收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 今天发现的新病毒!很多杀软不报!
1234下一页
返回列表 发新帖
查看: 6029|回复: 31
收起左侧

[病毒样本] 今天发现的新病毒!很多杀软不报!

[复制链接]
chabosh
发表于 2008-3-13 10:44:07 | 显示全部楼层 |阅读模式
今天发现的新病毒!很多杀软不报!
文件 explorer.exe 接收于 2008.03.13 03:35:40 (CET)
反病毒引擎版本最后更新扫描结果
AhnLab-V32008.3.12.02008.03.12-
AntiVir7.6.0.732008.03.12-
Authentium4.93.82008.03.13-
Avast4.7.1098.02008.03.12-
AVG7.5.0.5162008.03.12Generic9.BIQX
BitDefender7.22008.03.13Trojan.Downloader.Agent.ZDF
CAT-QuickHeal9.502008.03.12-
ClamAV0.92.12008.03.13-
DrWeb4.44.0.091702008.03.12-
eSafe7.0.15.02008.03.09-
eTrust-Vet31.3.56102008.03.13-
Ewido4.02008.03.12-
FileAdvisor12008.03.13-
Fortinet3.14.0.02008.03.12-
F-Prot4.4.2.542008.03.12-
F-Secure6.70.13260.02008.03.13W32/Downloader
IkarusT3.1.1.202008.03.13Worm.Win32.Downloader.am
Kaspersky7.0.0.1252008.03.13Worm.Win32.Downloader.fi
McAfee52502008.03.12-
Microsoft1.33012008.03.12-
NOD32v229432008.03.13probably unknown NewHeur_PE virus
Norman5.80.022008.03.12W32/Downloader
Panda9.0.0.42008.03.12-
Prevx1V22008.03.13-
Rising20.35.22.002008.03.12-
Sophos4.27.02008.03.13-
Sunbelt3.0.930.02008.03.05-
Symantec102008.03.13-
TheHacker6.2.92.2442008.03.12-
VBA323.12.6.22008.03.13suspected of Win32.Trojan.Downloader (http://...)
VirusBuster4.3.26:92008.03.12-
Webwasher-Gateway6.6.22008.03.13-

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

hahacomcn
发表于 2008-3-13 10:55:15 | 显示全部楼层
to vlab~
回复

举报

chabosh
 楼主| 发表于 2008-3-13 11:00:55 | 显示全部楼层
发现以下问题:


找到可疑开机程序:UPXDND ( C:\WINDOWS\upxdnd.exe)
找到可疑开机程序:WINSYSM ( C:\WINDOWS\49400M.exe)
找到可疑应用初始化程序:bauhgnem.dll,eohsom.dll,fyom.dll,sauhad.dll,ijougiemnaw.dll,taijoad.dll,lnaixnauhqq.dll,idtj.dll,vhqq.dll,atgnehz.dll,rsqq.dll,tsqc.dll,vauyiqvlnaix.dll,wq.dll,fmxh.dll,cty.dll,pahzij.dll,jz.dll,bz.dll,pyomielnux.dll,mhtd.dll,qnefnaib.dll,ej.dll,uixauh.dll,hjiq.dll,kiluw.dll,dsfg.dll,yqhs.dll,oaijihzeuyouhz.dll,jemnaw.dll,cuhad.dll,laixuhz.dll,rfhx.dll,mnauygniqaixnaij.dll,oqnauhc.dll,xjxr.dll,utiemnaw.dll,sve.dll,wininat.dll,gnolnait.dll,zadnew.dll,htwx.dll,knaixnauhuoyizqq.dll,duygnef.dll,gmx.dll,nadgnohiac.dll,agzg.dll,qlihzouhgnfe.dll,bchib.dll,tzm.dll,r2.dll,slcs.dll,xptyj.dll,xhtd.dll,qq.dll,sfhx.dll,gnaixnauhqq.dll,3auhad.dll,oadnew.dll,iemnaw.dll,qcsct.dll,oadgnohiac.dll,iqnauhc.dll,aixauh.dll,ddtj.dll,nuygnef.dll,uohsom.dll,gnefnaib.dll,ijiq.dll,hjxr.dll,naijoad.dll,naixuhz.dll,nahzij.dll,fmxh.dll,zqhs.dll,jsfg.dll,utgnehz.dll,uyom.dll,wtiemnaw.dll,uyomielnux.dll,vlihzouhgnfe.dll,2ty.dll,nauhgnem.dll,auhad.dll,rj.dll,hz.dll,naijihzeuyouhz.dll,xhqq.dll,jmx.dll,dgzg.dll,gsqq.dll,fz.dll,gnaixnauhuoyizqq.dll,gnolnait.dll,jsqc.dll,dqncj.dll,eve.dll,2nauygniqaixnaij.dll,niluw.dll,ijougiemnaw.dll,wtwx.dll,jghf.dll,msd.dll,asj.dll,her.dll,awf.dll,,msosmhfp01.dll
找到未知IE插件:C:\Program Files\Internet Explorer\PLUGINS\Ns_Sys55.Sys
找到未知文件执行挂钩:{3be976db-b807-4251-81e8-38997856f675}(C:\WINDOWS\system32\fCBDCBD1033.dll)
找到未知文件执行挂钩:{D29DCEE0-457B-45A2-A92D-741B95B7723B}(C:\Program Files\Internet Explorer\PLUGINS\Ns_Sys55.Sys)
找到未知文件执行挂钩:{b85e14e1-c041-4181-ad89-44a1da432fd9}(C:\WINDOWS\system32\ayCBDCBD1039.dll)
找到未知文件执行挂钩:{d9a0e8e6-e1f0-4b21-a09e-22e6e189fd7a}(C:\WINDOWS\system32\ffFKKFKK1047.dll)
找到未知文件执行挂钩:{5d965c11-4200-44fc-8fd8-6897bccc5d75}(C:\WINDOWS\system32\ffNNBNNB1033.dll)
找到未知文件执行挂钩:{1DB3C525-5271-46F7-887A-D4E1ADAA7632}(C:\WINDOWS\system32\hfrdzx.dll)
找到未知文件执行挂钩:{45AADFAA-DD36-42AB-83AD-0521BBF58C24}(C:\WINDOWS\system32\zjydcx.dll)
找到未知文件执行挂钩:{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}(C:\WINDOWS\system32\hhrdxd.dll)

