赶尽杀绝4~ 36只

显示全部楼层 · 发表于 2008-5-10 22:21:51

Log is generated by FreShow.
[wide]http://1.see101.net/news.html
[object]http://user1.33-26.net/Baidu.cab
[script]http://user1.33-26.net/ms06014.js
      [object]http://user1.33-26.net/bak.css
[frame]http://user1.33-26.net/Thunder.html
      [object]http://user1.33205.net/bak.css
[frame]http://user1.33-26.net/GLWORLD.html
      [object]http://user1.33-22.net/bak.css
[script]http://user1.33-26.net/real.js
      [object]http://user1.33-26.net/bak.css
[frame]http://user1.33-26.net/Real.html
      [object]http://user1.33-22.net/bak.css

下载下来所有的bak.css都是用一个东西，重名为bak.exe；baidu.cab解压出来得到baidu.exe；——计样本数：2

bak.exe和baidu.exe都连接到：http://www.okabca.net/6.txt

下载36只马：

http://1.111991.net/0.exe
http://1.111991.net/1.exe
http://1.111991.net/2.exe
http://1.111991.net/3.exe
http://1.111991.net/4.exe
http://1.111991.net/5.exe
http://1.111991.net/6.exe
http://1.111991.net/7.exe
http://1.111991.net/8.exe
http://1.111991.net/9.exe
http://1.111991.net/10.exe
http://1.111991.net/11.exe
http://1.111991.net/12.exe
http://1.111991.net/13.exe
http://1.111991.net/14.exe
http://1.111991.net/15.exe
http://1.111991.net/16.exe
http://2.111991.net/17.exe
http://2.111991.net/18.exe
http://2.111991.net/19.exe
http://2.111991.net/20.exe
http://2.111991.net/21.exe
http://2.111991.net/22.exe
http://2.111991.net/23.exe
http://2.111991.net/24.exe
http://2.111991.net/25.exe
http://2.111991.net/26.exe
http://2.111991.net/27.exe
http://2.111991.net/28.exe
http://2.111991.net/29.exe
http://2.111991.net/30.exe
http://2.111991.net/31.exe
http://2.111991.net/32.exe
http://2.111991.net/33.exe
http://2.111991.net/34.exe
http://2.111991.net/35.exe

复制代码

但是在我这里0.exe和30.exe下不下来，样本数计为：34

总计36只。

[ 本帖最后由 yimike 于 2008-5-10 22:23 编辑 ]

显示全部楼层 · 发表于 2008-5-10 22:23:54

C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/1.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/10.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/11.exe - a variant of Win32/PSW.OnLineGames.ZJK trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/12.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/13.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/14.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/15.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/16.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/17.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/18.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/19.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/2.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/20.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/21.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/22.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/23.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/24.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/25.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/26.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/27.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/28.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/3.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/31.exe - a variant of Win32/PSW.OnLineGames.ZJK trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/32.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/33.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/34.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/35.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/4.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/5.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/6.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/7.exe - a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/8.exe - a variant of Win32/PSW.QQPass.NCZ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/9.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/Baidu.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don Johnson\桌面\MM.zip » ZIP » MM/bak.exe - probably a variant of Win32/Genetik trojan

显示全部楼层 · 发表于 2008-5-10 22:24:52

Kaspersky kill all

PS：5.exe只是因为“可能感染病毒”而被隔离，TO KL

Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.
-----------------
Regards, Namestnikov Yury
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

> Attachment: 5.rar

[ 本帖最后由 sbbdms 于 2008-5-10 22:58 编辑 ]

显示全部楼层 · 发表于 2008-5-10 22:24:59

看样子样本有些过时了

显示全部楼层 · 发表于 2008-5-10 22:27:41

在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\1.exe 中发现 Trojan/CallBeep.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\10.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\11.exe 中发现 Trojan/PSW.OnLineGames.sss 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\12.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\13.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\14.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\15.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\16.exe 中发现 Trojan/PSW.OnLineGames.tvh 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\18.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\2.exe 中发现 Trojan/PSW.OnLineGames.tvk 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\20.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\21.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\22.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\23.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\24.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\25.exe 中发现 Trojan/CallBeep.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\26.exe 中发现 Trojan/CallBeep.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\27.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\28.exe 中发现 Trojan/CallBeep.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\29.exe 中发现 Trojan/PSW.OnLineGames.aeki 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\3.exe 中发现 Trojan/PSW.OnLineGames.tvm 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\31.exe 中发现 Trojan/PSW.OnLineGames.sss 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\32.exe 中发现 Trojan/CallBeep.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\33.exe 中发现 Trojan/VB.Small.ael 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\34.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\35.exe 中发现 Trojan/CallBeep.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\4.exe 中发现 Trojan/Ck88866.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\7.exe 中发现 Trojan/PSW.OnLineGames.tve 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\8.exe 中发现 Trojan/PSW.QQPass.swu 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\9.exe 中发现 Trojan/CallBeep.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\MM.zip->MM\Baidu.exe 中发现 Trojan/PSW.OnLineGames.tuu 病毒, 已删除

显示全部楼层 · 发表于 2008-5-10 23:21:07

信息 2008-05-10  23:21:07 您此次查毒清除了27个病毒
信息 2008-05-10  23:21:07 您此次查毒共查出27个病毒以及危险代码
信息 2008-05-10  23:21:07 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件77个
信息 2008-05-10  23:21:07 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒

