查看: 4495|回复: 21
收起左侧

[已鉴定] KAVO病毒变种

 关闭 [复制链接]
醉一生爱妍
发表于 2008-2-9 18:42:54 | 显示全部楼层 |阅读模式
样本:http://www.avpclub.ddns.info/discuz/viewthread.php?tid=8255&pid=70190&page=1&extra=pageD1#pid70190

KAVO病毒变种

引用krichard2007

3g08.bat
autorun.inf 內容...
;w0KDapAKw0L24SnqLda2iUkKfjk9o450q5dDaJi2lsf8slSCiisqks
[AutoRun]
;fs1kLwkKDD32kkAi5DkdZ1Aaj4DXsqwLlLd7sK
open=3g08.bat
;3AC5oklKFH34402AlDfZsd491wi1532L4a0D4D7rKrIlqqKOl8wkkferi9Ldo3AiD29kdaa3eso3ai1aKk0n5swawwsiL34ojwj54jsd22Sw9k3jAsDsA
shell\open\Command=3g08.bat
;LwsI2S2kniidwFw1q4l39i3s53lqsZJ133eaDD7Ao52kKikkf78we003or3wlLr1li7qawpjJ2o3dwl0wdj82rl0djqs4oimkak1forasc
shell\open\Default=1
;p3OidFakoa2wkL
shell\explore\Command=3g08.bat
;K6OHq4ls40Dqidnq8LI3kdwfikreoC4Sf1wJ2oSwLkUA37KSKDlsJ0AirwmsS1wj3sAJiiref4paqsL3wkqal925lljafij3a29akK3AlLr4pk
另外OSO.exe


补偿吧- -

[ 本帖最后由 garyyan456 于 2008-2-9 18:58 编辑 ]

3g08.zip

111.9 KB, 下载次数: 167

醉一生爱妍
 楼主| 发表于 2008-2-9 18:43:45 | 显示全部楼层
沙发,等待样本
kuririn
发表于 2008-2-9 18:49:48 | 显示全部楼层
不是只有亂七八糟的網才是毒網

而是網頁裡有毒就叫毒網
醉一生爱妍
 楼主| 发表于 2008-2-9 18:51:01 | 显示全部楼层
偶知道了,立刻换内容
醉一生爱妍
 楼主| 发表于 2008-2-9 18:59:27 | 显示全部楼层
卡巴杀.........
冷冷
发表于 2008-2-9 18:59:52 | 显示全部楼层
地板。。。。。
---------------IK
I:\virus\3g08.zip:\3g08.bat - Signature 'Trojan-PWS.Win32.OnLineGames.pjb' found
I:\virus\3g08.zip
2 Files scanned
   (1 Archiv with 1 file)
1 Signature found
0 Suspect code-parts found
Used time: 0:00.016

----------------
跟你的不一样
1.PNG

[ 本帖最后由 冷_冷 于 2008-2-9 19:11 编辑 ]
醉一生爱妍
 楼主| 发表于 2008-2-9 19:00:55 | 显示全部楼层

回复 6楼 冷_冷 的帖子

杀1楼的样本吧- -

偶知错了
挪威的冬天
发表于 2008-2-9 19:01:21 | 显示全部楼层


信息        2008-02-09  19:00:53        您此次查毒共查出1个病毒以及危险代码                       
信息        2008-02-09  19:00:53        您此次查毒共查了内存模块0个,磁盘引导扇区0个,文件3个                       
信息        2008-02-09  19:00:53        金山毒霸主程序查毒过程结束,查毒方式:命令行查毒                       
病毒        2008-02-09  19:00:53        C:\Users\挪威的冬天\Desktop\3g08.zip\3g08.bat        Win32.Hack.NSAnti.ge        跳过,未处理
Graybird
发表于 2008-2-9 19:02:05 | 显示全部楼层
Starting the file scan:

