收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 我昨天中的一个病毒
12下一页
返回列表 发新帖
查看: 3280|回复: 15
收起左侧

[病毒样本] 我昨天中的一个病毒

[复制链接]
cl19871004
发表于 2008-6-8 10:42:45 | 显示全部楼层 |阅读模式
我昨天中的一个病毒,我的电脑什么杀毒软件也没装,只装了个影子系统2008,没想到竟会中病毒,这个病毒居然穿透了影子系统.可见,影子系统并不是无毒不侵的,还是装个杀毒软件好.
其中有1个病毒文件在杀毒时被删除了,所以不全.
看一下下面的报告, VirSCAN.org(国内)可疑文件在线扫描一个也没扫到.


文件 Quarantine.rar 接收于 2008.06.08 04:52:47 (CET)


反病毒引擎版本最后更新扫描结果
AhnLab-V32008.5.30.12008.06.05-
AntiVir7.8.0.552008.06.06TR/PSW.OnlineGames.NVI.264
Authentium5.1.0.42008.06.08W32/Heuristic-210!Eldorado
Avast4.8.1195.02008.06.08Win32:OnLineGames-DQS
AVG7.5.0.5162008.06.07PSW.OnlineGames.ASHS
BitDefender7.22008.06.08Trojan.Patched.BZ
CAT-QuickHeal9.502008.06.07TrojanPSW.OnLineGames.amno
ClamAV0.92.12008.06.08Trojan.Spy-36928
DrWeb4.44.0.091702008.06.07Trojan.PWS.Gamania.origin
eSafe7.0.15.02008.06.05Win32.OnLineGames.am
eTrust-Vet31.6.58552008.06.06-
Ewido4.02008.06.07-
F-Prot4.4.4.562008.06.08W32/Heuristic-210!Eldorado
F-Secure6.70.13260.02008.06.07Trojan-PSW.Win32.OnLineGames.amno
Fortinet3.14.0.02008.06.07W32/OnLineGames.AMPJ!tr.pws
GData2.0.7306.10232008.06.08Trojan-PSW.Win32.OnLineGames.amno
IkarusT3.1.1.26.02008.06.08Trojan-PWS.Win32.OnLineGames.amno
Kaspersky7.0.0.1252008.06.08Trojan-PSW.Win32.OnLineGames.amno
McAfee53122008.06.06New Malware.ey
Microsoft1.36042008.06.08PWS:Win32/OnLineGames.ZDI
NOD32v231652008.06.06probably a variant of Win32/PSW.OnLineGames.NWC
Norman5.80.022008.06.06-
Panda9.0.0.42008.06.07Trj/Lineage.BZE
Prevx1V22008.06.08Malicious Software
Rising20.47.42.002008.06.06Trojan.PSW.Win32.GameOL.nxl
Sophos4.30.02008.06.08Mal/Obfus-B
Sunbelt3.0.1145.12008.06.05Trojan-PSW.Win32.OnLineGames.ahnr
Symantec102008.06.08Infostealer.Gampass
TheHacker6.2.92.3392008.06.07Trojan/PSW.OnLineGames.amno
VBA323.12.6.72008.06.07Trojan-PSW.Win32.OnLineGames.amno
VirusBuster4.3.26:92008.06.07Trojan.OnlineGames.Gen.85
Webwasher-Gateway6.6.22008.06.07Trojan.PSW.OnlineGames.NVI.264

附加信息
File size: 146258 bytes
MD5...: 4465c21d4dd04d68650da3da2c4df3fe
SHA1..: 99d09d416489aa34d422a0e050fef75d18c81ab6
SHA256: b5ecc2abb65ce06f7e19c1cee5d303eddf39142632f264c37457b2ddd78fd911
SHA512: f2686a06d8b05061fc146cccc74276915ae2c175886d6d3484c42930ef91ec3d<BR>ee4c7c6a4bfbba7ee3b5409255ddce5b88785e8710d29b74848254e1a937e730
PEiD..: -
PEInfo: -
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, FSG, FSG, UPack, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX
packers (Avast): UPX, UPX, UPX, FSG, FSG, Upack, UPX, UPX
packers (Authentium): UPack
packers (F-Prot): UPX, embedded, FSG, UPack
Prevx info: http://info.prevx.com/aboutprogr ... 0F64A6A8E0096B17CC2


