[病毒样本] 1

显示全部楼层 · 发表于 2008-5-16 21:53:03

Starting the file scan:

Begin scan in 'E:\AV\se.rar'
E:\AV\se.rar
  [0] Archive type: RAR
  --> se.exe
   [DETECTION] Is the Trojan horse TR/Agent.IEN
   [NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-5-16 21:56:20

C:\Users\Administrator\Desktop\se.rar » RAR » se.exe - probably a variant of Win32/TrojanDownloader.Delf.OBZ trojan

显示全部楼层 · 发表于 2008-5-16 21:56:34

TO KL

2008-5-16 JAY21:57:10 Windows Explorer Completed: Suspicious driver installation  C:\DOCUMENTS AND SETTINGS\OWNER\桌面\SE.EXE
2008-5-16 JAY21:57:10 Windows Explorer  Process exit C:\Documents and Settings\Owner\桌面\se.exe
2008-5-16 JAY21:57:10 Windows Explorer Detected: Suspicious driver installation  C:\DOCUMENTS AND SETTINGS\OWNER\桌面\SE.EXE
2008-5-16 JAY21:56:58 Windows Explorer Detected: Suspicious driver installation  C:\DOCUMENTS AND SETTINGS\OWNER\桌面\SE.EXE
2008-5-16 JAY21:56:58 Windows Explorer  Create C:\WINDOWS\system32\drivers\nike.sys
2008-5-16 JAY21:56:58 Windows Explorer : KLSystemData/FD-C/ Create C:\WINDOWS\system32\drivers\nike.sys
2008-5-16 JAY21:56:58 Windows Explorer : KLSystemData/KLSystemFiles/Drivers Create C:\WINDOWS\system32\drivers\nike.sys
2008-5-16 JAY21:56:57 Windows Explorer Denied: KLPrivileges/KLPermissionSystem/KLPermissionPrivileges/KLSetDbgPrivilege Setting debug privileges
2008-5-16 JAY21:56:36 Windows Explorer  Process start C:\Documents and Settings\Owner\桌面\se.exe
2008-5-16 JAY21:56:36 Windows Explorer  Placed in group Low Restricted
2008-5-16 JAY21:55:29 WinRAR.exe  Create C:\Documents and Settings\Owner\桌面\se.exe

生成物

[ 本帖最后由 wangjay1980 于 2008-5-16 22:02 编辑 ]

