一大包病毒

显示全部楼层 · 发表于 2008-6-3 17:08:00

一大包病毒
病毒下载表:
2008-6-1=http://60.190.114.61/a1.exe
2008-6-1=http://60.190.114.61/a2.exe
2008-6-1=http://60.190.114.61/a3.exe
2008-6-1=http://60.190.114.61/a4.exe
2008-6-1=http://60.190.114.61/a5.exe
2008-6-1=http://60.190.114.61/a6.exe
2008-6-1=http://60.190.114.61/a7.exe
2008-6-1=http://60.190.114.61/a8.exe
2008-6-1=http://60.190.114.61/a9.exe
2008-6-1=http://60.190.114.61/a10.exe
2008-6-1=http://60.190.114.61/a11.exe
2008-6-1=http://60.190.114.61/a12.exe
2008-6-1=http://60.190.114.61/a13.exe
2008-6-1=http://60.190.114.61/a14.exe
2008-6-1=http://60.190.114.61/a15.exe
2008-6-1=http://60.190.114.61/a16.exe
2008-6-1=http://60.190.114.61/a17.exe
2008-6-1=http://60.190.114.61/a18.exe
2008-6-1=http://60.190.114.61/a19.exe
2008-6-1=http://59.34.198.190/a20.exe
2008-6-1=http://59.34.198.190/a21.exe
2008-6-1=http://59.34.198.190/a22.exe
2008-6-1=http://59.34.198.190/a23.exe
2008-6-1=http://59.34.198.190/a24.exe
2008-6-1=http://59.34.198.190/a25.exe
2008-6-1=http://59.34.198.190/a26.exe
2008-6-1=http://59.34.198.190/a27.exe
2008-6-1=http://59.34.198.190/a28.exe
2008-6-1=http://59.34.198.190/a29.exe

显示全部楼层 · 发表于 2008-6-3 17:14:29

AVK25

显示全部楼层 · 发表于 2008-6-3 17:24:48

红伞，报！！！

显示全部楼层 · 发表于 2008-6-3 17:27:16

红伞，报！！！

显示全部楼层 · 发表于 2008-6-3 17:39:28

C:\Documents and Settings\桌面\6.2\dudu\0.exe
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\15.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48730ff8.qua'!
C:\Documents and Settings\桌面\6.2\dudu\27.exe
   [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\28.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48730ffb.qua'!
C:\Documents and Settings\桌面\6.2\dudu\5.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48aa0ff1.qua'!
C:\Documents and Settings\桌面\6.2\dudu\bb.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\d32dx9.sys
   [DETECTION] Is the Trojan horse TR/Spy.KeySpy.U
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\gpr40D.exe
   [DETECTION] Is the Trojan horse TR/Agent.qsy.2
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\gpr458.exe
   [DETECTION] Is the Trojan horse TR/Agent.qsy.1
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\midimapcb.dll
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.crt
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\midimapcq.dll
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.crr
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\midimapcqsj.dll
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.cru
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\midimapms.dll
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.crs
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\midimapmy.dll
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.cmy
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\midimaptl.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.alae
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\midimapwd.dll
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.cni
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\midimapwl.dll
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.cnj
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\midimapwm.dll
   [DETECTION] Is the Trojan horse TR/PSW.22164
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\midimapzx.dll
   [DETECTION] Is the Trojan horse TR/Inject.cky
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\rl.htm
   [DETECTION] Contains detection pattern of the Java script virus JS/Agent.ES
   [NOTE]    The file was deleted!
C:\Documents and Settings\桌面\6.2\dudu\updatax.exe
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
余下的上报。

显示全部楼层 · 发表于 2008-6-3 17:39:46

一大堆解压错误的东东

2008-6-3 17:41:29 文件系统实时防护文件 D:\firefox download\dudu\dudu\rl.htm JS/Exploit.RealPlay.IX 特洛伊木马通过删除清除 - 已隔离 NT AUTHORITY\SYSTEM 在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-3 17:41:27 文件系统实时防护文件 D:\firefox download\dudu\dudu\0.exe Win32/Delf.NLT 特洛伊木马通过删除清除 - 已隔离 NT AUTHORITY\SYSTEM 在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-3 17:41:24 文件系统实时防护文件 D:\firefox download\dudu\dudu\d32dx9.sys Win32/Spy.KeySpy.U 特洛伊木马通过删除清除 - 已隔离 NT AUTHORITY\SYSTEM 在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-3 17:41:21 文件系统实时防护文件 D:\firefox download\dudu\dudu\gpr458.exe Win32/Spy.KeySpy.U 特洛伊木马通过删除清除 - 已隔离 NT AUTHORITY\SYSTEM 在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-3 17:41:16 文件系统实时防护文件 D:\firefox download\dudu\dudu\updatax.exe Win32/Delf.NLT 特洛伊木马通过删除清除 - 已隔离 NT AUTHORITY\SYSTEM 在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.

显示全部楼层 · 发表于 2008-6-3 17:42:19

下载包里垃圾太多了

显示全部楼层 · 发表于 2008-6-3 18:14:44

卡巴8无声？？？？？？？

显示全部楼层 · 发表于 2008-6-3 18:19:57

TF把EXE砍了。。。。。

图不截了。。。

显示全部楼层 · 发表于 2008-6-3 18:23:07

红伞，检出18，可疑3

[病毒样本] 一大包病毒

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源