文件信息
文件名称 :  Quarantine.rar
文件大小 :  146258 byte
文件类型 :  RAR archive data, v1d, os
MD5 :  4465c21d4dd04d68650da3da2c4df3fe
SHA1 :  99d09d416489aa34d422a0e050fef75d18c81ab6
扫描结果
扫描结果 :  全部的杀毒软件报告没有发现病毒!
时间 :  2008/06/08 10:56:25 (CST)
软件名称引擎版本
病毒库版本
病毒库时间
扫描结果
时间
a-squared3.5.0.182008.06.072008-06-07-
5.979
AntiVir7.8.0.557.0.4.1562008-06-06-
14.225
Arcavir1.0.42008060717102008-06-07-
6.188
AVAST1.0.8080608-02008-06-08-
11.204
AVG7.5.51.442270.0.0/14892008-06-07-
6.826
BitDefender7.60825.12568827.194002008-06-08-
4.213
CA (VET)9.0.0.14331.6.58552008-06-07-
40.237
ClamAV 0.9373992008-06-08-
0.003
Comodo2.112.0.0.5482008-06-07-
3.216
CP Secure1.1.0.7152008.06.072008-06-07-
19.762
Dr.WEB4.44.0.91702008.06.072008-06-07-
10.837
ewido4.0.0.22008.06.072008-06-07-
19.511
F-PROT4.4.1.52200806062008-06-06-
1.872
F-SECURE5.51.61002008.06.07.012008-06-07-
7.489
IKARUST3.1.01.262008.06.07.708832008-06-07-
4.369
Microsoft1.36042008.06.082008-06-08-
9.363
MKS_VIR2.012008.06.062008-06-06-
7.082
NORMAN5.92.085.92.002008-06-06-
14.008
nProtect2008-06-05.0015348412008-06-05-
7.518
PrevxV2200806082008-06-08-
12.003
QuickHeal9.002008.06.072008-06-07-
0.894
SOPHOS2.74.14.302008-06-08-
12.560
The Hacker6.2.92v003392008-06-06-
4.606
VBA323.12.6.720080607.09492008-06-07-
4.904
ViRobot200806072008.06.072008-06-07-
0.777
VirusBuster4.3.19:99.131.3/11.02008-06-07-
4.220
卡巴斯基5.5.102008.06.072008-06-07-
10.461
安博士V32008.06.06.002008.06.062008-06-06-
1.907
江民杀毒11.0.7062008.06.082008-06-08-
2.223
熊猫卫士9.04.03.00012008.06.062008-06-06-
10.344
瑞星20.020.47.42.002008-06-06-
1.538
赛门铁克1.3.0.2420080607.0032008-06-07-
0.259
趋势8.700-10045.328.212008-06-07-
0.035
迈克菲5.2.0053122008-06-06-
5.507
金山毒霸2008.1.14.152008.6.7.152008-06-07-
1.187
飞塔2.81-3.119.1772008-06-07-
6.239


[ 本帖最后由 cl19871004 于 2008-6-8 11:32 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

solcroft
发表于 2008-6-8 10:47:08 | 显示全部楼层
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Sunday, June 08, 2008
* VPS: 080608-0, 08/06/2008
*

C:\Documents and Settings\Limited User\Desktop\Quarantine\bfagghfe.exe\[UPX] [L] Win32:OnLineGames-DQS [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Limited User\Desktop\Quarantine\bincdwsa.exe\[UPX] [L] Win32:OnLineGames-DQS [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Limited User\Desktop\Quarantine\fmsbbqi.exe\[UPX] [L] Win32:OnLineGames-DQS [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Limited User\Desktop\Quarantine\hefcndy.exe\[FSG] [L] Win32:OnLineGames-DQN [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Limited User\Desktop\Quarantine\hefcndy0.exe\[FSG] [L] Win32:OnLineGames-DQN [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Limited User\Desktop\Quarantine\SysDaJcHv.dll\[Upack] [L] Win32:WOW-FXY [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Limited User\Desktop\Quarantine\tciocp64.exe\[UPX] [L] Win32:OnLineGames-DQS [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Limited User\Desktop\Quarantine\ytewcxzsw.exe\[UPX] [L] Win32:OnLineGames-DQS [Trj] (0)
File was successfully moved to chest...
Infected files: 8
Total files: 17
Total folders: 1
Total size: 582.9 KB

