流氓包（更新了）

显示全部楼层 · 发表于 2008-3-28 12:11:07

不知弄这个有什么用

http://www.365ppp.cn/download/huajun_setup100.exe
这站主页里的东西，好像都挂了。垃圾站
http://www.365ppp.cn/

[ 本帖最后由流清泉于 2008-5-2 10:19 编辑 ]

显示全部楼层 · 发表于 2008-3-28 12:11:49

来几个

[ 本帖最后由流清泉于 2008-5-2 10:11 编辑 ]

显示全部楼层 · 发表于 2008-3-28 12:16:28

一个

Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD\Updete.rar'
C:\TDDOWNLOAD\
  Updete.rar
[0] Archive type: RAR
   --> Updete.exe
      [1] Archive type: RAR SFX (self extracting)
      --> ms.vbs
      --> ms.exe
         [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
         [WARNING] Infected files in archives cannot be repaired!
      --> ms.bat
--> ﾿ﾨ﾿ﾨﾹﾤￗ￷ￊￒ.jpg
--> ￊﾹￓￃￋﾵￃ￷.txt
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\52z_com_setup5455.exe'
C:\TDDOWNLOAD\
  52z_com_setup5455.exe
Begin scan in 'C:\TDDOWNLOAD\longzhuw.exe'
C:\TDDOWNLOAD\
  longzhuw.exe
[0] Archive type: RAR SFX (self extracting)
--> ShinLongX.exe
--> sw.exe

End of the scan: 2008年3月27日  21:16
Used time: 00:07 min

The scan has been done completely.

   0 Scanning directories
   11 Files were scanned
   1 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   10 Files not concerned
   3 Archives were scanned
   1 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-3-28 13:02:06

C:\Documents and Settings\GUNDAM\桌面\新建文件夹\Updete.rar » RAR » Updete.exe » RAR » ms.exe - a variant of Win32/Packed.Themida application

显示全部楼层 · 发表于 2008-3-28 13:09:34

[Found backdoor] <W32/Hupigon.C.gen!Eldorado (not disinfectable, generic)> c:\test\longzhuw.exe->(RAR)->sw.exe
[Found backdoor] <W32/Hupigon.B.gen!Eldorado (not disinfectable, generic)> c:\test\Updete.rar->Updete.exe->(RAR)->ms.exe->(Themida)
[Found backdoor] <W32/Backdoor2.OJA (exact, not disinfectable)> c:\test\52z_com_setup5455.exe->(RAR)->data\SkypeClient.exe

显示全部楼层 · 发表于 2008-3-28 13:18:59

1L的setup.

2L

Sign of "BV:KillAV-U [Trj]" has been found in "F:\Updete.rar\Updete.exe\ms.bat" file.
Sign of "Win32:Hupigon-FB [Trj]" has been found in "F:\longzhuw.exe\sw.exe" file.
Sign of "Win32:Delf-AF [Trj]" has been found in "F:\3215.exe\[PECompact]\[Embedded#R_1]" file.

[ 本帖最后由 hj5abc 于 2008-3-28 13:39 编辑 ]

显示全部楼层 · 发表于 2008-3-28 13:39:29

显示全部楼层 · 发表于 2008-3-28 13:46:13

antivir要是能解nsis真就无敌了。。
赶快支持7zip和nsis吧。。

显示全部楼层 · 发表于 2008-3-28 13:51:24

信息 2008-03-28  13:51:16 您此次查毒共查出1个病毒以及危险代码
信息 2008-03-28  13:51:16 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件15个
信息 2008-03-28  13:51:16 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-03-28  13:51:16 D:\Desktop\Updete.rar\Updete.exe\BindFile\ms.exe Win32.Hack.Huigezi.cz 跳过，未处理

显示全部楼层 · 发表于 2008-3-28 13:52:52

“嘟嘟看”是由深圳某软件公司制造的一个流氓软件，由VC++工具编写。“嘟嘟看”运行后，释放病毒文件（c:\winnt\system32\cnwin.dll）。自我添加到BHO(浏览器辅助对象)中，导致用户每次打开IE浏览器时，病毒文件就会自动运行。定时弹出广告窗口，干扰用户正常操作。

最近病毒市场太萧条了，onlinegames也萎了。

春眠不觉晓，处处闻啼鸟。夜来风雨声，花落知多少？仅以此诗鼓励病毒开发者。来带动本区的繁荣。

[ 本帖最后由 aerbeisi 于 2008-3-28 13:56 编辑 ]

[已鉴定] 流氓包（更新了）