收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) 发两个毒网
12下一页
返回列表 发新帖
查看: 4211|回复: 19
收起左侧

[已鉴定] 发两个毒网

 关闭 [复制链接]
tanlimo
发表于 2008-2-9 13:09:57 | 显示全部楼层 |阅读模式
http://www.ac66.cn/88/index.htm

http://user3.33391.net/ps.js

[[i] 本帖最后由 tanlimo 于 2008-2-9 14:38 编辑 [/i]]

88kv.rar

22.53 KB, 下载次数: 96
回复

举报

xxl
发表于 2008-2-9 13:37:10 | 显示全部楼层
微点+KIS7.0无反应,界面无显示。
回复

举报

tanlimo
 楼主| 发表于 2008-2-9 13:49:08 | 显示全部楼层
楼上用得不是IE?或者打补丁了吧?
回复

举报

ask5
发表于 2008-2-9 13:53:00 | 显示全部楼层
Log is generated by FreShow.
    [script]http://s108.cnzz.com/stat.php?id=781061&web_id=781061&show=pic1
    [frame]http://js.users.51.la/*
    [script]http://www.88kv.cn/Ajax.gif
        [object]http://www.88kv.cn/aaa.exe
    [frame]http://www.88kv.cn/Ms06014.htm
        [object]http://www.88kv.cn/aaa.exe
    [script]http://www.88kv.cn/Real.js
        [object]http://www.88kv.cn/aaa.exe
    [script]http://www.88kv.cn/Bfyy.gif
        [object]http://www.88kv.cn/aaa.exe
    [script]http://www.88kv.cn/Pps.gif
        [object]http://www.88kv.cn/aaa.exe
    [script]http://www.88kv.cn/XunLei.gif
        [object]http://www.88kv.cn/aaa.exe
    [script]http://www.88kv.cn/Lz.gif
        [object]http://www.88kv.cn/aaa.exe
    [frame]http://www.88kv.cn/QVod.html
        [object]http://www.88kv.cn/aaa.exe
[wide]http://www.ac66.cn/88/index.htm
    [frame]http://www.88kv.cn/1220.htm




Log is generated by FreShow.
[wide]http://user3.33391.net/ps.js
    [object]http://www.88kv.cn/aaa.exe

[ 本帖最后由 ask5 于 2008-2-9 13:56 编辑 ]
回复

举报

tanlimo
 楼主| 发表于 2008-2-9 14:02:41 | 显示全部楼层
File aaa.rar received on 02.09.2008 06:55:53 (CET)
AntivirusVersionLast UpdateResult
AhnLab-V32008.2.6.102008.02.05-
AntiVir7.6.0.622008.02.08TR/Delphi.Downloader.Gen
Authentium4.93.82008.02.08Possibly a new variant of W32/new-malware!Maximus
Avast4.7.1098.02008.02.08-
AVG7.5.0.5162008.02.08-
BitDefender7.22008.02.09-
CAT-QuickHealNone2008.02.08(Suspicious) - DNAScan
ClamAV0.922008.02.09-
DrWeb4.44.0.091702008.02.08Trojan.DownLoader.origin
eSafe7.0.15.02008.01.28suspicious Trojan/Worm
eTrust-Vet31.3.55222008.02.08-
Ewido4.02008.02.08-
FileAdvisor12008.02.09-
Fortinet3.14.0.02008.02.08-
F-Prot4.4.2.542008.02.08W32/Banload.B.gen!Eldorado
F-Secure6.70.13260.02008.02.08Trojan-Downloader.Win32.Small.idz
IkarusT3.1.1.202008.02.09Backdoor.Win32.Delf.aka
Kaspersky7.0.0.1252008.02.09Trojan-Downloader.Win32.Small.idz
McAfee52262008.02.08-
Microsoft1.32042008.02.09Trojan:Win32/Anomaly.gen!B
NOD32v228612008.02.09-
Norman5.80.022008.02.08-
Panda9.0.0.42008.02.08Suspicious file
Prevx1V22008.02.09-
Rising20.29.22.002008.01.30-
Sophos4.26.02008.02.09Mal/EncPk-AP
Sunbelt2.2.907.02008.02.09VIPRE.Suspicious
Symantec102008.02.09-
TheHacker6.2.9.2132008.02.09-
VBA323.12.6.02008.02.09Trojan.DownLoader
VirusBuster4.3.26:92008.02.08Packed/FSG
Webwasher-Gateway6.6.22008.02.09Trojan.Delphi.Downloader.Gen
回复

举报

Graybird
发表于 2008-2-9 14:14:09 | 显示全部楼层
Starting the file scan:

Begin scan in 'E:\virus\aaa.exe'
E:\virus\aaa.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
回复

举报

Palkia
发表于 2008-2-9 14:25:46 | 显示全部楼层
原帖由 tanlimo 于 2008-2-9 13:49 发表
楼上用得不是IE?或者打补丁了吧?