*
* Task stopped: Sunday, June 08, 2008
* Run-time was 2 second(s)
回复

举报

a750828
发表于 2008-6-8 11:01:24 | 显示全部楼层
McAfee Generic PWS.Y
回复

举报

PC0amera
头像被屏蔽
发表于 2008-6-8 11:05:11 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

雨宫优子
发表于 2008-6-8 11:19:52 | 显示全部楼层
...
楼主给出报告的意思是:我们都不用扫描了
回复

举报

电影结束了
发表于 2008-6-8 11:41:27 | 显示全部楼层
扫描系统区域...
扫描所选择的目录和文件...
对象: Quarantine\bfagghfe.exe
        在压缩档案里: F:\Quarantine.rar
        Status: 已发现病毒
        病毒: Trojan.Patched.BZ (BD 引擎)
对象: Quarantine\bincdwsa.exe
        在压缩档案里: F:\Quarantine.rar
        Status: 已发现病毒
        病毒: Generic.PWS.Games.4.B3258356 (BD 引擎)
对象: Quarantine\fmsbbqi.exe
        在压缩档案里: F:\Quarantine.rar
        Status: 已发现病毒
        病毒: Generic.PWS.Games.4.9D6579E8 (BD 引擎)
对象: Quarantine\hefcndy.exe
        在压缩档案里: F:\Quarantine.rar
        Status: 已发现病毒
        病毒: Generic.PWS.Games.4.FF338FB1 (BD 引擎)
对象: Quarantine\hefcndy0.exe
        在压缩档案里: F:\Quarantine.rar
        Status: 已发现病毒
        病毒: Generic.PWS.Games.4.FF338FB1 (BD 引擎)
对象: Quarantine\SysDaJcHv.dll
        在压缩档案里: F:\Quarantine.rar
        Status: 可疑病毒
        病毒: Generic.Malware.Fdld.D248919F (BD 引擎)
对象: Quarantine\tciocp64.exe
        在压缩档案里: F:\Quarantine.rar
        Status: 已发现病毒
        病毒: Generic.PWS.Games.4.CFCD8498 (BD 引擎)
对象: Quarantine\ytewcxzsw.exe
        在压缩档案里: F:\Quarantine.rar
        Status: 已发现病毒
        病毒: Trojan.PWS.OnlineGames.YYN (BD 引擎)
回复

举报

aaad2008
发表于 2008-6-8 11:55:05 | 显示全部楼层
kv报了很多
回复

举报

hign
头像被屏蔽
发表于 2008-6-8 12:10:40 | 显示全部楼层
fs8个
回复

举报

xiaopangmd
发表于 2008-6-8 12:11:23 | 显示全部楼层
Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL:         http://bbs.kafan.cn/attachment.p ... f1&t=1212898238
Information:         Is the Trojan horse TR/PSW.OnlineGames.NVI.264
回复

举报

Kitman
发表于 2008-6-8 13:14:53 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\Quarantine.rar'
C:\Documents and Settings\Administrator\桌面\Quarantine.rar
  [0] Archive type: RAR
    --> Quarantine\bfagghfe.exe
      --> Object
        [2] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.264
    --> Quarantine\bincdwsa.exe
      --> Object
        [2] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.268
    --> Quarantine\fmsbbqi.exe
      --> Object
        [2] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.272
  --> Quarantine\hefcndy.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ahnr
  --> Quarantine\hefcndy0.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ahnr
    --> Quarantine\SysDaJcHv.dll
          [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
    --> Quarantine\tciocp64.exe
      --> Object
        [2] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.281
      [NOTE]      A backup was created as '48ac6b39.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!


End of the scan: 2008年6月8日  13:14
Used time: 00:02 min

The scan has been done completely.

      0 Scanning directories
     10 Files were scanned
      8 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      1 Archives were scanned
      0 Warnings
      1 Notes
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-6 18:44 , Processed in 0.143439 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表