下载者下来的5个

zzh161

有两个过了不少杀软，还有个700多K，真大

样本：

那个700多K的是个鸽子，下载来个地址hxxp://123.154.35.209:8000/wwwroot/

[ 本帖最后由 zzh161 于 2008-2-9 13:43 编辑 ]

hshhua01

Begin scan in 'D:\BOOK\yx.rar'
D:\BOOK\yx.rar
  [0] Archive type: RAR
  --> 11\ai.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 11\ddos.exe
      [DETECTION] Is the Trojan horse TR/Agent.10555
  --> 11\my.exe
      [DETECTION] Contains detection pattern of the dropper DR/PCK.Klone.AO.134
  --> 11\qq.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
  --> 11\zx.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.prw.3
      [WARNING]   The file was ignored!

Palkia

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX7A\11\ZX.EXE        TrojanPSW.OnLineGames.pry.ytot        木马        还未处理
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX7E\3.EXE        Packed.Klone.ao.jocq        可疑程序        还未处理
C:\Documents and Settings\Administrator\桌面\yx.rar>>11\my.exe>>emb-0.cab>>3.exe        Packed.Klone.ao.jocq        可疑程序        还未处理
C:\Documents and Settings\Administrator\桌面\yx.rar>>11\qq.exe        TrojanPSW.QQPass.arx.brni        木马        还未处理
C:\Documents and Settings\Administrator\桌面\yx.rar>>11\zx.exe        TrojanPSW.OnLineGames.pry.ytot        木马        还未处理

冷冷

IK
I:\virus\yx.rar:\11\ai.exe - Signature 'Trojan-Downloader.Win32.Delf.ald' found
I:\virus\yx.rar:\11\ddos.exe - Signature 'Trojan-PWS.Win32.Nilage.lp' found
I:\virus\yx.rar:\11\my.exe
I:\virus\yx.rar:\11\qq.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\virus\yx.rar:\11\zx.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\yx.rar

        6 Files scanned
          (1 Archiv with 5 files)
        4 Signatures found
        0 Suspect code-parts found
        Used time: 0:00.282

solcroft

一个嵌入，一个废物

电影结束了

扫描系统区域...
扫描所选择的目录和文件...
对象: 11/my.exe/data0000.cab 3.exe
        在压缩档案里: C:\Documents and Settings\wangcheng\桌面\yx.rar
        Status: 已发现病毒
        病毒: Packed.Win32.Klone.ao (KAV 引擎)
对象: 11 qq.exe
        在压缩档案里: C:\Documents and Settings\wangcheng\桌面\yx.rar
        Status: 已发现病毒
        病毒: Trojan-PSW.Win32.QQPass.arx (KAV 引擎)
对象: 11 zx.exe
        在压缩档案里: C:\Documents and Settings\wangcheng\桌面\yx.rar
        Status: 已发现病毒
        病毒: Trojan-PSW.Win32.OnLineGames.pry (KAV 引擎)
对象: 11\ddos.exe
        在压缩档案里: C:\Documents and Settings\wangcheng\桌面\yx.rar
        Status: 已发现病毒
        病毒: DeepScan:Generic.Malware.dld!Tkg.6C8923B4 (BD 引擎)
对象: 11\qq.exe
        在压缩档案里: C:\Documents and Settings\wangcheng\桌面\yx.rar
        Status: 已发现病毒
        病毒: Trojan.PWS.QQPass.NDO (BD 引擎)
对象: 11\zx.exe
        在压缩档案里: C:\Documents and Settings\wangcheng\桌面\yx.rar
        Status: 可疑病毒
        病毒: Trojan.PWS.OnlineGames.NZG (BD 引擎)

Result: 3 malware found
Packed.Win32.Klone.ao (virus)
C:\Documents and Settings\Hatry.FAMILY-10EDEF61\®à­±\yx.rar\11\my.exe
Trojan-PSW.Win32.QQPass.arx (virus)
C:\Documents and Settings\Hatry.FAMILY-10EDEF61\®à­±\yx.rar\11\qq.exe
Trojan-PSW.Win32.OnLineGames.pry (virus)
C:\Documents and Settings\Hatry.FAMILY-10EDEF61\®à­±\yx.rar\11\zx.exe

sharkkong

已删除: 病毒 Heur.Trojan.Generic （变种）        文件: E:\下载\yx.rar/11\ddos.exe//PE_Patch//NSPack
已删除: 病毒 Packed.Win32.Klone.ao        文件: E:\下载\yx.rar/11\my.exe//data0000.cab/3.exe//PE_Patch
已删除: 木马程序 Trojan-PSW.Win32.QQPass.arx        文件: E:\下载\yx.rar/11\qq.exe//UPack//PE_Patch.MaskPE
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.pry        文件: E:\下载\yx.rar/11\zx.exe//PE_Patch//UPack

