赶尽杀绝。。。

显示全部楼层 · 发表于 2008-5-28 04:42:50

Log is generated by FreShow.
[wide]http://www.mop-mop.net/news.html
[script]http://user1.isee080.net/flash2.swf
      [object]http://user1.12-26.net/bak.css
[script]http://user1.isee080.net/flash1.swf
      [object]http://user1.12-26.net/bak.css
[script]http://user1.isee080.net/ms06014.js
      [object]http://user1.12-26.net/bak.css
[frame]http://user1.isee080.net/GLWORLD.html
      [object]http://dz.us.net/bak.css
[script]http://user1.isee080.net/real.js
      [object]http://user1.12-26.net/bak.css
[frame]http://user1.isee080.net/Real.html
      [object]http://dz.us.net/bak.css
[frame]http://user1.isee080.net/Thunder.html
      [object]http://dz.us.net/bak.css
[frame]http://www.guccime.net/456.htm
      [object]http://www.guccime.net/4562.swf
      [object]http://www.guccime.net/4561.swf

所有挂的马都是同一个东西——bak.css

bak.css连接到  http://www.dtdtdk.net/dk.txt

下载38个木马：

h**p://updatea.softhomeba.com/softd.exe
h**p://updatea.softhomeba.com/soft0.exe
h**p://updatea.softhomeba.com/soft1.exe
h**p://updatea.softhomeba.com/soft2.exe
h**p://updatea.softhomeba.com/soft3.exe
h**p://updatea.softhomeba.com/soft4.exe
h**p://updatea.softhomeba.com/soft5.exe
h**p://updatea.softhomeba.com/soft6.exe
h**p://updatea.softhomeba.com/soft7.exe
h**p://updateb.softhomeba.com/soft8.exe
h**p://updateb.softhomeba.com/soft9.exe
h**p://updateb.softhomeba.com/soft10.exe
h**p://updateb.softhomeba.com/soft11.exe
h**p://updateb.softhomeba.com/soft12.exe
h**p://updateb.softhomeba.com/soft13.exe
h**p://updateb.softhomeba.com/soft14.exe
h**p://updatec.softhomeba.com/soft15.exe
h**p://updatec.softhomeba.com/soft16.exe
h**p://updatec.softhomeba.com/soft17.exe
h**p://updatec.softhomeba.com/soft18.exe
h**p://updatec.softhomeba.com/soft19.exe
h**p://updatec.softhomeba.com/soft20.exe
h**p://updatec.softhomeba.com/soft21.exe
h**p://updatec.softhomeba.com/soft22.exe
h**p://updatec.softhomeba.com/soft23.exe
h**p://updatec.softhomeba.com/soft24.exe
h**p://updated.softhomeba.com/soft25.exe
h**p://updated.softhomeba.com/soft26.exe
h**p://updated.softhomeba.com/soft27.exe
h**p://updated.softhomeba.com/soft28.exe
h**p://updated.softhomeba.com/soft29.exe
h**p://updated.softhomeba.com/soft30.exe
h**p://updated.softhomeba.com/soft31.exe
h**p://updated.softhomeba.com/soft32.exe
h**p://updated.softhomeba.com/soft33.exe
h**p://updated.softhomeba.com/soft34.exe
h**p://updated.softhomeba.com/soft35.exe
h**p://updated.softhomeba.com/soft36.exe

