自己中的,暂时不知道解决方法.

显示全部楼层 · 发表于 2008-5-27 19:55:36

帮忙看看什么东西能杀.

显示全部楼层 · 发表于 2008-5-27 19:57:08

MISS

显示全部楼层 · 发表于 2008-5-27 19:57:27

Suspicious Files and Miscellaneous Uploads

Thank you for your submission. Below you can see the current status of the uploaded files.

We received the following archive files:
File ID    Filename Size (Byte) Result
25029540    EZJ34FXK4S.rar 37.36 KB OK

A listing of files contained inside archives alongside their results can be found below:
File ID    Filename Size (Byte) Result
25029527    EZJ34FXK4S.exe    56 KB    MALWARE

Please find a detailed report concerning each individual sample below:
Filename Result
EZJ34FXK4S.exe    MALWARE

The file 'EZJ34FXK4S.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Drop.Agent.zae. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

Print this pagePrint this page

显示全部楼层 · 发表于 2008-5-27 19:57:41

The file 'EZJ34FXK4S.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Drop.Agent.zae. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

显示全部楼层 · 发表于 2008-5-27 20:03:29

RS20.46.12未杀！

显示全部楼层 · 发表于 2008-5-27 20:07:03

创建C:\WINDOWS\SYSTEM32\4K8UFBMR.BAT
创建C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\启动\QQ.EXE

显示全部楼层 · 发表于 2008-5-27 20:10:40

感染型，鄙视之
2004-8-17 JAY20:02:06 MFC Application Process exit C:\Documents and Settings\Owner\桌面\EZJ34FXK4S.exe
2004-8-17 JAY20:01:54 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\QQ2008Spring.exe
2004-8-17 JAY20:01:54 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\千千静听.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\mx_1.6.3.80cn.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\TTPlus2007_DSP_Setup.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\WinRAR V3.71 Final.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\mx_2.1.0.2082cn.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\3604.18setup.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\KASSetup_10_1.EXE
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\powerwordlite.18466.0.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\sogou_pinyin_33.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\VistaFont_CHS.EXE
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\NeoImaging0.26.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\CCleaner.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\ppstreamsetup.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\lingoes_2.3.0_zh.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\sr200804.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\Office2003SP3-KB923618-FullFile-CHS.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\srdshow30.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\360compkill.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\MRVS.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\安装程序\软件储备\FSC.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\2008April2nd\md5summer.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\命令与征服之叛逆者中文版\补丁\Renegade_1015_Chinese.exe
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\命令与征服之叛逆者中文版\命令与征服之叛逆者中文版.EXE
2004-8-17 JAY20:01:53 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\StarCraft\StarCraft\StarCraft.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\红色警戒II--共和国之辉\UNWISE.EXE
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\红色警戒II--共和国之辉\uninstll.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\红色警戒II--共和国之辉\uninst.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\红色警戒II--共和国之辉\trainer.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\红色警戒II--共和国之辉\RegSetup.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\红色警戒II--共和国之辉\ra2.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\红色警戒II--共和国之辉\glory.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\红色警戒II--共和国之辉\Game.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\祖玛印加古青蛙魔法\中文功略.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\祖玛印加古青蛙魔法\zuma.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\Need for Speed Underground 2\eauninstall.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\Need for Speed Underground 2\Support\Need for Speed Underground 2_uninst.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\Need for Speed Underground 2\Support\Need for Speed Underground 2_code.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\Need for Speed Underground 2\Support\EasyInfo.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\Need for Speed Underground 2\Support\EReg.exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\WECN7.5\[鬼泣3]-英文版一键升级包[繁中化v1.2-游戏升级v1.2-游戏电子书-新添资料].exe
2004-8-17 JAY20:01:52 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\WECN7.5\[鬼泣3]-Devil.May.Cry.3.Se.part1.exe
2004-8-17 JAY20:01:51 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\tunshiyu2\FeedingFrenzyTwo.exe
2004-8-17 JAY20:01:51 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\真男人\是男人就上100层.exe
2004-8-17 JAY20:01:51 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\真男人\是男人就来双人决斗.exe
2004-8-17 JAY20:01:51 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\真男人\是男人就过难度5.exe
2004-8-17 JAY20:01:51 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\真男人\是男人就钓一万分.exe
2004-8-17 JAY20:01:51 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\真男人\是男人就撑过20秒.exe
2004-8-17 JAY20:01:51 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\真男人\是男人就下100层.exe
2004-8-17 JAY20:01:51 MFC Application Denied: KLPrivateData/FD-D,E/ Modification D:\游戏\明星三缺一(升级版)\IGSMJ.exe
2004-8-17 JAY20:00:03 MFC Application Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\e7wamrtj.exe
2004-8-17 JAY20:00:02 MFC Application Denied: KLSystemData/KLStartupRegKeys/CommonStartup1 Create C:\Documents and Settings\All Users\「开始」菜单\程序\启动\QQ.exe
2004-8-17 JAY20:00:02 MFC Application : KLSystemData/FD-C/ Create C:\bootfont.biz
2004-8-17 JAY20:00:02 MFC Application Create C:\WINDOWS\system32\E7WAMRTJ.exe
2004-8-17 JAY20:00:02 MFC Application : KLSystemData/FD-C/ Create C:\WINDOWS\system32\E7WAMRTJ.exe
2004-8-17 JAY20:00:02 MFC Application : KLSystemData/KLSystemFiles/SystemExe Create C:\WINDOWS\system32\E7WAMRTJ.exe
2008-5-27 JAY19:58:52 MFC Application Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\qxtencik0.bat
2008-5-27 JAY19:58:51 MFC Application : KLSystemData/FD-C/ Create C:\WINDOWS\system32\QXTENCIK0.bat
2008-5-27 JAY19:58:51 MFC Application Create C:\WINDOWS\system32\QXTENCIK0.bat
2008-5-27 JAY19:58:50 MFC Application Process start C:\Documents and Settings\Owner\桌面\EZJ34FXK4S.exe
2008-5-27 JAY19:58:50 MFC Application Placed in group Low Restricted
2008-5-27 JAY19:58:25 WinRAR.exe Create C:\Documents and Settings\Owner\桌面\EZJ34FXK4S.exe

