某帖深挖

显示全部楼层 · 发表于 2008-5-18 12:40:56

http://bbs.kafan.cn/viewthread.php?tid=253333
Log is generated by FreShow.
[wide]http://www.xtsptg.com
   [script]http://cnzz.zyns.com/stat.js?id=4265203&web_id=4265203&show=pic
      [object]http://exe.wokaixin.com/014.exe
   [frame]http://ca.winvv.com/cn.htm
      [frame]http://jjj.hfb86.cn/w6.htm
            [object]http://n.gan360.com/0rl2.exe
      [frame]http://www.fast800.cn/shan.htm
            [frame]http://www.fast800.cn/ad/vip.htm
               [frame]http://www.fast800.cn/ad/14.htm
                  [object]http://www.ftp356.cn/e.exe
               [frame]http://www.fast800.cn/ad/rl.htm
                  [object]http://www.ftp356.cn/e.exe
               [frame]http://www.fast800.cn/ad/new.htm
                  [object]http://www.ftp356.cn/e.exe
               [frame]http://www.fast800.cn/ad/lz.htm
                  [object]http://www.ftp356.cn/e.exe
               [frame]http://www.fast800.cn/ad/bf.htm
                  [object]http://www.ftp356.cn/e.exe
               [frame]http://www.fast800.cn/ad/xl.htm
                  [object]http://www.ftp356.cn/e.exe
            [script]http://js.users.51.la/1660620.js
      [frame]http://ca.winvv.com/ie.htm
            [frame]http://www.kekg888.cn/web/6619038.htm
               [frame]http://www.kekg888.cn/web/htm.html
                  [script]http://www.kekg888.cn/web/1.js
                        [object]http://exe.wokaixin.com/014.exe
                  [script]http://www.kekg888.cn/web/bf.js
                        [object]http://exe.wokaixin.com/014.exe
                  [script]http://www.kekg888.cn/web/pps.js
                        [object]http://exe.wokaixin.com/014.exe
                  [frame]http://www.kekg888.cn/web/3.htm
                        [object]http://exe.wokaixin.com/lz.exe
            [frame]http://www.usaicac.cn/5519.htm
               [object]http://www.usaicac.cn/cai/ss.exe
      [frame]http://czz.aeaer.com/c.htm
            [frame]http://cc.benchi999.com/one/huai5.htm
               [frame]http://cc.benchi999.com/wmwm/new.htm
                  [object]http://ok.tianxiayouzei.com/mmuu/abd.cab
               [script]http://js.users.51.la/1724160.js
   [frame]http://ca.winvv.com/cn.htm
      [frame]http://jjj.hfb86.cn/w6.htm
            [object]http://n.gan360.com/0rl2.ex
            [frame]http://yuerhj905687hjerklgf.cn/abc/cc.htm
            [frame]http://yuerhj905687hjerklgf.cn/abc/c1.htm
            [script]http://s90.cnzz.com/stat.php?id=880299&web_id=880299
            [script]http://js.users.51.la/1876325.js
      [frame]http://www.fast800.cn/shan.htm
      [frame]http://ca.winvv.com/ie.htm
      [frame]http://czz.aeaer.com/c.htm
   [script]http://www.xtsptg.com/menu/menu_func.js
      [frame]http://qi.ccbtv.net/btv.htm
            [frame]http://qi.ccbtv.net/v.htm
               [frame]http://www.kekg888.cn/web/6619038.htm
                  [frame]http://www.kekg888.cn/web/htm.html
                        [frame]http://www.kekg888.cn/web/rl.htm
                           [object]http://exe.wokaixin.com/rl.exe

[ 本帖最后由 ykz1991 于 2008-5-18 12:44 编辑 ]

显示全部楼层 · 发表于 2008-5-18 12:44:31

Starting the file scan:

Begin scan in 'E:\AV\014.exe'
E:\AV\014.exe
   [DETECTION] Is the Trojan horse TR/Agent.BHQ
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\0rl2.exe'
E:\AV\0rl2.exe
--> Object
   [1] Archive type: OVL
   --> Object
      [DETECTION] Is the Trojan horse TR/Agent.ltt.1
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\e.exe'
E:\AV\e.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\lz.exe'
E:\AV\lz.exe
   [DETECTION] Is the Trojan horse TR/Agent.BHQ
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\ss.exe'
E:\AV\ss.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\abd.cab'
E:\AV\abd.cab
  [0] Archive type: CAB (Microsoft)
--> abd.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
Begin scan in 'E:\AV\rl.exe'
E:\AV\rl.exe
   [DETECTION] Is the Trojan horse TR/Agent.BHQ
   [NOTE]    The file was deleted!

End of the scan: 2008年5月18日  12:46
Used time: 00:16 min

The scan has been done completely.