取出重复后所有样本共计39例

显示全部楼层 · 发表于 2008-5-28 04:49:51

avast 33
avg 35
kaspersky 39
jiangmin 13
antivir 39
bitdefender 29

显示全部楼层 · 发表于 2008-5-28 05:05:29

刚借同学的金山试了一下，杀9个

信息 2008-05-28 05:00:16 您此次查毒删除了9个文件
信息 2008-05-28 05:00:16 您此次查毒共查出9个病毒以及危险代码
信息 2008-05-28 05:00:16 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件93个
信息 2008-05-28 05:00:16 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-05-28 05:00:15 G:\Virus\MM.zip\MM\soft4.exe Win32.Troj.OnlineGameT.ss.106496 删除成功
病毒 2008-05-28 05:00:15 G:\Virus\MM.zip\MM\soft36.exe Win32.Troj.Small.16384 删除成功
病毒 2008-05-28 05:00:14 G:\Virus\MM.zip\MM\soft34.exe Win32.Troj.OnlineGames.aw.49152 删除成功
病毒 2008-05-28 05:00:13 G:\Virus\MM.zip\MM\soft30.exe Win32.Troj.OnlineGameT.ni.49152 删除成功
病毒 2008-05-28 05:00:13 G:\Virus\MM.zip\MM\soft29.exe Win32.Troj.OnlineGames.aw.49293 删除成功
病毒 2008-05-28 05:00:13 G:\Virus\MM.zip\MM\soft28.exe Win32.PSWTroj.OnLineGames.106496 删除成功
病毒 2008-05-28 05:00:13 G:\Virus\MM.zip\MM\soft27.exe Win32.Troj.OnlineGames.cd.49152 删除成功
病毒 2008-05-28 05:00:08 G:\Virus\MM.zip\MM\soft11.exe Win32.Troj.OnlineGamesT.xe.106496 删除成功
病毒 2008-05-28 05:00:07 G:\Virus\MM.zip\MM\soft0.exe Win32.Troj.Small.16384 删除成功
信息 2008-05-28 04:59:19 金山毒霸主程序启动查毒过程，查毒方式：命令行查毒
信息 2008-05-28 04:59:18 金山毒霸主程序启动

显示全部楼层 · 发表于 2008-5-28 05:28:17

Virus or unwanted program 'TR/Dldr.Small.iwh [trojan]'
detected in file 'E:\AV\bak.css.
Action performed: Deny access