2004-8-17 JAY20:01:26 Lenovo Process start C:\WINDOWS\system32\E7WAMRTJ.exe
2004-8-17 JAY20:00:58 Lenovo Denied: KLPrivileges/KLPermissionSystem/KLPermissionSysObjAccess/KLShellWindowsAcceess Access to internal browser data
2004-8-17 JAY20:00:04 Lenovo : KLSystemData/FD-C/ Create C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat
2004-8-17 JAY20:00:04 Lenovo : KLSystemData/FD-C/ Create C:\Documents and Settings\Owner\Cookies\index.dat
2004-8-17 JAY20:00:04 Lenovo : KLSystemData/FD-C/ Create C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2004-8-17 JAY20:00:03 Lenovo Process start C:\WINDOWS\system32\E7WAMRTJ.exe
2004-8-17 JAY20:00:03 Lenovo Placed in group Low Restricted
2004-8-17 JAY20:00:02 MFC Application Create C:\WINDOWS\system32\E7WAMRTJ.exe

2008-5-27 JAY19:58:59 QXTENCIK0.bat Process exit C:\WINDOWS\system32\QXTENCIK0.bat
2008-5-27 JAY19:58:59 QXTENCIK0.bat Denied: KLSystemData/FD-C/ Delete C:\WINDOWS\system32\QXTENCIK0.bat
2008-5-27 JAY19:58:59 QXTENCIK0.bat Denied: KLSystemData/FD-C/ Delete C:\WINDOWS\system32\QXTENCIK0.bat
2004-8-17 JAY20:02:08 QXTENCIK0.bat Denied: KLSystemData/FD-C/ Delete C:\Documents and Settings\Owner\桌面\EZJ34FXK4S.exe
2004-8-17 JAY20:02:08 QXTENCIK0.bat Denied: KLSystemData/FD-C/ Delete C:\Documents and Settings\Owner\桌面\EZJ34FXK4S.exe
2004-8-17 JAY20:02:03 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\ping.exe
2004-8-17 JAY20:02:03 QXTENCIK0.bat Denied: KLSystemData/FD-C/ Delete C:\WINDOWS\Media\Windows XP 弹出窗口已阻止.wav
2004-8-17 JAY20:02:03 QXTENCIK0.bat Denied: KLSystemData/FD-C/ Delete C:\WINDOWS\Media\Windows XP 弹出窗口已阻止.wav
2004-8-17 JAY20:02:03 QXTENCIK0.bat Denied: KLSystemData/FD-C/ Delete C:\WINDOWS\Media\Windows XP 信息栏.wav
2004-8-17 JAY20:02:03 QXTENCIK0.bat Denied: KLSystemData/FD-C/ Delete C:\WINDOWS\Media\Windows XP 信息栏.wav
2004-8-17 JAY20:02:03 QXTENCIK0.bat Denied: KLSystemData/FD-C/ Delete C:\WINDOWS\Media\Windows XP 开始.wav
2004-8-17 JAY20:01:26 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\sc.exe
2004-8-17 JAY20:01:26 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\reg.exe
2004-8-17 JAY20:01:26 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\reg.exe
2004-8-17 JAY20:01:25 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\reg.exe
2004-8-17 JAY20:01:25 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\reg.exe
2004-8-17 JAY20:01:25 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\reg.exe
2004-8-17 JAY20:01:24 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\regsvr32.exe
2004-8-17 JAY20:01:24 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\regsvr32.exe
2004-8-17 JAY20:01:23 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\regsvr32.exe
2004-8-17 JAY20:00:05 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\regsvr32.exe
2004-8-17 JAY20:00:04 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\regsvr32.exe
2004-8-17 JAY20:00:04 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\sc.exe
2004-8-17 JAY20:00:04 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\sc.exe
2004-8-17 JAY20:00:00 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\ping.exe
2004-8-17 JAY20:00:00 QXTENCIK0.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc Process start c:\windows\system32\conime.exe
2008-5-27 JAY19:58:52 QXTENCIK0.bat Process start C:\WINDOWS\system32\QXTENCIK0.bat
2008-5-27 JAY19:58:51 QXTENCIK0.bat Placed in group Low Restricted
2008-5-27 JAY19:58:51 MFC Application Create C:\WINDOWS\system32\QXTENCIK0.bat

显示全部楼层 · 发表于 2008-5-27 20:15:15

bat文件名随机，之后修改系统时间
并在system32下生成随机文件名exe，建立启动项
联网、修改硬盘exe文件、注册表.........行为真够丰富的

显示全部楼层 · 发表于 2008-5-27 20:17:20

我是禁止了生成BAT的~所以之后有什么动作就不知了

显示全部楼层 · 发表于 2008-5-27 20:36:01

[病毒样本] 自己中的,暂时不知道解决方法.

本帖子中包含更多资源

评分

ArcaVir2008, F-Prot 4.4.4

a

2/0

本帖子中包含更多资源

回复 6楼 tvuser2007 的帖子

回复 8楼 palfan 的帖子

本帖子中包含更多资源

浏览过的版块