剛抓的4枚

llgiggs

那臺電腦現在詭異了，一開機就自動不停的重複運行server.exe，在windows文件夾下面生成N多exe，然後用PrcMgr一看還有偽裝的進程 一共抓出來4個，一會兒繼續回去研究。


順便說一句，那電腦裝的X星

tanlimo

ess扫描日志
病毒库版本: 2969 (20080324)
日期: 2008-3-25  时间: 16:39:12
已扫描的磁盘、文件夹和文件: D:\Documents and Settings\ok\桌面\4.zip
D:\Documents and Settings\ok\桌面\4.zip > ZIP > 2008020150TestHttp.exe - Win32/TrojanDownloader.Agent.NWG 特洛伊木马
D:\Documents and Settings\ok\桌面\4.zip > ZIP > server.exe - 可能是 Win32/Genetik 特洛伊木马 的变种
已扫描的对象数: 4
发现的威胁数: 2
完成时间: 16:39:13  总扫描时间: 1 秒 (00:00:01)




http://www.iiiboy.com/2008020150.zip（什么玩意？我这下不了）

[ 本帖最后由 tanlimo 于 2008-3-25 16:47 编辑 ]

gaojun7206

Virus check with AntiVirusKit
Version 17.0.7089
Virus signatures of 10/4/2008
Start time: 3/25/2008 16:40
Engine(s): Engine A (KAV 88.8888), Engine B (BD 88.8888)
Heuristic: On
Archives: On
System areas: On

Check system areas...
Check selected directories and files...
Check file C:\Documents and Settings\\HERO\Test\4.zip
Object: server.exe
        In archive: C:\Documents and Settings\\HERO\Test\4.zip
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.Small.syt (Engine A), Trojan.Dropper.Agent.TPL (Engine B)
Object: winhelp.exe
        In archive: C:\Documents and Settings\\HERO\Test\4.zip
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.Small.tju (Engine A), Trojan.Downloader.JJRG (Engine B)
Object: 2008020150TestHttp.exe
        In archive: C:\Documents and Settings\\HERO\Test\4.zip
        Status: Virus detected
        Virus: Trojan.Downloader.Delf.OLV (Engine B)
Object: 4.zip
        Path: C:\Documents and Settings\\HERO\Test
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.Small.syt, Trojan-Downloader.Win32.Small.tju (Engine A), Trojan.Downloader.Delf.OLV, Trojan.Dropper.Agent.TPL, Trojan.Downloader.JJRG (Engine B)
Analysis complete: 3/25/2008 16:40
    1 files checked
    1 infected files detected
    0 suspected files detected

HC303

Begin scan in 'E:\Virus Test\4.zip'
E:\Virus Test\4.zip
  [0] Archive type: ZIP
  --> 2008020150TestHttp.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agen.113152
  --> server.exe
      [DETECTION] Is the Trojan horse TR/Agent.eok
  --> shenji.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> winhelp.exe
      [DETECTION] Is the Trojan horse TR/Agent.eok
      [WARNING]   The file was ignored!
4个。

挪威的冬天

信息        2008-03-25  16:42:34        您此次查毒清除了2个病毒                       
信息        2008-03-25  16:42:34        您此次查毒共查出2个病毒以及危险代码                       
信息        2008-03-25  16:42:34        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件9个                       
信息        2008-03-25  16:42:34        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-03-25  16:42:34        D:\Desktop\4.zip\server.exe        Win32.TrojDownloader.Small.131072        清除成功       
病毒        2008-03-25  16:42:34        D:\Desktop\4.zip\2008020150TestHttp.exe        Win32.Troj.Undef.258560        清除成功

sjducker

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL:  http://bbs.kafan.cn/attachment.php?aid=225384
Information:  Is the Trojan horse TR/Dldr.Agen.113152  


--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 8.0.10.0, AVE 8.1.0.19, VDF 7.0.3.66

sam.to

已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.syt        檔案: C:\Documents and Settings\kato9096\桌面\223594.zip/server.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.tju        檔案: C:\Documents and Settings\kato9096\桌面\223594.zip/winhelp.exe

2，上报２

aerbeisi

[Found possible security risk]         <W32/Heuristic-162!Eldorado (damaged, not disinfectable)>        c:\test\4.zip->server.exe->(UPack)
[Found security risk]         <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        c:\test\4.zip->shenji.exe

sanhu35

The scan has been done completely.

      0 Scanning directories
      5 Files were scanned
      5 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      1 Archives were scanned
      0 Warnings
      1 Notes

yjwfn502

winhelp.exe

真的假的

[ 本帖最后由 yjwfn502 于 2008-3-25 17:58 编辑 ]