花间酒

动作少
EQ拦光

woai_jolin

========================================================================
Dr.Web(R) Scanner for Windows v4.44.2 (4.44.2.11261)
(c) 1992-2007 Igor Daniloff. All rights reserved.
Log generated on: 2008-02-09, 14:58:58 [Administrator]
Command-line: "E:\DrWeb\DrWeb32W.Exe" /ARN /HA /OK /UPN /TM- /AL /SS- /SD /SHELL /TB-
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 4.44 (4.44.0.09170)
Engine API version: 2.02
[Virus database] E:\DrWeb\drwtoday.vdb - 789 virus records
[Virus database] E:\DrWeb\drw44425.vdb - 3609 virus records
[Virus database] E:\DrWeb\drw44424.vdb - 7770 virus records
[Virus database] E:\DrWeb\drw44423.vdb - 4210 virus records
[Virus database] E:\DrWeb\drw44422.vdb - 1010 virus records
[Virus database] E:\DrWeb\drw44421.vdb - 421 virus records
[Virus database] E:\DrWeb\drw44420.vdb - 1306 virus records
[Virus database] E:\DrWeb\drw44419.vdb - 1234 virus records
[Virus database] E:\DrWeb\drw44418.vdb - 1238 virus records
[Virus database] E:\DrWeb\drw44417.vdb - 4406 virus records
[Virus database] E:\DrWeb\drw44416.vdb - 7847 virus records
[Virus database] E:\DrWeb\drw44415.vdb - 6014 virus records
[Virus database] E:\DrWeb\drw44414.vdb - 804 virus records
[Virus database] E:\DrWeb\drw44413.vdb - 5020 virus records
[Virus database] E:\DrWeb\drw44412.vdb - 1565 virus records
[Virus database] E:\DrWeb\drw44411.vdb - 1582 virus records
[Virus database] E:\DrWeb\drw44410.vdb - 1131 virus records
[Virus database] E:\DrWeb\drw44409.vdb - 2303 virus records
[Virus database] E:\DrWeb\drw44408.vdb - 3904 virus records
[Virus database] E:\DrWeb\drw44407.vdb - 2456 virus records
[Virus database] E:\DrWeb\drw44406.vdb - 4411 virus records
[Virus database] E:\DrWeb\drw44405.vdb - 1311 virus records
[Virus database] E:\DrWeb\drw44404.vdb - 2486 virus records
[Virus database] E:\DrWeb\drw44403.vdb - 4462 virus records
[Virus database] E:\DrWeb\drw44402.vdb - 94 virus records
[Virus database] E:\DrWeb\drw44401.vdb - 557 virus records
[Virus database] E:\DrWeb\drw44400.vdb - 945 virus records
[Virus database] E:\DrWeb\drwebase.vdb - 209466 virus records
[Virus database] E:\DrWeb\dwrtoday.vdb - 296 virus records
[Virus database] E:\DrWeb\dwntoday.vdb - 161 virus records
[Virus database] E:\DrWeb\dwn44402.vdb - 814 virus records
[Virus database] E:\DrWeb\dwn44401.vdb - 698 virus records
[Virus database] E:\DrWeb\drwrisky.vdb - 2747 virus records
[Virus database] E:\DrWeb\drwnasty.vdb - 13534 virus records
Total virus records: 300601
Key file: E:\DrWeb\drwdemo.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates on: 2007-02-05
License key expires on: 2010-02-11
Master Boot Record HDD1 - Ok
Active OS/2 or WinNT Boot Sector HDD1 - Ok

[Scan path] G:\v\11
G:\v\11\ai.exe - Ok
>G:\v\11\ddos.exe probably infected with DLOADER.Trojan
G:\v\11\my.exe - Ok
>>>>>>G:\v\11\qq.exe infected with Trojan.DownLoader.origin
>G:\v\11\zx.exe infected with Trojan.PWS.Wsgame.3196

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 7
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 1
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 881 Kb/s
Scan time: 00:00:01
-----------------------------------------------------------------------------

G:\v\11\ddos.exe - deleted
G:\v\11\qq.exe - deleted
G:\v\11\zx.exe - deleted

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 7
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 1
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 3
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 881 Kb/s
Scan time: 00:00:01
=============================================================================