肉鸡里新收的文件，可能是malware。另外问下有人用肉鸡收样本么？

显示全部楼层 · 发表于 2008-4-9 11:38:14

过karspersky...文件全部用md5命名。

显示全部楼层 · 发表于 2008-4-9 11:40:59

Starting the file scan:

Begin scan in 'E:\maybe malware.rar'
E:\maybe malware.rar
  [0] Archive type: RAR
  --> 61b5ca6bb43eaf1df4b93573879b8dbc.bin
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
  --> 3e175fd611fa96bbade9bb105c8acebe.bin
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
  --> d55da6a1f754dba8a2c4bb8dca72ddcf.bin
   [DETECTION] Is the Trojan horse TR/Hijack.Explor.4512
  --> 0c2b109db1785d9740072ab22f37b75a.bin
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 1d870d6db7b798181e8ee03c7a60fd09.bin
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2008-4-9 11:41:55

TO KL

显示全部楼层 · 发表于 2008-4-9 11:42:37

D:\firefox download\maybe malware.rar » RAR » 61b5ca6bb43eaf1df4b93573879b8dbc.bin - is OK
D:\firefox download\maybe malware.rar » RAR » 3e8bd10b9647eefafdc058ae29f7df61.bin » FSG v2.0 - unpack error
D:\firefox download\maybe malware.rar » RAR » 3e175fd611fa96bbade9bb105c8acebe.bin - is OK
D:\firefox download\maybe malware.rar » RAR » d55da6a1f754dba8a2c4bb8dca72ddcf.bin - is OK
D:\firefox download\maybe malware.rar » RAR » 0c2b109db1785d9740072ab22f37b75a.bin - is OK
D:\firefox download\maybe malware.rar » RAR » 8c1870ed046471abda6b65edbb02b273.bin - a variant of Win32/Spy.Delf.NHF trojan
D:\firefox download\maybe malware.rar » RAR » 72ea80693d102e2529e966f9e34ce69b.bin - a variant of Win32/Spy.Delf.NHF trojan
D:\firefox download\maybe malware.rar » RAR » 1d870d6db7b798181e8ee03c7a60fd09.bin - a variant of Win32/Rootkit.Agent.NBQ trojan
D:\firefox download\maybe malware.rar:Zone.Identifier - is OK

显示全部楼层 · 发表于 2008-4-9 11:45:37

[Found adware] <W32/Cinmus.E.gen!Eldorado (generic, not disinfectable)> 0c2b109db1785d9740072ab22f37b75a.bin
[Found security risk] <W32/SYStroj.B.gen!Eldorado (generic, not disinfectable)> 1d870d6db7b798181e8ee03c7a60fd09.bin
[Found possible security risk] <W32/Heuristic-KPP!Eldorado (not disinfectable)> d55da6a1f754dba8a2c4bb8dca72ddcf.bin

显示全部楼层 · 发表于 2008-4-9 11:46:37

显示全部楼层 · 发表于 2008-4-9 12:22:40

信息 2008-04-09  12:22:35 您此次查毒清除了4个病毒
信息 2008-04-09  12:22:35 您此次查毒共查出4个病毒以及危险代码
信息 2008-04-09  12:22:35 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件13个
信息 2008-04-09  12:22:35 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-04-09  12:22:35 D:\Desktop\maybe malware.rar\1d870d6db7b798181e8ee03c7a60fd09.bin Win32.Troj.AgentT.nb.29632 清除成功
病毒 2008-04-09  12:22:35 D:\Desktop\maybe malware.rar\72ea80693d102e2529e966f9e34ce69b.bin Win32.Troj.OnlineGames.kl.27648 清除成功
病毒 2008-04-09  12:22:35 D:\Desktop\maybe malware.rar\8c1870ed046471abda6b65edbb02b273.bin Win32.Troj.OnlineGames.kl.27648 清除成功
病毒 2008-04-09  12:22:35 D:\Desktop\maybe malware.rar\0c2b109db1785d9740072ab22f37b75a.bin Win32.Troj.RootKitT.hm.25440 清除成功

显示全部楼层 · 发表于 2008-4-9 12:28:40

已删除：病毒 Heur.Invader (修改) 文件: F:\Download\maybe malware.rar/d55da6a1f754dba8a2c4bb8dca72ddcf.bin

显示全部楼层 · 发表于 2008-4-9 13:04:05

E:\VIRUS\maybe malware\3e175fd611fa96bbade9bb105c8acebe.bin: PUA.Packed.MEW-1 FOUND
E:\VIRUS\maybe malware\61b5ca6bb43eaf1df4b93573879b8dbc.bin: PUA.Packed.MEW-1 FOUND

显示全部楼层 · 发表于 2008-4-9 13:09:47

C:\Documents and Settings\Jean\桌面\HERO\Test\maybe malware.rar>>3e175fd611fa96bbade9bb105c8acebe.bin Heuri.Possible/Packed 启发式扫描还未处理
C:\Documents and Settings\Jean\桌面\HERO\Test\maybe malware.rar>>3e8bd10b9647eefafdc058ae29f7df61.bin Trojan.VB.Small.ael.hwzh 木马还未处理
C:\Documents and Settings\Jean\桌面\HERO\Test\maybe malware.rar>>61b5ca6bb43eaf1df4b93573879b8dbc.bin Heuri.Possible/Packed 启发式扫描还未处理
C:\Documents and Settings\Jean\桌面\HERO\Test\maybe malware.rar>>72ea80693d102e2529e966f9e34ce69b.bin W32.Hitapop.ttwx.dll 病毒还未处理
C:\Documents and Settings\Jean\桌面\HERO\Test\maybe malware.rar>>8c1870ed046471abda6b65edbb02b273.bin W32.Hitapop.ttwx.dll 病毒还未处理
C:\Documents and Settings\Jean\桌面\HERO\Test\maybe malware.rar>>d55da6a1f754dba8a2c4bb8dca72ddcf.bin TrojanHijack.Explor.4512.wpiv 木马还未处理

[病毒样本] 肉鸡里新收的文件，可能是malware。另外问下有人用肉鸡收样本么？

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源