        105 Files scanned
          (1 Archiv with 104 files)
        79 Signatures found
        2 Suspect code-parts found
        Used time: 0:02.125

下载者生成的东西就是多...
怎么抓就是一大把
回复

举报

qigang
发表于 2008-2-5 13:25:37 | 显示全部楼层

207/63

瑞星病毒查杀结果报告

清除病毒种类列表:

病毒: Trojan.PSW.Win32.GamesOnline.mn
病毒: Trojan.PSW.Win32.GameOL.GEN
病毒: Trojan.PSW.Win32.GameOL.lhu
病毒: Trojan.PSW.Win32.GameOL.GEN
病毒: Trojan.PSW.Win32.GamesOnline.mh
病毒: Trojan.PSW.Win32.GameOL.lmf
病毒: Trojan.PSW.Win32.QQGame.GEN
病毒: Trojan.PSW.Win32.GameOL.lvq
病毒: Trojan.PSW.Win32.GamesOnline.ma
病毒: Trojan.PSW.Win32.SunOnline.md
病毒: Trojan.PSW.Win32.GameOL.GEN
病毒: Trojan.PSW.Win32.GameOL.lvs
病毒: RootKit.Win32.GameHack.get
病毒: RootKit.Win32.GameHack.ger
病毒: RootKit.Win32.GameHack.gep
病毒: Trojan.PSW.Win32.XYOnline.aay
病毒: Trojan.PSW.Win32.YBOnline.dg
病毒: Trojan.PSW.Win32.QQGame.GEN
病毒: RootKit.Win32.Mnless.hc  
病毒: RootKit.Win32.GameHack.GEN
病毒: Trojan.PSW.Win32.SunOnline.md
病毒: Trojan.PSW.Win32.GameOL.lvw
病毒: Trojan.PSW.Win32.GameOL.lug
病毒: Trojan.PSW.Win32.GamesOnline.mk
病毒: Trojan.PSW.Win32.GameOL.GEN
病毒: Trojan.PSW.Win32.GameOL.GEN

MAC 地址:00:11:5B:F3:6D:69

用户来源:互联网

软件版本:20.30
回复

举报

冷冷
发表于 2008-2-5 14:13:40 | 显示全部楼层
原帖由 电影结束了 于 2008-2-5 13:22 发表
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\W5MJ4PUN\xin[1].txt
d:\DefaultBox.rar:\DefaultBox\user\current\Local Settings\Temporary Internet Files\C ...

比你们还新一点
IK
105 Files scanned
   (1 Archiv with 104 files)
79 Signatures found
6 Suspect code-parts found
Used time: 0:02.297
回复

举报

fishx
头像被屏蔽
发表于 2008-2-5 14:17:16 | 显示全部楼层

回复 9楼 hj5abc 的帖子

这就是avast吗,看投票一堆支持avast的呢
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2026-2-3 22:36 , Processed in 0.091434 second(s), 3 queries , Redis On.

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表