又是几乎所有都不报

显示全部楼层 · 发表于 2008-3-19 01:33:21

还是同一个下载器下的,又是除两个误报大小王以外都不报.

这个下载器牛啊,不但疯狂而且新鲜,以后找样本就用它了哈.
VirSCAN.org Scanned Report :
Scanned time : 2008/03/19 09:47:53 (CST)
Scanner results: 3%的杀软(1/36)报告发现病毒
File Name    : Setup8080.zip
File Size    : 46785 byte
File Type    : Zip archive data, at least v2.0 to extract
MD5          : ef336aaa888d4e41cc95050fcbc4bfcc
SHA1          : 5d3ab0b0cb63387fedfac7680d62d511929d331b
Online report  : http://virscan.org/report/b5c7554a7caa07d4dc01724cdc88a6ca.html
Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    3.0.0.126    2008.03.18       2008-03-18  3.45 -
安博士V3    2008.03.19.00 2008.03.19       2008-03-19  1.02 -
AntiVir       7.6.0.75       7.0.3.49       2008-03-18  2.52 -
Arcavir       1.0.4          200803181154    2008-03-18  2.25 -
AVAST       1.0.8          080318-1       2008-03-18  3.06 -
AVG          7.5.51.442    269.21.7/1334    2008-03-18  2.17 -
BitDefender 7.60825.1010920 7.18074          2008-03-19  3.71 -
CA (VET)    9.0.0.143    31.3.5625       2008-03-18  10.77  -
ClamAV       0.92          6294             2008-03-19  0.06 -
Comodo       2.11          2.0.0.468       2008-03-18  1.02 -
CP Secure    1.1.0.715    2008.03.19       2008-03-19  8.44 -
Dr.WEB       4.44.0.9170    2008.03.18       2008-03-18  9.69 -
ewido       4.0.0.2       2008.03.18       2008-03-18  2.37 -
F-PROT       4.4.1.52       20080318       2008-03-18  2.62 -
F-SECURE    5.51.6100    2008.03.18.03    2008-03-18  5.54 -
飞塔          2.81-3.11    8.861          2008-03-19  2.43 Suspicious
ViRobot       20080318       2008.03.18       2008-03-18  0.62 -
IKARUS       T3.1.01.20    2008.03.10.70432  2008-03-10  3.08 -
江民杀毒    10.00.650    2008.03.18       2008-03-18  1.57 -
卡巴斯基    5.5.10       2008.03.18       2008-03-18  12.85  -
金山毒霸    2007.6.20.249 2008.3.18       2008-03-18  1.33 -
迈克菲       5.2.00       5253             2008-03-17  4.20 -
Microsoft    1.3301       2008.03.19       2008-03-19  8.18 -
MKS_VIR       2.01          2008.03.18       2008-03-18  4.48 -
NORMAN       5.91.10       5.90             2008-03-18  11.16  -
熊猫卫士    9.04.03.0001 2008.03.18       2008-03-18  3.69 -
趋势          8.500-1001    5.172.06       2008-03-18  0.08 -
Prevx       V2             20080319       2008-03-19  7.85 -
QuickHeal    9.00          2008.03.14       2008-03-14  2.44 -
瑞星          20.0          20.36.12.00    2008-03-18  2.42 -
SOPHOS       2.71.3       4.27             2008-03-10  9.27 -
赛门铁克    1.3.0.24       20080318.009    2008-03-18  0.27 -
nProtect    2008-03-18.00 1224815          2008-03-18  9.43 -
The Hacker    6.2.92       v00249          2008-03-18  1.92 -
VBA32       3.12.6.3       20080318.0724    2008-03-18  4.50 -
VirusBuster 4.3.19:9       9.123.14/11.0    2008-03-18  3.88 -

[ 本帖最后由 T-G001 于 2008-3-19 09:51 编辑 ]

显示全部楼层 · 发表于 2008-3-19 01:40:09

确实很强，上报了

显示全部楼层 · 发表于 2008-3-19 01:41:58

2008-03-19 01:41:41 文件保护(创建文件) 操作:阻止
进程路径:C:\Documents and Settings\YCNET\桌面\Setup8080\Setup8080.exe
文件路径:C:\WINDOWS\system32\WPASHost.dll
2008-03-19 01:41:39 文件保护(创建文件) 操作:阻止
进程路径:C:\Documents and Settings\YCNET\桌面\Setup8080\Setup8080.exe
文件路径:C:\WINDOWS\system32\WinDPSHost.dll

显示全部楼层 · 发表于 2008-3-19 01:49:33

那把下载器也发上来

补上两只：
http://update2.enet321.cn/WinDPSHost.txt
http://update2.enet321.cn/WPASHost.txt

红伞全飘

[ 本帖最后由 rappar 于 2008-3-19 02:13 编辑 ]

显示全部楼层 · 发表于 2008-3-19 01:54:31

原帖由 rappar 于 2008-3-19 01:49 发表
那把下载器也发上来

补上两只：
http://update2.enet321.cn/WinDPSHost.txt
http://update2.enet321.cn/WPASHost.txt

这个下载器现在超过半数的都能杀了,不过你让它运行就知道它有多恶心了哈,超恶心,有信心和耐心就运行试试?

