【转帖】LNK格式的U盘木马~~

冷冷

000048A8   01F960A8      0   Shell32.dll
000048C8   01F960C8      0   Rundll32.exe
00004B08   01F96308      0   ThreadingModel
00004B18   01F96318      0   Apartment
00004B74   01F96374      0   CLSID\SaveInfo\%X
00004B88   01F96388      0   360tray.exe
00004BA8   01F963A8      0   code1984
00004BC8   01F963C8      0   Watcher
00004BD0   01F963D0      0   Sysinternals
00004BE0   01F963E0      0   Monitor
00004C08   01F96408      0   cxlioewrsdf
00004C94   01F96494      0   %s "%s",%s
00004CB0   01F964B0      0   NvStartup


00004CCC   01F964CC      0   KeServiceDescriptorTable
00004CE8   01F964E8      0   ntdll.dll
00004CF4   01F964F4      0   NtQuerySystemInformation
00004D10   01F96510      0   \\.\RESSDTDOS
00004D20   01F96520      0   RESSDT
00004D28   01F96528      0   \ReSSDT.sys
00004D34   01F96534      0   REGSVR32.exe

挪威的冬天

“貌似”很强悍嘛。。。

金山 MISS

傻猪猪米走鸡

Scan Log
Version of virus signature database: 2954 (20080318)
Date: 2008-3-18  Time: 16:04:31
Scanned disks, folders and files: D:\firefox download\AutoRun
D:\firefox download\AutoRun\AutoRun.Inf - Win32/AutoRun.IY worm - cleaned by deleting - quarantined [1]
D:\firefox download\AutoRun\Thumbs.lnk - Win32/AutoRun.IY worm - cleaned by deleting - quarantined [1]
Number of scanned objects: 2
Number of threats found: 2
Time of completion: 16:04:42  Total scanning time: 11 sec (00:00:11)

Notes:
[1] Object has been deleted as it only contained the virus body.

啊弥陀佛

是个ＤＬＬ文件

挪威的冬天

有上报渠道就是好呀 一天就解决了

信息        1998-03-18  16:12:55        您此次查毒清除了1个病毒                       
信息        1998-03-18  16:12:55        您此次查毒共查出1个病毒以及危险代码                       
信息        1998-03-18  16:12:55        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件3个                       
信息        1998-03-18  16:12:55        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        1998-03-18  16:12:55        D:\Desktop\AutoRun.rar\Thumbs.lnk        Win32.Troj.Undef.ad.37898        清除成功

tanlimo

ESS扫描日志
病毒库版本: 2954 (20080318)
日期: 2008-3-18  时间: 16:18:02
已扫描的磁盘、文件夹和文件: D:\Documents and Settings\xx\桌面\AutoRun.rar
D:\Documents and Settings\xx\桌面\AutoRun.rar > RAR > AutoRun.Inf - Win32/AutoRun.IY 蠕虫
D:\Documents and Settings\xx\桌面\AutoRun.rar > RAR > Thumbs.lnk - Win32/AutoRun.IY 蠕虫
已扫描的对象数: 2
发现的威胁数: 2
完成时间: 16:18:02  总扫描时间: 0 秒 (00:00:00)

gho

Scanning Report
18 March 2008 16:22:39 - 16:22:44
Computer name: CN-89FF4B9EA4D6
Scanning type: Scan target
Target: E:\Documents and Settings\Administrator\×ÀÃæ\Thumbs.lnk


--------------------------------------------------------------------------------

Result: 1 malware found
Backdoor.Win32.Agent.fpe (virus)
E:\Documents and Settings\Administrator\×ÀÃæ\Thumbs.lnk Action: deleted




--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 1
Not scanned: 0
Result:
Viruses: 1
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 1
Quarantined: 0
Failed: 0
Boot Sectors:
Scanned: 0
Infected: 0
Suspicious items: 0
Disinfected: 0


--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2008-03-18_01
Spyware: 2008-03-18_01
Scanning Engines:
F-Secure Orion: 1.02.38, 2008-03-18
F-Secure Libra: 2.04.04, 2008-03-17
F-Secure AVP: 7.00.171, 2008-03-18
F-Secure Draco: 1.00.35, 2008-02-13
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Scan inside archives
Actions:
Viruses: Delete infected files
Spyware: Ask after scan

gho

J:\AutoRun.rar >>RAR >>AutoRun.Inf - Win32/AutoRun.IY 蠕虫
J:\AutoRun.rar >>RAR >>Thumbs.lnk - Win32/AutoRun.IY 蠕虫

sjducker

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL:  http://bbs.kafan.cn/attachment.php?aid=221042
Information:  Contains detection pattern of the rootkit RKIT/Agent.6912  


--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 8.0.10.0, AVE 8.1.0.18, VDF 7.0.3.42

BING126

McAfee         Generic BackDoor