毒网?

显示全部楼层 · 发表于 2008-5-13 22:26:24

毒网?

http://www.mycould.com/discuz/thread-783212-1-1.html

显示全部楼层 · 发表于 2008-5-13 22:37:40

Trojan-Downloader.Script.Suspicious

显示全部楼层 · 发表于 2008-5-13 22:53:52

老

http://user1.33205.net/bak.css
http://user1.33-25.net/bak.css

显示全部楼层 · 发表于 2008-5-13 23:32:07

kaspersky found Trojan-Downloader.Win32.Agent.opk

显示全部楼层 · 发表于 2008-5-13 23:43:05

http://www.mycould.com/discuz/forumdata/cache/style_1.css

HEUR/HTML.Malware

显示全部楼层 · 发表于 2008-5-14 09:17:36

2008-05-14 09:11:48 创建文件操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\WINDOWS\Temp\__write_over__
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48 创建文件操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\__write_over__
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48 创建文件    操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\WINDOWS\Temp\___temp.bat
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48 创建文件    操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\___temp.bat
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48 删除文件    操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\___temp.bat
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48 创建文件    操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\WINDOWS\Temp\hook.sys
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48 创建文件    操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\hook.sys
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48 访问服务管理器    操作:使用任务隔离区操作
进程路径:D:\bak.css.exe

触发规则:应用程序规则->任务隔离区->D:\bak.css.exe

2008-05-14 09:11:48 删除文件    操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\hook.sys
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48 底层读磁盘操作    操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
操作磁盘:\Device\Harddisk0\DR0
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe

2008-05-14 09:11:48 创建文件操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\WINDOWS\Temp\weilai.mp3
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48 创建文件操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\weilai.mp3
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

[ 本帖最后由 a256886572008 于 2008-5-14 09:25 编辑 ]

显示全部楼层 · 发表于 2008-5-14 09:35:58

显示全部楼层 · 发表于 2008-5-14 09:42:09

原帖由 a256886572008 于 2008-5-14 09:35 发表
15
http://a.111991.net/iii/a1.exe
http://a.111991.net/iii/a2.exe
http://a.111991.net/iii/a3.exe
http://a.111991.net/iii/a4.exe
http://a.111991.net/iii/a5.exe
http://a.111991.net/iii/a6.exe
http ...

Starting the file scan:
Begin scan in 'E:\AV\a32.exe'
E:\AV\a32.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.btc
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a1.exe'
E:\AV\a1.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.ddo
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a2.exe'
E:\AV\a2.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a3.exe'
E:\AV\a3.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a4.exe'
E:\AV\a4.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acfm
   [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a5.exe'
E:\AV\a5.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aepl
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a6.exe'
E:\AV\a6.exe
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a7.exe'
E:\AV\a7.exe
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a9.exe'
E:\AV\a9.exe
   [DETECTION] Is the Trojan horse TR/PSW.18001
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a10.exe'
E:\AV\a10.exe
   [DETECTION] Is the Trojan horse TR/Downloader.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a8.exe'
E:\AV\a8.exe
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a11.exe'
E:\AV\a11.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a12.exe'
E:\AV\a12.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a13.exe'
E:\AV\a13.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a14.exe'
E:\AV\a14.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a15.exe'
E:\AV\a15.exe
   [DETECTION] Is the Trojan horse TR/Onlinegames.NVI
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a16.exe'
E:\AV\a16.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a17.exe'
E:\AV\a17.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.afdz
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a18.exe'
E:\AV\a18.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.ES
   --> Object
      [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.ES.1
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a19.exe'
E:\AV\a19.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a20.exe'
E:\AV\a20.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a21.exe'
E:\AV\a21.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.afas
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a22.exe'
E:\AV\a22.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.afeg
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a23.exe'
E:\AV\a23.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a24.exe'
E:\AV\a24.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adrg
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aks.1
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a25.exe'
E:\AV\a25.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.EQ
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ald
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a26.exe'
E:\AV\a26.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a27.exe'
E:\AV\a27.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.EW
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a28.exe'
E:\AV\a28.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a29.exe'
E:\AV\a29.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adxo.1
   --> Object
      [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.ES.1
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a30.exe'
E:\AV\a30.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\a31.exe'
E:\AV\a31.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aduf
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aks.1
   [NOTE]    The file was deleted!

End of the scan: 2008年5月14日  09:43
Used time: 00:14 min
The scan has been done completely.
   0 Scanning directories
   32 Files were scanned
   39 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   32 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -7 Files not concerned
   0 Archives were scanned
   0 Warnings
   32 Notes

显示全部楼层 · 发表于 2008-5-14 20:27:16

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： RootKit.Win32.Undef.gt
病毒： Trojan.PSW.Win32.GameOL.ka
病毒： Trojan.PSW.Win32.SunOnline.og
病毒： Trojan.PSW.Win32.GameOL.gbk
病毒： Trojan.PSW.Win32.QQSG.dx
病毒： Trojan.PSW.Win32.QQHX.txc
病毒： Trojan.PSW.Win32.QQPass.dmf
病毒： Trojan.PSW.Win32.QQPass.dmg
病毒： Trojan.PSW.Win32.GamesOnline.yp
病毒： Trojan.PSW.Win32.GameOL.gdn
病毒： Trojan.PSW.Win32.GameOL.gee
病毒： Trojan.PSW.Win32.GamesOnline.yr
病毒： RootKit.Win32.Mnless.oe
病毒： Trojan.PSW.Win32.QQHX.twz
病毒： Trojan.PSW.Win32.SO2Online.bw
病毒： Trojan.PSW.Win32.GameOL.gef
病毒： Trojan.PSW.Win32.GamesOnline.wb
病毒： Trojan.PSW.Win32.GameOL.nip
病毒： Worm.Win32.PaBug.gy
病毒： RootKit.Win32.Mnless.oj
病毒： Trojan.PSW.Win32.SunOnline.nt
病毒： Trojan.PSW.Win32.GamesOnline.zc
病毒： Trojan.PSW.Win32.GameOL.nib
病毒： Trojan.PSW.Win32.GameOL.gdt

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.44.22

[已鉴定] 毒网?

109/42