WinSysM
AVPSrv

发现的生成物

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

hahacomcn
发表于 2008-3-13 11:03:03 | 显示全部楼层
Begin scan in 'C:\Documents and Settings\haha\桌面\bingdu.rar'
C:\Documents and Settings\haha\桌面\bingdu.rar
  [0] Archive type: RAR
  --> bingdu\WSockDrv32.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> bingdu\upxdnd.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> bingdu\jylvvibi.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> bingdu\AVPSrv.exE
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.tcq.4
  --> bingdu\DbgHlp32.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.TJR.9
  --> bingdu\AtiSrv.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
      [INFO]      A backup was created as '484699e1.qua'  ( QUARANTINE )


End of the scan: 2008年3月13日  11:03
Used time: 00:03 min

The scan has been done completely.

      0 Scanning directories
      8 Files were scanned
      6 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
回复

举报

leonfg
发表于 2008-3-13 11:05:37 | 显示全部楼层
ESET全K!
C:\Documents and Settings\GUNDAM\桌面\explorer.rar » RAR » explorer.exe - probably unknown NewHeur_PE virus

C:\Documents and Settings\GUNDAM\桌面\bingdu.rar » RAR » bingdu\WSockDrv32.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\bingdu.rar » RAR » bingdu\upxdnd.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\bingdu.rar » RAR » bingdu\jylvvibi.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\bingdu.rar » RAR » bingdu\AVPSrv.exE - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\bingdu.rar » RAR » bingdu\DbgHlp32.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\bingdu.rar » RAR » bingdu\AtiSrv.exe - probably a variant of Win32/TrojanDownloader.Agent.NWE trojan
回复

举报

spaceplane
发表于 2008-3-13 11:07:52 | 显示全部楼层
http://research.sunbelt-software.com/ViewMalware.aspx?id=3474021
回复

举报

SW-27
发表于 2008-3-13 11:18:19 | 显示全部楼层
可以上报吗?

回复

举报

chabosh
 楼主| 发表于 2008-3-13 11:28:01 | 显示全部楼层

又找到一个!同一台电脑上的!

同一台电脑上的!又找到一个!
回复

举报

1688388728
发表于 2008-3-13 11:29:27 | 显示全部楼层
发现病毒: Worm.Win32.Downloader.fi

An attempt was made to open an infected file.

File: explorer.exe
Directory: D:\样本\explorer
回复

举报

kiki
发表于 2008-3-13 12:13:25 | 显示全部楼层
文件没报,生成物报了


[CONTROL]
VERSION=2008-2-3

[DOWN]
NEWVERSION=
1=http://www.52gol.com/xx/soc1.exe
2=http://www.52gol.com/xx/soc2.exe
3=http://www.52gol.com/xx/soc3.exe
4=http://www.52gol.com/xx/soc4.exe
5=http://www.52gol.com/xx/soc5.exe
6=http://www.52gol.com/xx/soc6.exe
7=http://www.52gol.com/xx/soc7.exe
8=http://www.52gol.com/xx/soc8.exe
9=http://www.52gol.com/xx/soc9.exe
10=http://www.52gol.com/xx/soc10.exe
11=http://www.52gol.com/xx/soc11.exe
12=http://www.52gol.com/xx/soc12.exe
13=http://www.52gol.com/xx/soc13.exe
14=http://www.52gol.com/xx/soc14.exe
15=http://www.52gol.com/xx/soc15.exe
16=http://www.52gol.com/xx/soc16.exe
17=http://www.52gol.com/xx/soc17.exe
18=http://www.52gol.com/xx/soc18.exe
19=http://www.52gol.com/xx/soc19.exe
20=http://www.52gol.com/xx/soc20.exe
21=http://www.52gol.com/xx/soc21.exe
22=http://www.52gol.com/xx/soc22.exe
23=http://www.52gol.com/xx/soc23.exe
24=http://www.52gol.com/xx/soc24.exe
25=http://www.52gol.com/xx/soc25.exe

[ 本帖最后由 kiki 于 2008-3-13 12:18 编辑 ]
回复

举报

下一页 »
1234下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-1 07:12 , Processed in 0.148758 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表