显示全部楼层 · 发表于 2008-5-28 06:03:39

IKARUS杀31已知+5启发

h:\virus\MM.zip:\MM\BAK.CSS
h:\virus\MM.zip:\MM\soft0.exe - Signatur 'Virus.Trojan.Win32.Agent.nbj' gefunden
h:\virus\MM.zip:\MM\soft1.exe - Signatur 'Generic.PWS.Games.1' gefunden
h:\virus\MM.zip:\MM\soft10.exe - bedenkliche Programmsequenz gefunden (Level: 140)
h:\virus\MM.zip:\MM\soft11.exe - Signatur 'Trojan-Downloader.Win32.Zlob.and' gefunden
h:\virus\MM.zip:\MM\soft12.exe - Signatur 'Virus.Win32.OnLineGames.DQS' gefunden
h:\virus\MM.zip:\MM\soft13.exe - Signatur 'Virus.Win32.OnLineGames.DQS' gefunden
h:\virus\MM.zip:\MM\soft14.exe - Signatur 'Trojan-PWS.Win32.Lmir.awg' gefunden
h:\virus\MM.zip:\MM\soft15.exe - Signatur 'Virus.Win32.OnLineGames.DJX' gefunden
h:\virus\MM.zip:\MM\soft16.exe - Signatur 'Trojan-PWS.Win32.Lmir.awg' gefunden
h:\virus\MM.zip:\MM\soft17.exe - Signatur 'Virus.Rootkit.Win32.Agent.anz' gefunden
h:\virus\MM.zip:\MM\soft18.exe - Signatur 'Trojan-Dropper' gefunden
h:\virus\MM.zip:\MM\soft19.exe - bedenkliche Programmsequenz gefunden (Level: 140)
h:\virus\MM.zip:\MM\soft2.exe - Signatur 'Virus.Win32.OnLineGames.DQS' gefunden
h:\virus\MM.zip:\MM\soft20.exe - Signatur 'Virus.Win32.OnLineGames.DAB' gefunden
h:\virus\MM.zip:\MM\soft21.exe - Signatur 'Trojan-Downloader.Win32.Zlob.and' gefunden
h:\virus\MM.zip:\MM\soft22.exe - Signatur 'Virus.Win32.OnLineGames.DQS' gefunden
h:\virus\MM.zip:\MM\soft23.exe - Signatur 'Virus.Win32.OnLineGames.DQS' gefunden
h:\virus\MM.zip:\MM\soft24.exe - bedenkliche Programmsequenz gefunden (Level: 140)
h:\virus\MM.zip:\MM\soft25.exe - bedenkliche Programmsequenz gefunden (Level: 140)
h:\virus\MM.zip:\MM\soft26.exe - Signatur 'Virus.Win32.OnLineGames.DQS' gefunden
h:\virus\MM.zip:\MM\soft27.exe - Signatur 'Trojan-Dropper' gefunden
h:\virus\MM.zip:\MM\soft28.exe - Signatur 'Trojan-Downloader.Win32.Zlob.and' gefunden
h:\virus\MM.zip:\MM\soft29.exe - Signatur 'Trojan-Spy.Win32.Vagon.A' gefunden
h:\virus\MM.zip:\MM\soft3.exe - Signatur 'Virus.Win32.OnLineGames.DQS' gefunden
h:\virus\MM.zip:\MM\soft30.exe - Signatur 'Generic.PWS.Games.4' gefunden
h:\virus\MM.zip:\MM\soft31.exe - Signatur 'Trojan-Spy.Win32.Vagon.A' gefunden
h:\virus\MM.zip:\MM\soft32.exe
h:\virus\MM.zip:\MM\soft33.exe - Signatur 'Virus.Win32.OnLineGames.DQS' gefunden
h:\virus\MM.zip:\MM\soft34.exe - Signatur 'Trojan-PWS.Win32.OnLineGames.aimc' gefunden
h:\virus\MM.zip:\MM\soft35.exe - Signatur 'Virus.Win32.OnLineGames.DQS' gefunden
h:\virus\MM.zip:\MM\soft36.exe - Signatur 'Virus.Trojan.Win32.Agent.nbj' gefunden
h:\virus\MM.zip:\MM\soft4.exe - Signatur 'Trojan-Downloader.Win32.Zlob.and' gefunden
h:\virus\MM.zip:\MM\soft5.exe - Signatur 'Virus.Win32.OnLineGames.DQS' gefunden
h:\virus\MM.zip:\MM\soft6.exe - Signatur 'Trojan-Dropper' gefunden
h:\virus\MM.zip:\MM\soft7.exe - Signatur 'Trojan-Dropper' gefunden
h:\virus\MM.zip:\MM\soft8.exe - Signatur 'Trojan-Downloader.Win32.Delf.aam' gefunden
h:\virus\MM.zip:\MM\soft9.exe - bedenkliche Programmsequenz gefunden (Level: 140)
h:\virus\MM.zip:\MM\softd.exe
h:\virus\MM.zip
40 Dateien 黚erpr黤t
(1 Archiv mit 39 Dateien)
31 Signaturen gefunden
5 bedenkliche Programmsequenzen gefunden
Ben鰐igte Zeit: 0:00.461

显示全部楼层 · 发表于 2008-5-28 06:26:15

Scan performed at: 2008/5/28 6:25:52
Scanning Log
NOD32 version 3136 (20080527) NT
Command line: G:\v\MM.zip
C:\Program Files\Eset\nod32.exe - is OK

