md5：2c9eaae8656cd1ab5d993e2f434a23c8

显示全部楼层 · 发表于 2008-5-25 23:12:18

File:	v.rar
Status:	INFECTED/MALWARE
MD5:	2c9eaae8656cd1ab5d993e2f434a23c8
Packers detected:	-

Scanner results
Scan taken on 25 May 2008 15:06:57 (GMT)
A-Squared	Found nothing
AntiVir	Found nothing
ArcaVir	Found nothing
Avast	Found nothing
AVG Antivirus	Found nothing
BitDefender	Found nothing
ClamAV	Found nothing
CPsecure	Found nothing
Dr.Web	Found nothing
F-Prot Antivirus	Found nothing
F-Secure Anti-Virus	Found nothing
Fortinet	Found nothing
Ikarus	Found nothing
Kaspersky Anti-Virus	Found nothing
NOD32	Found nothing
Norman Virus Control	Found nothing
Panda Antivirus	Found nothing
Sophos Antivirus	Found Mal/EncPk-DA
VirusBuster	Found nothing
VBA32	Found MalwareScope.Worm.Nuwar-Glowa.1

显示全部楼层 · 发表于 2008-5-25 23:18:38

TO KL

2008-5-25 JAY23:16:11 v.exe  Process exit C:\Documents and Settings\Owner\桌面\v.exe
2008-5-25 JAY23:15:37 v.exe : KLSystemData/FD-C/ Create C:\WINDOWS\system32\CbEvtSvc.exe
2008-5-25 JAY23:15:37 v.exe  Create C:\WINDOWS\system32\CbEvtSvc.exe
2008-5-25 JAY23:15:37 v.exe : KLSystemData/KLSystemFiles/SystemExe Create C:\WINDOWS\system32\CbEvtSvc.exe
2008-5-25 JAY23:15:34 v.exe  Process start C:\Documents and Settings\Owner\桌面\v.exe
2008-5-25 JAY23:15:34 v.exe  Placed in group Low Restricted
2008-5-25 JAY23:14:56 WinRAR.exe  Create C:\Documents and Settings\Owner\桌面\v.exe

2008-5-25 JAY23:16:11 CbEvtSvc.exe  Create HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc/Opt
2008-5-25 JAY23:16:09 CbEvtSvc.exe  Process start C:\WINDOWS\system32\CbEvtSvc.exe
2008-5-25 JAY23:16:08 CbEvtSvc.exe  Placed in group Low Restricted
2008-5-25 JAY23:15:37 v.exe  Create C:\WINDOWS\system32\CbEvtSvc.exe

[ 本帖最后由 wangjay1980 于 2008-5-25 23:20 编辑 ]

显示全部楼层 · 发表于 2008-5-26 09:55:21

The file 'v.exe' has been determined to be 'UNDER ANALYSIS'.

显示全部楼层 · 发表于 2008-5-26 11:00:40

显示全部楼层 · 发表于 2008-5-26 14:09:35

Starting the file scan:
Begin scan in 'E:\AV\v.rar'
E:\AV\v.rar
  [0] Archive type: RAR
  --> v.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Exchanger.BH
   [NOTE]    The file was deleted!

[ 本帖最后由 Exia 于 2008-5-26 14:20 编辑 ]

显示全部楼层 · 发表于 2008-5-26 14:11:34

Time Module Object Name Threat Action User Information
2008/5/26 14:11:51 DMON archive http://bbs.kafan.cn/attachment.p ... 45&t=1211782231 probably a variant of Win32/Nuwar worm quarantined - deleted Jason-PC\Jason

显示全部楼层 · 发表于 2008-5-26 20:39:31

RS20.46.02未杀！

显示全部楼层 · 发表于 2008-5-26 20:41:03

金山毒霸 0

显示全部楼层 · 发表于 2008-5-26 21:03:06

创建C:\WINDOWS\SYSTEM32\CBEVTSVC.EXE
修改C:\WINDOWS\SYSTEM32\CBEVTSVC.EXE
注册表项：HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CBEVTSVC\
创建键:
删除C:\WINDOWS\SYSTEM32\CBEVTSVC.EXE

显示全部楼层 · 发表于 2008-5-26 21:08:43

已删除：木马程序 Trojan-Downloader.Win32.Exchanger.bh 文件　: G:\Temp\v.rar/v.exe

[病毒样本] md5：2c9eaae8656cd1ab5d993e2f434a23c8

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

2/0