显示全部楼层 · 发表于 2008-5-16 21:58:49

0000A058 0040AC58 0 http://www.yumen8.cn/333.txt

显示全部楼层 · 发表于 2008-5-16 21:59:22

00009FF8 0040ABF8 0 Open http://www.xx.com/tj.htm(

显示全部楼层 · 发表于 2008-5-16 22:01:11

0000AEBC 0040BABC    0 360rpt.exe
0000AED0 0040BAD0    0 360Safe.exe
0000AEE4 0040BAE4    0 360tray.exe
0000AEF8 0040BAF8    0 adam.exe
0000AF0C 0040BB0C    0 AgentSvr.exe
0000AF24 0040BB24    0 AppSvc32.exe
0000AF3C 0040BB3C    0 autoruns.exe
0000AF54 0040BB54    0 avgrssvc.exe
0000AF6C 0040BB6C    0 AvMonitor.exe
0000AF84 0040BB84    0 avp.com
0000AF94 0040BB94    0 avp.exe
0000AFA4 0040BBA4    0 CCenter.exe
0000AFB8 0040BBB8    0 ccSvcHst.exe
0000AFD0 0040BBD0    0 FileDsty.exe
0000AFE8 0040BBE8    0 FTCleanerShell.exe
0000B004 0040BC04    0 HijackThis.exe
0000B01C 0040BC1C    0 IceSword.exe
0000B034 0040BC34    0 iparmo.exe
0000B048 0040BC48    0 Iparmor.exe
0000B05C 0040BC5C    0 isPwdSvc.exe
0000B074 0040BC74    0 kabaload.exe
0000B08C 0040BC8C    0 KaScrScn.SCR
0000B0A4 0040BCA4    0 KASMain.exe
0000B0B8 0040BCB8    0 KASTask.exe
0000B0CC 0040BCCC    0 KAV32.exe
0000B0E0 0040BCE0    0 KAVDX.exe
0000B0F4 0040BCF4    0 KAVPFW.exe
0000B108 0040BD08    0 KAVSetup.exe
0000B120 0040BD20    0 KAVStart.exe
0000B138 0040BD38    0 KISLnchr.exe
0000B150 0040BD50    0 KMailMon.exe
0000B168 0040BD68    0 KMFilter.exe
0000B180 0040BD80    0 KPFW32.exe
0000B194 0040BD94    0 KPFW32X.exe
0000B1A8 0040BDA8    0 KPFWSvc.exe
0000B1BC 0040BDBC    0 KRegEx.exe
0000B1D0 0040BDD0    0 KRepair.COM
0000B1E4 0040BDE4    0 KsLoader.exe
0000B1FC 0040BDFC    0 KVCenter.kxp
0000B214 0040BE14    0 KvDetect.exe
0000B22C 0040BE2C    0 KvfwMcl.exe
0000B240 0040BE40    0 KVMonXP.kxp
0000B254 0040BE54    0 KVMonXP_1.kxp
0000B26C 0040BE6C    0 kvol.exe
0000B280 0040BE80    0 kvolself.exe
0000B298 0040BE98    0 KvReport.kxp
0000B2B0 0040BEB0    0 KVSrvXP.exe
0000B2C4 0040BEC4    0 KVStub.kxp
0000B2D8 0040BED8    0 kvupload.exe
0000B2F0 0040BEF0    0 kvwsc.exe
0000B304 0040BF04    0 KvXP.kxp
0000B318 0040BF18    0 KWatch.exe
0000B32C 0040BF2C    0 KWatch9x.exe
0000B344 0040BF44    0 KWatchX.exe
0000B358 0040BF58    0 loaddll.exe
0000B36C 0040BF6C    0 MagicSet.exe
0000B384 0040BF84    0 mcconsol.exe
0000B39C 0040BF9C    0 mmqczj.exe
0000B3B0 0040BFB0    0 mmsk.exe
0000B3C4 0040BFC4    0 NAVSetup.exe
0000B3DC 0040BFDC    0 nod32krn.exe
0000B3F4 0040BFF4    0 nod32kui.exe
0000B40C 0040C00C    0 PFW.exe
0000B41C 0040C01C    0 PFWLiveUpdate.exe
0000B438 0040C038    0 QHSET.exe
0000B44C 0040C04C    0 Ras.exe
0000B45C 0040C05C    0 Rav.exe
0000B46C 0040C06C    0 RavMon.exe
0000B480 0040C080    0 RavMonD.exe
0000B494 0040C094    0 RavStub.exe
0000B4A8 0040C0A8    0 RavTask.exe
0000B4BC 0040C0BC    0 RegClean.exe
0000B4D4 0040C0D4    0 rfwcfg.exe
0000B4E8 0040C0E8    0 RfwMain.exe
0000B4FC 0040C0FC    0 rfwProxy.exe
0000B514 0040C114    0 rfwsrv.exe
0000B528 0040C128    0 RsAgent.exe
0000B53C 0040C13C    0 Rsaupd.exe
0000B550 0040C150    0 runiep.exe