Begin scan in 'E:\virus\3g08.zip'
E:\virus\3g08.zip
  [0] Archive type: ZIP
  --> 3g08.bat
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [INFO]      The file was deleted!
woai_jolin
发表于 2008-2-9 19:02:11 | 显示全部楼层
=============================================================================
Dr.Web(R) Scanner for Windows v4.44.2 (4.44.2.11261)
(c) 1992-2007 Igor Daniloff. All rights reserved.
Log generated on: 2008-02-09, 19:01:53 [Administrator]
Command-line: "E:\DrWeb\DrWeb32W.Exe" /ARN /HA /OK /UPN /TM- /AL /SS- /SD /SHELL /TB-
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 4.44 (4.44.0.09170)
Engine API version: 2.02
[Virus database] E:\DrWeb\drwtoday.vdb - 789 virus records
[Virus database] E:\DrWeb\drw44425.vdb - 3609 virus records
[Virus database] E:\DrWeb\drw44424.vdb - 7770 virus records
[Virus database] E:\DrWeb\drw44423.vdb - 4210 virus records
[Virus database] E:\DrWeb\drw44422.vdb - 1010 virus records
[Virus database] E:\DrWeb\drw44421.vdb - 421 virus records
[Virus database] E:\DrWeb\drw44420.vdb - 1306 virus records
[Virus database] E:\DrWeb\drw44419.vdb - 1234 virus records
[Virus database] E:\DrWeb\drw44418.vdb - 1238 virus records
[Virus database] E:\DrWeb\drw44417.vdb - 4406 virus records
[Virus database] E:\DrWeb\drw44416.vdb - 7847 virus records
[Virus database] E:\DrWeb\drw44415.vdb - 6014 virus records
[Virus database] E:\DrWeb\drw44414.vdb - 804 virus records
[Virus database] E:\DrWeb\drw44413.vdb - 5020 virus records
[Virus database] E:\DrWeb\drw44412.vdb - 1565 virus records
[Virus database] E:\DrWeb\drw44411.vdb - 1582 virus records
[Virus database] E:\DrWeb\drw44410.vdb - 1131 virus records
[Virus database] E:\DrWeb\drw44409.vdb - 2303 virus records
[Virus database] E:\DrWeb\drw44408.vdb - 3904 virus records
[Virus database] E:\DrWeb\drw44407.vdb - 2456 virus records
[Virus database] E:\DrWeb\drw44406.vdb - 4411 virus records
[Virus database] E:\DrWeb\drw44405.vdb - 1311 virus records
[Virus database] E:\DrWeb\drw44404.vdb - 2486 virus records
[Virus database] E:\DrWeb\drw44403.vdb - 4462 virus records
[Virus database] E:\DrWeb\drw44402.vdb - 94 virus records
[Virus database] E:\DrWeb\drw44401.vdb - 557 virus records
[Virus database] E:\DrWeb\drw44400.vdb - 945 virus records
[Virus database] E:\DrWeb\drwebase.vdb - 209466 virus records
[Virus database] E:\DrWeb\dwrtoday.vdb - 296 virus records
[Virus database] E:\DrWeb\dwntoday.vdb - 161 virus records
[Virus database] E:\DrWeb\dwn44402.vdb - 814 virus records
[Virus database] E:\DrWeb\dwn44401.vdb - 698 virus records
[Virus database] E:\DrWeb\drwrisky.vdb - 2747 virus records
[Virus database] E:\DrWeb\drwnasty.vdb - 13534 virus records
Total virus records: 300601
Key file: E:\DrWeb\drwdemo.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates on: 2007-02-05
License key expires on: 2010-02-11
Master Boot Record HDD1 - Ok
Active OS/2 or WinNT Boot Sector HDD1 - Ok

[Scan path] G:\v\3g08.bat
G:\v\3g08.bat infected with Trojan.MulDrop.6474

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 3
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 114 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

G:\v\3g08.bat - deleted

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 3
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 114 Kb/s
Scan time: 00:00:00
=============================================================================
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 16:22 , Processed in 0.133900 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表