显示全部楼层 · 发表于 2008-5-10 23:22:45

Begin scan in 'C:\Documents and Settings\Administrator\桌面\MM.zip'
C:\Documents and Settings\Administrator\桌面\MM.zip
  [0] Archive type: ZIP
--> MM/1.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddo
--> MM/10.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/11.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adwk
--> MM/12.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/13.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/15.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/16.exe
      [DETECTION] Is the Trojan horse TR/Onlinegames.NVI
--> MM/17.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/18.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/2.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/20.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/21.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/22.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/24.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/25.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adrg
      --> Object
         [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aks.1
--> MM/26.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ald
--> MM/27.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/28.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adxc
      --> Object
         [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aks.1
--> MM/29.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acjm
--> MM/3.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/31.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.actd
--> MM/32.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adxo
      --> Object
         [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ala
--> MM/33.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
      [3] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Dldr.VB.edj
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acxz
--> MM/35.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aduf
      --> Object
         [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aks.1
--> MM/4.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/5.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
--> MM/7.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.ED
      --> Object
         [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.akk
--> MM/8.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.QQpass.btc
--> MM/9.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adsr
      --> Object
         [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aks.1
--> MM/Baidu.exe
   --> Object
      [2] Archive type: OVL
      --> Object
      [3] Archive type: OVL
      --> Object
            [DETECTION] Is the Trojan horse TR/Dldr.Adload.adi
   [NOTE]    The file was successfully wiped!
   [NOTE]    The file was deleted!

End of the scan: 2008年5月10日  23:22
Used time: 00:22 min

The scan has been done completely.

   0 Scanning directories
   37 Files were scanned
   46 viruses and/or unwanted programs were found

显示全部楼层 · 发表于 2008-5-10 23:47:56

packed通杀

显示全部楼层 · 发表于 2008-5-10 23:53:01

瑞星病毒查杀结果报告
114/45  漏掉17.exe
清除病毒种类列表：
病毒： RootKit.Win32.Mnless.oe
病毒： Trojan.PSW.Win32.GameOL.ka
病毒： Trojan.PSW.Win32.GameOL.gbk
病毒： Trojan.PSW.Win32.SunOnline.ob
病毒： Trojan.PSW.Win32.GamesOnline.yq
病毒： Trojan.PSW.Win32.QQHX.txa
病毒： Trojan.PSW.Win32.GamesOnline.yp
病毒： Trojan.PSW.Win32.GamesOnline.yr
病毒： Harm.Win32.AntiSig.a
病毒： Trojan.PSW.Win32.QQHX.twz
病毒： Trojan.Win32.Undef.gfj
病毒： Trojan.Win32.Undef.gfj
病毒： RootKit.Win32.Mnless.nq
病毒： Trojan.PSW.Win32.GamesOnline.wb
病毒： Trojan.Win32.VB.fkf
病毒： Trojan.Win32.VB.fkf
病毒： Trojan.PSW.Win32.GamesOnline.zc
病毒： Trojan.Win32.AvKiller.as
病毒： RootKit.Win32.HideFile.i
病毒： Worm.Win32.PaBug.gy
病毒： Trojan.Win32.Undef.gfd

MAC 地址：00:03:0F:FF:B1:22

用户来源：互联网

软件版本：20.43.52

显示全部楼层 · 发表于 2008-5-10 23:54:56

用G DATA AntiVirus检测病毒
版本 18.5.8071.731
病毒特征库日期 2008/1/28
开始时间： 2008/5/10 23:53
引擎：引擎A (AVK 18.2566), 引擎B (AVKB 18.113)
启发式：开启
档案文件：开启
系统区域：开启

检测系统区域...
检测以下目录和文件：
C:\Documents and Settings\Administrator\桌面\MM\

对象： [FSG]
在压缩档案中： C:\Documents and Settings\Administrator\桌面\MM\MM\17.exe
状态：检测到病毒
病毒： Win32:Agent-CNF [Trj] (引擎B)
对象： 17.exe
路径: C:\Documents and Settings\Administrator\桌面\MM\MM
状态：病毒，文件被删除
病毒： Win32:Agent-CNF [Trj] (引擎B)
对象： [FSG]
在压缩档案中： C:\Documents and Settings\Administrator\桌面\MM\MM\33.exe
状态：检测到病毒
病毒： Win32:VB-GDM [Trj] (引擎B)
对象： 33.exe
路径: C:\Documents and Settings\Administrator\桌面\MM\MM
状态：病毒，文件被删除
病毒： Win32:VB-GDM [Trj] (引擎B)
对象： [UPX]
在压缩档案中： C:\Documents and Settings\Administrator\桌面\MM\MM\8.exe
状态：检测到病毒
病毒： Win32:OnLineGames-BSI [Trj] (引擎B)
对象： 8.exe
路径: C:\Documents and Settings\Administrator\桌面\MM\MM
状态：病毒，文件被删除
病毒： Win32:OnLineGames-BSI [Trj] (引擎B)

检测执行时间： 2008/5/10 23:54
36个文件已检测
3个受感染文件
0个可疑文件被发现

超级老的病毒库了

[病毒样本] 赶尽杀绝4~ 36只

本帖子中包含更多资源

35

回复 2楼 EQ2 的帖子

kv 31

本帖子中包含更多资源