对了差点忘了说,每次运行都有不同的结果,下的东西也不同,有的不强,有的嘛....

[ 本帖最后由 T-G001 于 2008-3-19 01:57 编辑 ]

显示全部楼层 · 发表于 2008-3-19 02:03:40

http://xxx.ads555.com/txt071219/1023.txt

如果每次下的东西都不同的话，那就是这个列表经常更新了

http://dd.vod199.cn:55/071217/1023.exe
http://dd.vod199.cn:55/yyy/1001.exe
http://dd.vod199.cn:55/rj/3.exe
http://dd.vod199.cn:55/rj/2008020113TestHttp.exe
http://dd.vod199.cn:55/rj/IeLockerInst_04.exe
http://dd.vod199.cn:55/yyy/223.exe
http://dd.vod199.cn:55/rj/alexa201.exe
http://down.ip198.cn/sh/24775393F.exe
http://dd.vod199.cn:55/rj/5.exe

显示全部楼层 · 发表于 2008-3-19 02:16:37

全灭了

Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD\IeLockerInst_04.exe'
C:\TDDOWNLOAD\
  IeLockerInst_04.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
      [2] Archive type: OVL
      --> Object
         [3] Archive type: OVL
         --> Object
            [4] Archive type: OVL
            --> Object
               [DETECTION] Is the Trojan horse TR/Dldr.Agent.lgm
               [WARNING] Infected files in archives cannot be repaired!
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\3.exe'
C:\TDDOWNLOAD\
  3.exe
   [DETECTION] Is the Trojan horse TR/Downloader.Gen
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\5.exe'
C:\TDDOWNLOAD\
  5.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\223.exe'
C:\TDDOWNLOAD\
  223.exe
   [DETECTION] Contains detection pattern of the dropper DR/Agent.gyh
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\1001.exe'
C:\TDDOWNLOAD\
  1001.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\1023.exe'
C:\TDDOWNLOAD\
  1023.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\24775393F.exe'
C:\TDDOWNLOAD\
  24775393F.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\2008020113TestHttp.exe'
C:\TDDOWNLOAD\
  2008020113TestHttp.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agen.113152
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\alexa201.exe'
C:\TDDOWNLOAD\
  alexa201.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [NOTE]    The file was deleted!

End of the scan: 2008年3月18日  11:16
Used time: 00:04 min

The scan has been done completely.

   0 Scanning directories
   9 Files were scanned
   9 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   9 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   0 Archives were scanned
   1 Warnings
   9 Notes

显示全部楼层 · 发表于 2008-3-19 02:17:34

改exe后全不能运行

显示全部楼层 · 发表于 2008-3-19 02:19:42

原帖由 rappar 于 2008-3-19 02:03 发表

 http://xxx.ads555.com/txt071219/1023.txt

如果每次下的东西都不同的话，那就是这个列表经常更新了

远远不止,不然不说它疯狂,而且什么都干,甚至可能会改你的系统登陆密码(先穷举你的),运行多次后遇到一次...有时会隐藏你杀软的主防提示框(如果没被干掉的话)

总之,如果你的杀软不能杀掉那个下载器的话,这个毒挺好玩的..

[ 本帖最后由 T-G001 于 2008-3-19 02:30 编辑 ]

显示全部楼层 · 发表于 2008-3-19 02:22:16

原帖由 rappar 于 2008-3-19 01:49 发表
那把下载器也发上来

补上两只：
http://update2.enet321.cn/WinDPSHost.txt
http://update2.enet321.cn/WPASHost.txt

红伞全飘

漏两个

[ 本帖最后由 tanlimo 于 2008-3-19 02:32 编辑 ]

[病毒样本] 又是几乎所有都不报

本帖子中包含更多资源

回复 1楼 T-G001 的帖子

本帖子中包含更多资源

回复 6楼 rappar 的帖子

回复 4楼 rappar 的帖子

本帖子中包含更多资源

浏览过的版块