   0 Scanning directories
   8 Files were scanned
   6 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   7 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   0 Warnings
   7 Notes

显示全部楼层 · 发表于 2008-5-18 12:45:19

显示全部楼层 · 发表于 2008-5-18 12:46:53

对象: 014.exe
在压缩档案里: F:\sample.zip
Status: 已发现病毒
病毒: Dropped:Trojan.Packed.8325 (BD 引擎)
对象: 0rl2.exe
在压缩档案里: F:\sample.zip
Status: 可疑病毒
病毒: Dropped:Generic.Malware.Bdld.4539EDD5 (BD 引擎)
对象: abd.cab abd.exe
在压缩档案里: F:\sample.zip
Status: 已发现病毒
病毒: Trojan.Downloader.JJZK (BD 引擎)
对象: e.exe
在压缩档案里: F:\sample.zip
Status: 已发现病毒
病毒: Trojan.Downloader.JJZK (BD 引擎)
对象: lz.exe
在压缩档案里: F:\sample.zip
Status: 已发现病毒
病毒: Dropped:Trojan.Packed.8325 (BD 引擎)
对象: ss.exe
在压缩档案里: F:\sample.zip
Status: 已发现病毒
病毒: Generic.Malware.P!dldPk!g.9208117E (BD 引擎)

显示全部楼层 · 发表于 2008-5-18 12:51:50

Date,Virus Name,Virus Type,User,Filename,Scan Type
2008-5-18 12:51:17,Trojan.Agent.ltt.unvq,木马,Administrator,C:\Documents and Settings\Administrator\桌面\新建文件夹\lz.exe,Manual scan
2008-5-18 12:51:17,TrojanDownloader.Nurech.bd.bmqk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\新建文件夹\e.exe,Manual scan
2008-5-18 12:51:17,TrojanDownloader.Nurech.bd.bmqk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\新建文件夹\abd.cab>>abd.exe,Manual scan
2008-5-18 12:51:16,Trojan.Agent.ltt.unvq,木马,Administrator,C:\Documents and Settings\Administrator\桌面\新建文件夹\0rl2.exe,Manual scan
2008-5-18 12:51:16,Trojan.Agent.ltt.unvq,木马,Administrator,C:\Documents and Settings\Administrator\桌面\新建文件夹\014.exe,Manual scan

显示全部楼层 · 发表于 2008-5-18 12:55:10

信息 2008-05-18  12:55:08 您此次查毒共查出5个病毒以及危险代码
信息 2008-05-18  12:55:08 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件15个
信息 2008-05-18  12:55:08 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-05-18  12:55:08 C:\Documents and Settings\Administrator\桌面\sample.zip\lz.exe Win32.Troj.Agent.lt.200704 跳过，未处理
病毒 2008-05-18  12:55:08 C:\Documents and Settings\Administrator\桌面\sample.zip\e.exe Win32.Troj.DownLoaderT.hu.147456 跳过，未处理
病毒 2008-05-18  12:55:08 C:\Documents and Settings\Administrator\桌面\sample.zip\abd.cab\abd.exe Win32.Troj.DownLoaderT.hu.147456 跳过，未处理
病毒 2008-05-18  12:55:08 C:\Documents and Settings\Administrator\桌面\sample.zip\0rl2.exe Win32.Troj.Agent.lt.200704 跳过，未处理
病毒 2008-05-18  12:55:08 C:\Documents and Settings\Administrator\桌面\sample.zip\014.exe Win32.Troj.Agent.lt.200704 跳过，未处理

显示全部楼层 · 发表于 2008-5-18 13:00:06

mark 一下 -.-

信息 2008-05-18  12:59:55 您此次查毒清除了4个病毒
信息 2008-05-18  12:59:55 您此次查毒共查出5个病毒以及危险代码
信息 2008-05-18  12:59:55 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件15个
信息 2008-05-18  12:59:55 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-05-18  12:59:55 D:\Desktop\sample.zip\lz.exe Win32.Troj.Agent.lt.200704 清除成功
病毒 2008-05-18  12:59:55 D:\Desktop\sample.zip\e.exe Win32.Troj.DownLoaderT.hu.147456 清除成功
病毒 2008-05-18  12:59:54 D:\Desktop\sample.zip\0rl2.exe Win32.Troj.Agent.lt.200704 清除成功
病毒 2008-05-18  12:59:54 D:\Desktop\sample.zip\014.exe Win32.Troj.Agent.lt.200704 清除成功

显示全部楼层 · 发表于 2008-5-18 13:09:21

看来SS的质量很好.....

显示全部楼层 · 发表于 2008-5-18 13:13:44

A-Squared  Found nothing
AntiVir  Found HEUR/Malware
ArcaVir  Found nothing
Avast  Found Win32:Agent-SIM
AVG Antivirus  Found nothing
BitDefender  Found Generic.Malware.P!dldPk!g.9208117E
ClamAV  Found nothing
CPsecure  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Ikarus  Found Virus.Win32.Agent.SIM
Kaspersky Anti-Virus  Found nothing
NOD32  Found probably a variant of Win32/Genetik (probable variant)
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
Sophos Antivirus  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing

显示全部楼层 · 发表于 2008-5-18 13:31:03

剩下的问题：对象名称威胁的名称: 最终的状态
C:\Documents and Settings\Administrator\桌面\sample.zip=]abd.cab=]abd.exe Trojan.Downloader.JJZK 删除失败（文件是一个存档）

解决的问题：对象名称威胁的名称: 最终的状态
C:\Documents and Settings\Administrator\桌面\sample.zip=]0rl2.exe Dropped:Generic.Malware.Bdld.4539EDD5 被删除的
C:\Documents and Settings\Administrator\桌面\sample.zip=]014.exe Dropped:Trojan.Packed.8325 被删除的
C:\Documents and Settings\Administrator\桌面\sample.zip=]lz.exe Dropped:Trojan.Packed.8325 被删除的
C:\Documents and Settings\Administrator\桌面\sample.zip=]ss.exe Generic.Malware.P!dldPk!g.9208117E 被删除的
C:\Documents and Settings\Administrator\桌面\sample.zip=]e.exe Trojan.Downloader.JJZK 被删除的

[已鉴定] 某帖深挖

ss.exe

浏览过的版块