0000B564 0040C164    0 safelive.exe
0000B57C 0040C17C    0 scan32.exe
0000B590 0040C190    0 shcfg32.exe
0000B5A4 0040C1A4    0 SmartUp.exe
0000B5B8 0040C1B8    0 SREng.exe
0000B5CC 0040C1CC    0 symlcsvc.exe
0000B5E4 0040C1E4    0 SysSafe.exe
0000B5F8 0040C1F8    0 TrojanDetector.exe
0000B614 0040C214    0 Trojanwall.exe
0000B62C 0040C22C    0 TrojDie.kxp
0000B640 0040C240    0 UIHost.exe
0000B654 0040C254    0 UmxAgent.exe
0000B66C 0040C26C    0 UmxAttachment.exe
0000B688 0040C288    0 UmxCfg.exe
0000B69C 0040C29C    0 UmxFwHlp.exe
0000B6B4 0040C2B4    0 UmxPol.exe
0000B6C8 0040C2C8    0 UpLive.EXE
0000B6DC 0040C2DC    0 WoptiClean.exe
0000B6F4 0040C2F4    0 zxsweep.exe
0000B708 0040C308    0 sos.exe
0000B718 0040C318    0 auto.exe
0000B72C 0040C32C    0 UFO.exe
0000B73C 0040C33C    0 AutoRun.exe
0000B750 0040C350    0 XP.exe
0000B760 0040C360    0 taskmgr.exe
0000B774 0040C374    0 guangd.exe
0000B788 0040C388    0 appdllman.exe
0000B7A0 0040C3A0    0 kernelwind32.exe
0000B7BC 0040C3BC    0 logogo.exe
0000B7D0 0040C3D0    0 TNT.Exe
0000B7E0 0040C3E0    0 SDGames.exe
0000B7F4 0040C3F4    0 TxoMoU.Exe
0000B808 0040C408    0 cross.exe
0000B81C 0040C41C    0 regedit.Exe
0000B830 0040C430    0 regedit32.Exe
0000B848 0040C448    0 Wsyscheck.exe
0000B860 0040C460    0 servet.exe
0000B874 0040C474    0 Discovery.exe
0000B88C 0040C48C    0 pagefile.exe
0000B8A4 0040C4A4    0 pagefile.pif
0000B8BC 0040C4BC    0 niu.exe
0000B8CC 0040C4CC    0 ~.exe
0000B8DC 0040C4DC    0 AoYun.exe
0000BDAC 0040C9AC    0 FireWall
0000BDC0 0040C9C0    0 Virus
0000BDF4 0040C9F4    0 NOD32
0000BE44 0040CA44    0 Sniffer
0000BE64 0040CA64    0 DeBug
0000BEC9 0040CAC9    0 QQQQQ3
0000BF7C 0040CB7C    0 \Mousie.exe
0000C028 0040CC28    0 #32770
0000C0CC 0040CCCC    0 \Mousie.exe
0000C0D8 0040CCD8    0 C:\Documents and Settings\
0000C16C 0040CD6C    0 \Mousie.exe
0000C29C 0040CE9C    0 ravmon.exe
0000C2B0 0040CEB0    0 avp.exe
0000C960 0040E360    0 Love Av Av Av Av Av
0000C97C 0040E37C    0 \Contxt.dat
0000C990 0040E390    0 ravmond.exe
0000C9A4 0040E3A4    0 ravmon.exe
0000C9B8 0040E3B8    0 rav.exe
0000C9C8 0040E3C8    0 RavTask.exe
0000C9DC 0040E3DC    0 RavStub.exe
0000C9F0 0040E3F0    0 CCenter.exe
0000CA04 0040E404    0 RavMonD.exe
0000CA18 0040E418    0 RavMon.exe
0000CA2C 0040E42C    0 Rav.exe
0000CA3C 0040E43C    0 360rpt.exe
0000CA50 0040E450    0 360Safe.exe
0000CA64 0040E464    0 360tray.exe
0000CA78 0040E478    0 avp.exe

显示全部楼层 · 发表于 2008-5-16 22:03:04

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Harm.Win32.AntiSig.a

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.44.42

显示全部楼层 · 发表于 2008-5-16 22:04:05

Starting the file scan:

Begin scan in 'E:\AV\nike.rar'
E:\AV\nike.rar
  [0] Archive type: RAR
  --> nike.sys
   [DETECTION] Is the Trojan horse TR/Agent.IEN
   [NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-5-16 23:51:38

nab反应还比微点快一点

[病毒样本] 1

本帖子中包含更多资源

本帖子中包含更多资源

2/1

回复 4楼 wangjay1980 的帖子