内核级恶魔病毒— 磁碟机 样本（已找到专杀+rappar大师纯手工解决方案）

5551551

   我发的贴子：内核级变态恶魔病毒———毒王之王（http://bbs.kafan.cn/viewthread.php?tid=211908&extra=page%3D1&page=1）想不到竟然引发了不少人的叽笑~！汗~~   

  因为你们的回贴里提到的病毒，和我抓到的样本，基本上是一回事。但是病毒能不能杀掉，就是两回事了。 说我写得好夸张的，有种的你在你们电脑里面跑一圈，看是我夸张还是你们无知。不要老是拿个杀毒来扫描一下就完事。因为我们面对的是已经中毒的人群，这种拿杀毒来测一下毒没任何意义，我们追求的，是中毒的电脑上如何消灭掉病毒~

ALEXBLAIR版主：给个样本，虚拟机里跑一圈，就可以按照log做专杀了。。。。你用autoruns/icesword去处理下好了。。。。
回：任何杀毒方面的东西都打不开，再做专杀也没有用~~~~

swans：应该就是那个传说中的超强磁碟机病毒，毒霸社区似乎已经给出了解决方案，不过我承认我确实被震撼了，不过不是这个病毒，而是被楼主的吹捧能力震撼了，看下这篇帖子吧http://bbs.duba.net/thread-21890093-1-1.html
回：这贴子里给出的工具，全部都打不开~！那个毒霸社区所有的工具，没有一个能对付得了这个病毒~~~~

Nblock：不就是那个很挫的磁碟机嘛 过不了微点
http://bbs.kafan.cn/viewthread.php?tid=211368&extra=page%3D1
回：~~无话可回了~~我们要的是解决方案，OK？而不是马后炮~~

      

下面第7页有专杀下载了！感谢各位~~

毒王之王解压密码5551551

[ 本帖最后由 5551551 于 2008-3-21 20:50 编辑 ]

sam.to

已刪除: 病毒 Virus.Win32.Xorer.ed        檔案: C:\Documents and Settings\kato9096\桌面\毒王之王.rar/陔膘恅璃標\pagefile.exe//PE_Patch.UPX//UPX

上报不报的

hsandstone

用这个东东可以解决掉。



[ 本帖最后由 hsandstone 于 2008-3-2 21:33 编辑 ]

挪威的冬天

你到底照着爱毒霸社区那个帖子试过了没有。。。

taiw_1144

已入微点病毒库
病毒名称:Virus.Win32.Xorer.kc

程序:
C:\DOCUMENTS AND SETTINGS\JINLING\LOCAL SETTINGS\TEMP\RAR$EX00.938\新建文件夹\PAGEFILE.EXE
是病毒程序!
已成功阻止其运行,是否要删除此文件?

[ 本帖最后由 taiw_1144 于 2008-3-2 21:04 编辑 ]

lomo

Start of the scan: 2008年3月2日  20:57

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Owner\桌面\毒王之王.rar'
C:\Documents and Settings\Owner\桌面\毒王之王.rar
  [0] Archive type: RAR
  --> н¨Îļþ¼Ð\pagefile.pif
      [DETECTION] Is the Trojan horse TR/Drop.Xorer.C
      [INFO]      A backup was created as '961617bd.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!


End of the scan: 2008年3月2日  20:57
Used time: 00:04 min

The scan has been done completely.

      0 Scanning directories
      5 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      4 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes

欠妳緈諨

D:\病毒测试\未解压样本\毒王之王.rar » RAR » 新建文件夹\pagefile.pif - probably a variant of Win32/Genetik trojan

lomo

Suspicious Files and Miscellaneous Uploads

Thank you for your submission. Below you can see the current status of the uploaded files.


--------------------------------------------------------------------------------


We received the following archive files:



File ID  Filename  Size (Byte) Result
3781989  毒王之王.rar 93.33 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
3781990  pagefile.exe  8 KB  UNDER ANALYSIS
3781991  pagefile.pif  91.5 KB  MALWARE
3781992  rising.ini  46 Byte  UNDER ANALYSIS


Please find a detailed report concerning each individual sample below:

Filename Result
pagefile.exe  UNDER ANALYSIS

The file 'pagefile.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
pagefile.pif  MALWARE

The file 'pagefile.pif' has been determined to be 'MALWARE'. Our analysts named the threat TR/Drop.Xorer.C. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.02.190.

Filename Result
rising.ini  UNDER ANALYSIS

The file 'rising.ini' has been determined to be 'UNDER ANALYSIS'.


--------------------------------------------------------------------------------
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Worm.Win32.DiskGen.gfc   

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.33.62



现在在本社区已经被发过不下5次，还这么夸张的帖子标题！

sums2001

有人试过没有？我不敢试....近段时间的毒都可以对虚拟机下手了...