江民报毒··

显示全部楼层 · 发表于 2008-5-31 23:49:25

网址是：http://zx.china-b.com/xncjdx/zixun_46629_2.html

显示全部楼层 · 发表于 2008-6-1 00:01:52

FF+ADB＋红伞不报…

显示全部楼层 · 发表于 2008-6-1 00:02:32

未开WG

显示全部楼层 · 发表于 2008-6-1 00:04:51

果然用IE就报了……

未命名.jpg

显示全部楼层 · 发表于 2008-6-1 00:22:14

能否发样本上来啊，不赶进去、

那个htm

[ 本帖最后由 yk1234 于 2008-6-1 00:26 编辑 ]

显示全部楼层 · 发表于 2008-6-1 00:25:04

样本（19）.rar (341.56 KB, 下载次数: 89)

显示全部楼层 · 发表于 2008-6-1 00:28:55

Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD\ad02.swf'
C:\TDDOWNLOAD\
  ad02.swf
[0] Archive type: SWC
--> Object
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\ko.exe'
C:\TDDOWNLOAD\
  ko.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
      [2] Archive type: OVL
      --> Object
         [3] Archive type: Runtime Packed
         --> Object
   [DETECTION] Is the Trojan horse TR/Downloader.Gen
   [NOTE]    The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\ad01.swf'
C:\TDDOWNLOAD\
  ad01.swf
[0] Archive type: SWC
--> Object
   [NOTE]    The file was deleted!

End of the scan: 2008年5月31日  09:28
Used time: 00:05 min

The scan has been done completely.

   0 Scanning directories
   3 Files were scanned
   3 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   3 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   0 Archives were scanned
   0 Warnings
   3 Notes

显示全部楼层 · 发表于 2008-6-1 00:42:58

全灭

Start of the scan: 2008年5月31日  09:42

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\样本（19）'
C:\Documents and Settings\morgan\My Documents\样本（19）\
  1.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aiyg
         [WARNING] Infected files in archives cannot be repaired!
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
  10.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  11.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  12.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '486f8031.qua'!
  13.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  14.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  15.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '486f8034.qua'!
  16.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aipa
         [WARNING] Infected files in archives cannot be repaired!
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
  17.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ajus
         [WARNING] Infected files in archives cannot be repaired!
      --> Object
   [NOTE]    The file was deleted!
  18.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  2.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  3.exe
[0] Archive type: OVL
   --> Object
      [1] Archive type: Runtime Packed
      --> Object
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  4.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ajtp
         [WARNING] Infected files in archives cannot be repaired!
      --> Object
   [NOTE]    The file was deleted!
  5.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ajtg
         [WARNING] Infected files in archives cannot be repaired!
      --> Object
         [DETECTION] Contains detection pattern of the worm WORM/Downloader.MM
         [WARNING] Infected files in archives cannot be repaired!
   [NOTE]    The file was deleted!
  6.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.akyd
   [NOTE]    The file was deleted!
  7.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ajnn
         [WARNING] Infected files in archives cannot be repaired!
   [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
   [NOTE]    The file was deleted!
  8.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  9.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ajus
         [WARNING] Infected files in archives cannot be repaired!
      --> Object
   [NOTE]    The file was deleted!
  ko.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
      [2] Archive type: OVL
      --> Object
         [3] Archive type: Runtime Packed
         --> Object
   [DETECTION] Is the Trojan horse TR/Downloader.Gen
   [NOTE]    The file was deleted!

End of the scan: 2008年5月31日  09:42
Used time: 00:05 min

The scan has been done completely.

   1 Scanning directories
   19 Files were scanned
   21 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   17 files were deleted
   0 files were repaired
   2 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -2 Files not concerned
   0 Archives were scanned
   8 Warnings
   19 Notes

显示全部楼层 · 发表于 2008-6-1 00:43:53

ACCESS DENIED
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: http://bbs.kafan.cn/attachment.p ... 5a&t=1212252107

The folowing error was encountered:

The requested object is INFECTED. The following viruses Trojan-PSW.Win32.OnLineGames.aido were found

Please contact your service provider if you feel this is incorrect.

--------------------------------------------------------------------------------

Generated Sun Jun 01 00:44:31 2008 by 卡巴斯基反病毒软件 7.0

显示全部楼层 · 发表于 2008-6-1 02:57:54

启发报两只已上报

File ID	Filename	Size (Byte)	Result
25033153	15.exe	16.12 KB	UNDER ANALYSIS
25033492	12.exe	19.79 KB	UNDER ANALYSIS

[已鉴定] 江民报毒··

回复 7楼 mofunzone 的帖子