二楼讲的界面没显示恐怕是没把XX改为tt就直接点击吧?
回复

举报

Graybird
发表于 2008-2-9 15:10:38 | 显示全部楼层

回复 1楼 tanlimo 的帖子

Starting the file scan:

Begin scan in 'E:\virus\88kv.rar'
E:\virus\88kv.rar
  [0] Archive type: RAR
  --> Ms06014[1].htm
      [DETECTION] Contains suspicious code HEUR/Exploit.HTML
  --> Real.js
      [DETECTION] Contains detection pattern of the Java script virus JS/Agent.ES
  --> QVod[1].htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> XunLei[1].gif
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Silly.Gen
  --> Bfyy[1].gif
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> Pps[1].gif
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> Lz[1].gif
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> aaa.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING]   The file was ignored!


End of the scan: 2008年2月9日  15:09
Used time: 00:27 min

The scan has been done completely.

      0 Scanning directories
     10 Files were scanned
      2 viruses and/or unwanted programs were found
      6 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      8 Files not concerned
      1 Archives were scanned
      1 Warnings
      0 Notes
回复

举报

woai_jolin
发表于 2008-2-9 15:11:47 | 显示全部楼层
=============================================================================
Dr.Web(R) Scanner for Windows v4.44.2 (4.44.2.11261)
(c) 1992-2007 Igor Daniloff. All rights reserved.
Log generated on: 2008-02-09, 15:11:23 [Administrator]
Command-line: "E:\DrWeb\DrWeb32W.Exe" /ARN /HA /OK /UPN /TM- /AL /SS- /SD /SHELL /TB-
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 4.44 (4.44.0.09170)
Engine API version: 2.02
[Virus database] E:\DrWeb\drwtoday.vdb - 789 virus records
[Virus database] E:\DrWeb\drw44425.vdb - 3609 virus records
[Virus database] E:\DrWeb\drw44424.vdb - 7770 virus records
[Virus database] E:\DrWeb\drw44423.vdb - 4210 virus records
[Virus database] E:\DrWeb\drw44422.vdb - 1010 virus records
[Virus database] E:\DrWeb\drw44421.vdb - 421 virus records
[Virus database] E:\DrWeb\drw44420.vdb - 1306 virus records
[Virus database] E:\DrWeb\drw44419.vdb - 1234 virus records
[Virus database] E:\DrWeb\drw44418.vdb - 1238 virus records
[Virus database] E:\DrWeb\drw44417.vdb - 4406 virus records
[Virus database] E:\DrWeb\drw44416.vdb - 7847 virus records
[Virus database] E:\DrWeb\drw44415.vdb - 6014 virus records
[Virus database] E:\DrWeb\drw44414.vdb - 804 virus records
[Virus database] E:\DrWeb\drw44413.vdb - 5020 virus records
[Virus database] E:\DrWeb\drw44412.vdb - 1565 virus records
[Virus database] E:\DrWeb\drw44411.vdb - 1582 virus records
[Virus database] E:\DrWeb\drw44410.vdb - 1131 virus records
[Virus database] E:\DrWeb\drw44409.vdb - 2303 virus records
[Virus database] E:\DrWeb\drw44408.vdb - 3904 virus records
[Virus database] E:\DrWeb\drw44407.vdb - 2456 virus records
[Virus database] E:\DrWeb\drw44406.vdb - 4411 virus records
[Virus database] E:\DrWeb\drw44405.vdb - 1311 virus records
[Virus database] E:\DrWeb\drw44404.vdb - 2486 virus records
[Virus database] E:\DrWeb\drw44403.vdb - 4462 virus records
[Virus database] E:\DrWeb\drw44402.vdb - 94 virus records
[Virus database] E:\DrWeb\drw44401.vdb - 557 virus records
[Virus database] E:\DrWeb\drw44400.vdb - 945 virus records
[Virus database] E:\DrWeb\drwebase.vdb - 209466 virus records
[Virus database] E:\DrWeb\dwrtoday.vdb - 296 virus records
[Virus database] E:\DrWeb\dwntoday.vdb - 161 virus records
[Virus database] E:\DrWeb\dwn44402.vdb - 814 virus records
[Virus database] E:\DrWeb\dwn44401.vdb - 698 virus records
[Virus database] E:\DrWeb\drwrisky.vdb - 2747 virus records
[Virus database] E:\DrWeb\drwnasty.vdb - 13534 virus records
Total virus records: 300601
Key file: E:\DrWeb\drwdemo.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates on: 2007-02-05
License key expires on: 2010-02-11
Master Boot Record HDD1 - Ok
Active OS/2 or WinNT Boot Sector HDD1 - Ok

