无耻木马，害我重装电脑（顽固型木马）７层壳

显示全部楼层 · 发表于 2008-4-13 10:12:57

我真无语了，我每隔几个星期就要重装电脑，而且不管装什么杀软都中毒，这次我是逛外国网站，结果装着红伞电脑还是中招，而且这个木马还特顽固，嵌入内存。打开任务管理器结束病毒进程就蓝屏死机，无语ｉｎｇ．看来老外的毒不比国产差，而且我发现红伞，卡巴，蜘蛛，ＮＯＤ３２之类全部都漏毒

，由此可见杀软＝废渣？确实只能买个安慰，系统还原才是王道。

AhnLab-V3	2008.4.12.0	2008.04.11	-
AntiVir	7.6.0.85	2008.04.11	-
Authentium	4.93.8	2008.04.13	-
Avast	4.8.1169.0	2008.04.12	-
AVG	7.5.0.516	2008.04.12	-
BitDefender	7.2	2008.04.13	Dropped:Trojan.Mezzia.Gen
CAT-QuickHeal	9.50	2008.04.12	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.04.13	-
DrWeb	4.44.0.09170	2008.04.12	-
eSafe	7.0.15.0	2008.04.09	Suspicious File
eTrust-Vet	31.3.5692	2008.04.11	-
Ewido	4.0	2008.04.12	-
F-Prot	4.4.2.54	2008.04.12	-
F-Secure	6.70.13260.0	2008.04.13	-
FileAdvisor	1	2008.04.13	-
Fortinet	3.14.0.0	2008.04.13	-
Ikarus	T3.1.1.26	2008.04.13	Trojan.Mezzia.CY
Kaspersky	7.0.0.125	2008.04.13	Trojan.Win32.Dialer.yz
McAfee	5272	2008.04.11	-
Microsoft	1.3408	2008.04.13	-
NOD32v2	3021	2008.04.12	-
Norman	5.80.02	2008.04.12	W32/Malware
Panda	9.0.0.4	2008.04.12	Suspicious file
Prevx1	V2	2008.04.13	-
Rising	20.39.52.00	2008.04.12	-
Sophos	4.28.0	2008.04.13	Mal/EncPk-AX
Sunbelt	3.0.1041.0	2008.04.12	-
Symantec	10	2008.04.13	-
TheHacker	6.2.92.276	2008.04.12	-
VBA32	3.12.6.4	2008.04.06	-
VirusBuster	4.3.26:9	2008.04.12	-
Webwasher-Gateway	6.6.2	2008.04.11	Win32.Malware.gen (suspicious)

[ 本帖最后由绅博周幸于 2008-4-13 10:31 编辑 ]

显示全部楼层 · 发表于 2008-4-13 10:13:25

外国朋友的免杀做的不比国人差

显示全部楼层 · 发表于 2008-4-13 10:19:40

显示全部楼层 · 发表于 2008-4-13 10:28:06

这样本有个性，我喜欢。下来玩玩。。。

显示全部楼层 · 发表于 2008-4-13 10:28:24

检测到：木马程序 Trojan.Win32.Dialer.yz 文件: F:\Download\1.rar/1.exe//PE_Patch.PECompact//PecBundle//PECompact//#//PE_Patch.PECompact//PecBundle//PECompact

显示全部楼层 · 发表于 2008-4-13 10:31:00

PE_Patch.PECompact//PecBundle//PECompact//#//PE_Patch.PECompact//PecBundle//PECompact

７层壳，牛

显示全部楼层 · 发表于 2008-4-13 10:38:37

0012EA6C                                     68 74 74 70             tp
0012EA7C  3A 2F 2F 68 65 72 65 34 73 65 61 72 63 68 2E 62  ://here4search.b
0012EA8C  69 7A 2F 69 6D 67 2F 63 6D 64 2E 70 68 70 3F 63  iz/img/cmd.php?c
0012EA9C  3D 49 30 26 76 3D 32 32 26 62 3D 33 30 32 34 26  =I0&v=22&b=3024&
0012EAAC  69 64 3D 45 37 43 45 45 31 34 26 63 6E 74 3D 43  id=E7CEE14&cnt=C
0012EABC  48 53 26 71 3D 34 35 36 33 30 30 00             HS&q=456300.

不知道是什么

显示全部楼层 · 发表于 2008-4-13 10:38:51

晕死，还是装个HIPS吧。

显示全部楼层 · 发表于 2008-4-13 10:42:03

金山解不开 0

显示全部楼层 · 发表于 2008-4-13 10:49:34

垃圾而已

Hello,

1.exe_ - Trojan.Win32.Dialer.auy

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

2.exe_ - not-a-virus:AdWare.Win32.Virtumonde.nol

This file is an Advertizing Tool, It's detection will be included in the next
update of extended databases set. See more info about
extended databases here: http://www.kaspersky.com/extraavupdates

svchost.exe_

No malicious code was found in this file.

Please quote all when answering.

--
Best regards, Vyacheslav Zakorzhevsky
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

> Attachment: 1.rar
> Attachment: 2.rar
> Attachment: svchost.rar

[ 本帖最后由 wangjay1980 于 2008-4-13 12:00 编辑 ]

[病毒样本] 无耻木马，害我重装电脑（顽固型木马）７层壳

本帖子中包含更多资源

本帖子中包含更多资源