Date: 28.5.2008 Time: 06:25:58
Anti-Stealth technology is enabled.
Scanned disks, folders and files: G:\v\MM.zip
G:\v\MM.zip ?ZIP ?MM/BAK.CSS - is OK
G:\v\MM.zip ?ZIP ?MM/soft0.exe - Win32/Small.NDW trojan
G:\v\MM.zip ?ZIP ?MM/soft1.exe - a variant of Win32/PSW.OnLineGames.NWB trojan
G:\v\MM.zip ?ZIP ?MM/soft10.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft11.exe - a variant of Win32/PSW.OnLineGames.ZJK trojan
G:\v\MM.zip ?ZIP ?MM/soft12.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft13.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft14.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft15.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft16.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft17.exe - Win32/TrojanDownloader.Agent.NYX trojan
G:\v\MM.zip ?ZIP ?MM/soft18.exe - a variant of Win32/PSW.OnLineGames.NWB trojan
G:\v\MM.zip ?ZIP ?MM/soft19.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft2.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft20.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft21.exe - a variant of Win32/PSW.OnLineGames.ZJK trojan
G:\v\MM.zip ?ZIP ?MM/soft22.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft23.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft24.exe - a variant of Win32/PSW.OnLineGames.NWB trojan
G:\v\MM.zip ?ZIP ?MM/soft25.exe - probably a variant of Win32/PSW.OnLineGames.NWB trojan
G:\v\MM.zip ?ZIP ?MM/soft26.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft27.exe - a variant of Win32/PSW.OnLineGames.NWB trojan
G:\v\MM.zip ?ZIP ?MM/soft28.exe - a variant of Win32/PSW.OnLineGames.ZJK trojan
G:\v\MM.zip ?ZIP ?MM/soft29.exe - a variant of Win32/PSW.OnLineGames.NWB trojan
G:\v\MM.zip ?ZIP ?MM/soft3.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft30.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft31.exe - a variant of Win32/PSW.OnLineGames.NMQ trojan
G:\v\MM.zip ?ZIP ?MM/soft32.exe - is OK
G:\v\MM.zip ?ZIP ?MM/soft33.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft34.exe - Win32/PSW.OnLineGames.NWB trojan
G:\v\MM.zip ?ZIP ?MM/soft35.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft36.exe - Win32/Small.NDW trojan
G:\v\MM.zip ?ZIP ?MM/soft4.exe - a variant of Win32/PSW.OnLineGames.ZJK trojan
G:\v\MM.zip ?ZIP ?MM/soft5.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/soft6.exe - probably a variant of Win32/PSW.OnLineGames.NWB trojan
G:\v\MM.zip ?ZIP ?MM/soft7.exe - probably a variant of Win32/PSW.OnLineGames.NWB trojan
G:\v\MM.zip ?ZIP ?MM/soft8.exe - a variant of Win32/PSW.OnLineGames.NMQ trojan
G:\v\MM.zip ?ZIP ?MM/soft9.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
G:\v\MM.zip ?ZIP ?MM/softd.exe - is OK
G:\v\MM.zip:Zone.Identifier - is OK
Number of scanned files: 40
Number of threats found: 36
Time of completion: 06:26:04 Total scanning time: 6 sec (00:00:06)

显示全部楼层 · 发表于 2008-5-28 07:42:31

nod32难得有好成绩啊

显示全部楼层 · 发表于 2008-5-28 08:00:36

革命之路漫漫啊

信息 2008-05-28  08:00:13 您此次查毒清除了9个病毒
信息 2008-05-28  08:00:13 您此次查毒共查出9个病毒以及危险代码
信息 2008-05-28  08:00:13 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件93个
信息 2008-05-28  08:00:13 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-05-28  08:00:12 D:\Desktop\MM.zip\MM\soft4.exe Win32.Troj.OnlineGameT.ss.106496 清除成功
病毒 2008-05-28  08:00:12 D:\Desktop\MM.zip\MM\soft36.exe Win32.Troj.Small.16384 清除成功
病毒 2008-05-28  08:00:11 D:\Desktop\MM.zip\MM\soft34.exe Win32.Troj.OnlineGames.aw.49152 清除成功
病毒 2008-05-28  08:00:10 D:\Desktop\MM.zip\MM\soft30.exe Win32.Troj.OnlineGameT.ni.49152 清除成功
病毒 2008-05-28  08:00:10 D:\Desktop\MM.zip\MM\soft29.exe Win32.Troj.OnlineGames.aw.49293 清除成功
病毒 2008-05-28  08:00:10 D:\Desktop\MM.zip\MM\soft28.exe Win32.PSWTroj.OnLineGames.106496 清除成功
病毒 2008-05-28  08:00:10 D:\Desktop\MM.zip\MM\soft27.exe Win32.Troj.OnlineGames.cd.49152 清除成功
病毒 2008-05-28  08:00:06 D:\Desktop\MM.zip\MM\soft11.exe Win32.Troj.OnlineGamesT.xe.106496 清除成功
病毒 2008-05-28  08:00:05 D:\Desktop\MM.zip\MM\soft0.exe Win32.Troj.Small.16384 清除成功

显示全部楼层 · 发表于 2008-5-28 08:03:29

SEP报了30个

显示全部楼层 · 发表于 2008-5-28 08:52:43

微点9个报已知，29个报未知

[病毒样本] 赶尽杀绝。。。

本帖子中包含更多资源

mm.zip

回复 6楼 woai_jolin 的帖子

浏览过的版块