疑似木马x3

显示全部楼层 · 发表于 2008-3-18 18:10:09

http://ssta.vicp.cc/%E4%B8%8A%E4%BC%A0%E6%96%87%E4%BB%B6/cf.exe (Radmin)
http://ssta.vicp.cc/%E4%B8%8A%E4%BC%A0%E6%96%87%E4%BB%B6/cftom.exe
http://ssta.vicp.cc/%E4%B8%8A%E4%BC%A0%E6%96%87%E4%BB%B6/cftom.rar

从清泉某列表里面挖出来的

[ 本帖最后由 qianwenxiang 于 2008-3-18 18:18 编辑 ]

显示全部楼层 · 发表于 2008-3-18 18:14:47

BD 全飘

[ 本帖最后由 spaceplane 于 2008-3-18 19:42 编辑 ]

显示全部楼层 · 发表于 2008-3-18 19:24:23

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\pack.rar'
C:\Documents and Settings\Administrator\桌面\pack.rar
  [0] Archive type: RAR
--> cftom.rar
   [1] Archive type: RAR
   --> cftom.exe
      [DETECTION] Contains detection pattern of the application APPL/Rmadmin.17408
  --> cf.exe
   [DETECTION] Contains detection pattern of the application APPL/Rmadmin.17408
  --> cftom.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2008-3-18 19:31:45

用的花生壳域名

显示全部楼层 · 发表于 2008-3-18 19:47:04

ess扫描日志
病毒库版本: 2954 (20080318)
日期: 2008-3-18 时间: 19:45:08
已扫描的磁盘、文件夹和文件: D:\Documents and Settings\xx\桌面\pack.rar
D:\Documents and Settings\xx\桌面\pack.rar > RAR > cftom.rar > RAR > cftom.exe > PECompact v2.xx - Win32/RemoteAdmin 应用程序的变种
D:\Documents and Settings\xx\桌面\pack.rar > RAR > cf.exe > PECompact v2.xx - Win32/RemoteAdmin 应用程序的变种
D:\Documents and Settings\xx\桌面\pack.rar > RAR > cftom.exe > PECompact v2.xx - 解压错误
已扫描的对象数: 3
发现的威胁数: 2
完成时间: 19:47:32 总扫描时间: 144 秒

(00:02:24)

显示全部楼层 · 发表于 2008-3-18 19:50:03

原帖由 tanlimo 于 2008-3-18 19:47 发表
ess扫描日志
病毒库版本: 2954 (20080318)
日期: 2008-3-18 时间: 19:45:08
已扫描的磁盘、文件夹和文件: D:\Documents and Settings\xx\桌面\pack.rar
D:\Documents and Settings\xx\桌面\pack.rar > RAR > cf ...

红伞全保。。。

呵呵，，脱壳脱得卡吧。

显示全部楼层 · 发表于 2008-3-18 19:58:53

费尔不认识

显示全部楼层 · 发表于 2008-3-18 20:00:09

卡巴不认识~

显示全部楼层 · 发表于 2008-3-18 20:00:26

2秒就搞定了
detected: riskware not-a-virus:RemoteAdmin.Win32.RAdmin.20 File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/cftom.rar/cftom.exe//PE_Patch.PECompact//PecBundle//PECompact//#//NSPack//NSPack
detected: riskware not-a-virus:RemoteAdmin.Win32.RAdmin.20 File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/cf.exe//PE_Patch.PECompact//PecBundle//PECompact//#//NSPack//NSPack

Hello,

cf.exek, cftom.exek - Backdoor.Win32.VB.cuj

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

cftom.exekk

This file is corrupted.

Please quote all when answering.

--
Best regards, Vladimir Krylov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

> Attachment: pack.rar

[ 本帖最后由 wangjay1980 于 2008-3-18 23:57 编辑 ]

显示全部楼层 · 发表于 2008-3-18 20:17:31

D:\firefox download\pack.rar » RAR » cftom.rar » RAR » cftom.exe » PECompact v2.xx - a variant of Win32/RemoteAdmin application
D:\firefox download\pack.rar » RAR » cf.exe » PECompact v2.xx - a variant of Win32/RemoteAdmin application
D:\firefox download\pack.rar » RAR » cftom.exe » PECompact v2.xx - unpack error
D:\firefox download\pack.rar:Zone.Identifier - is OK

[病毒样本] 疑似木马x3

本帖子中包含更多资源

浏览过的版块