[Scan path] G:\v\aaa.exe
>>G:\v\aaa.exe infected with Trojan.DownLoader.origin

[Scan path] G:\v\Ajax[1].gif
G:\v\Ajax[1].gif - Ok

[Scan path] G:\v\Bfyy[1].gif
G:\v\Bfyy[1].gif - Ok

[Scan path] G:\v\Lz[1].gif
G:\v\Lz[1].gif - Ok

[Scan path] G:\v\Ms06014[1].htm
>G:\v\Ms06014[1].htm\VBScript.0 - Ok
>G:\v\Ms06014[1].htm\Script.1 - Ok
G:\v\Ms06014[1].htm - Ok

[Scan path] G:\v\Pps[1].gif
G:\v\Pps[1].gif - Ok

[Scan path] G:\v\QVod[1].htm
>G:\v\QVod[1].htm\Script.0 - Ok
G:\v\QVod[1].htm - Ok

[Scan path] G:\v\Real.js
G:\v\Real.js - Ok

[Scan path] G:\v\XunLei[1].gif
G:\v\XunLei[1].gif - Ok

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 12
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 32 Kb/s
Scan time: 00:00:01
-----------------------------------------------------------------------------

G:\v\aaa.exe - deleted

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 12
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 32 Kb/s
Scan time: 00:00:01
=============================================================================
回复

举报

woai_jolin
发表于 2008-2-9 15:13:00 | 显示全部楼层
=============================================================================
Dr.Web(R) Scanner for Windows v4.44.2 (4.44.2.11261)
(c) 1992-2007 Igor Daniloff. All rights reserved.
Log generated on: 2008-02-09, 15:12:30 [Administrator]
Command-line: "E:\DrWeb\DrWeb32W.Exe" /ARN /HA /OK /UPN /TM- /AL /SS- /SD /SHELL /TB-
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 4.44 (4.44.0.09170)
Engine API version: 2.02
[Virus database] E:\DrWeb\drwtoday.vdb - 789 virus records
[Virus database] E:\DrWeb\drw44425.vdb - 3609 virus records
[Virus database] E:\DrWeb\drw44424.vdb - 7770 virus records
[Virus database] E:\DrWeb\drw44423.vdb - 4210 virus records
[Virus database] E:\DrWeb\drw44422.vdb - 1010 virus records
[Virus database] E:\DrWeb\drw44421.vdb - 421 virus records
[Virus database] E:\DrWeb\drw44420.vdb - 1306 virus records
[Virus database] E:\DrWeb\drw44419.vdb - 1234 virus records
[Virus database] E:\DrWeb\drw44418.vdb - 1238 virus records
[Virus database] E:\DrWeb\drw44417.vdb - 4406 virus records
[Virus database] E:\DrWeb\drw44416.vdb - 7847 virus records
[Virus database] E:\DrWeb\drw44415.vdb - 6014 virus records
[Virus database] E:\DrWeb\drw44414.vdb - 804 virus records
[Virus database] E:\DrWeb\drw44413.vdb - 5020 virus records
[Virus database] E:\DrWeb\drw44412.vdb - 1565 virus records
[Virus database] E:\DrWeb\drw44411.vdb - 1582 virus records
[Virus database] E:\DrWeb\drw44410.vdb - 1131 virus records
[Virus database] E:\DrWeb\drw44409.vdb - 2303 virus records
[Virus database] E:\DrWeb\drw44408.vdb - 3904 virus records
[Virus database] E:\DrWeb\drw44407.vdb - 2456 virus records
[Virus database] E:\DrWeb\drw44406.vdb - 4411 virus records
[Virus database] E:\DrWeb\drw44405.vdb - 1311 virus records
[Virus database] E:\DrWeb\drw44404.vdb - 2486 virus records
[Virus database] E:\DrWeb\drw44403.vdb - 4462 virus records
[Virus database] E:\DrWeb\drw44402.vdb - 94 virus records
[Virus database] E:\DrWeb\drw44401.vdb - 557 virus records
[Virus database] E:\DrWeb\drw44400.vdb - 945 virus records
[Virus database] E:\DrWeb\drwebase.vdb - 209466 virus records
[Virus database] E:\DrWeb\dwrtoday.vdb - 296 virus records
[Virus database] E:\DrWeb\dwntoday.vdb - 161 virus records
[Virus database] E:\DrWeb\dwn44402.vdb - 814 virus records
[Virus database] E:\DrWeb\dwn44401.vdb - 698 virus records
[Virus database] E:\DrWeb\drwrisky.vdb - 2747 virus records
[Virus database] E:\DrWeb\drwnasty.vdb - 13534 virus records
Total virus records: 300601
Key file: E:\DrWeb\drwdemo.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates on: 2007-02-05
License key expires on: 2010-02-11
Master Boot Record HDD1 - Ok
Active OS/2 or WinNT Boot Sector HDD1 - Ok

[Scan path] G:\v\aaa.exe
>>G:\v\aaa.exe infected with Trojan.DownLoader.origin
G:\v\aaa.exe:Zone.Identifier - Ok

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 4
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 16 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

G:\v\aaa.exe - deleted

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 4
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 16 Kb/s
Scan time: 00:00:00
=============================================================================
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-14 14:58 , Processed in 0.145681 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表