[病毒样本] 14

显示全部楼层 · 发表于 2008-6-10 20:20:21

已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.nbl 檔案: C:\Documents and Settings\kato9096\桌面\14\662546.exe3
已刪除: 病毒 Virus.Win32.VB.lc 檔案: C:\Documents and Settings\kato9096\桌面\14\avp.exe2
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.angp 檔案: C:\Documents and Settings\kato9096\桌面\14\dddddd.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.angb 檔案: C:\Documents and Settings\kato9096\桌面\14\dddddd.exe5//PE_Patch.UPX//UPX
已刪除: 病毒 Worm.Win32.AutoRun.dhk 檔案: C:\Documents and Settings\kato9096\桌面\14\driver.exe2
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.qpv 檔案: C:\Documents and Settings\kato9096\桌面\14\MicroSoft.pif2//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.anqv 檔案: C:\Documents and Settings\kato9096\桌面\14\msosmhap00.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.angp 檔案: C:\Documents and Settings\kato9096\桌面\14\ytewcxzsw.dll
8

C:\Documents and Settings\kato9096\桌面\14\dddddd.exe5
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.angp
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\14\driver.exe2
   [DETECTION] Is the Trojan horse TR/Agent.36864.T
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\14\MicroSoft.pif2
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\14\msosmhap00.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\14\ytewcxzsw.dll
   [WARNING] The file could not be opened!

End of the scan: Tuesday,10 June 2008  20:23
Used time: 00:07 min

The scan has been done completely.

   1 Scanning directories
   14 Files were scanned
   5 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   5 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   3 Files cannot be scanned
   9 Files not concerned
   0 Archives were scanned
   3 Warnings
   5 Notes

TO KL,antivir,pc security labs

Filename Result
c11.dll    UNDER ANALYSIS

The file 'c11.dll' has been determined to be 'UNDER ANALYSIS'.
Filename Result
cc2d1.exe2    UNDER ANALYSIS

The file 'cc2d1.exe2' has been determined to be 'UNDER ANALYSIS'.
Filename Result
ytewcxzsw.dll    UNDER ANALYSIS

The file 'ytewcxzsw.dll' has been determined to be 'UNDER ANALYSIS'.
Filename Result
ynnegg.dll    CLEAN

The file 'ynnegg.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename Result
list.jpg3    UNDER ANALYSIS

The file 'list.jpg3' has been determined to be 'UNDER ANALYSIS'.
Filename Result
MicroSoft.vbs2    CLEAN

The file 'MicroSoft.vbs2' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename Result
msosmhap00.dll    MALWARE

The file 'msosmhap00.dll' has been determined to be 'MALWARE'. Detection is added to our virus definition file (VDF) starting with version 7.00.04.160. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: TR/PSW.OnlineGames.anqv.

Hello.
New malicious software was found in the attached files.
Its detection will be included in the next update. Thank you for your help.
-----------------
Regards, Vladimir Lebedev
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

Filename Result
c11.dll    MALWARE

The file 'c11.dll' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/BDSearch.1.45. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.
Filename Result
cc2d1.exe2    MALWARE

The file 'cc2d1.exe2' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/Bho.aeq. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.
Filename Result
ytewcxzsw.dll    MALWARE

The file 'ytewcxzsw.dll' has been determined to be 'MALWARE'. Our analysts named the threat TR/PSW.OnlineGames.angp. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.04.157.
Filename Result
ynnegg.dll    CLEAN

The file 'ynnegg.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename Result
list.jpg3    CLEAN

The file 'list.jpg3' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename Result
MicroSoft.vbs2    CLEAN

The file 'MicroSoft.vbs2' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename Result
msosmhap00.dll    MALWARE

The file 'msosmhap00.dll' has been determined to be 'MALWARE'. Detection is added to our virus definition file (VDF) starting with version 7.00.04.160. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: TR/PSW.OnlineGames.anqv.

[ 本帖最后由 kato9096 于 2008-6-10 22:39 编辑 ]

显示全部楼层 · 发表于 2008-6-10 20:24:56

7个

显示全部楼层 · 发表于 2008-6-10 20:26:11

Begin scan in 'C:\Documents and Settings\haha\桌面\14.rar'
C:\Documents and Settings\haha\桌面\14.rar
  [0] Archive type: RAR
--> MicroSoft.pif2
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
  --> avp.exe2
   [DETECTION] Is the Trojan horse TR/VB.dek.1
  --> driver.exe2
   [DETECTION] Is the Trojan horse TR/Agent.36864.T
  --> 662546.exe3
   [DETECTION] Is the Trojan horse TR/Agent.nbl
  --> dddddd.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.angp
--> dddddd.exe5
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.angp
  --> msosmhap00.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.anqv
  --> ytewcxzsw.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.angp
   [NOTE]    A backup was created as '487c730a.qua'  ( QUARANTINE )

End of the scan: 2008年6月10日  20:25
Used time: 00:02 min

The scan has been done completely.

   0 Scanning directories
   15 Files were scanned
   8 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   7 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-6-10 20:29:19

显示全部楼层 · 发表于 2008-6-10 20:30:49

25041984  cc2d1.exe2  108 KB  UNDER ANALYSIS
25041983  c11.dll  840 KB  UNDER ANALYSIS
25032184  MicroSoft.vbs2  186 Byte  CLEAN
25029065  MicroSoft.pif2  9.5 KB  MALWARE
25040436  avp.exe2  100 KB  MALWARE
3602089  ynnegg.dll  36 KB  CLEAN
3813498  driver.exe2  36 KB  MALWARE
25023771  662546.exe3  20 KB  MALWARE
25041986  list.jpg3  952 Byte  UNDER ANALYSIS
25041985  ytewcxzsw.dll  40.28 KB  UNDER ANALYSIS
25041996  dddddd.exe5  19.78 KB  MALWARE
25041987  msosmhap00.dll  12.45 KB  MALWARE

kato，，包包里面有clean的嘛。

显示全部楼层 · 发表于 2008-6-10 20:33:27

扫描系统区域...
扫描所选择的目录和文件...
对象: MicroSoft.pif2
在压缩档案里: F:\14.rar
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Agent.qpv (KAV 引擎), Trojan.Downloader.JKBD (BD 引擎)
对象: avp.exe2
在压缩档案里: F:\14.rar
Status: 已发现病毒
病毒: Virus.Win32.VB.lc (KAV 引擎)
对象: driver.exe2
在压缩档案里: F:\14.rar
Status: 已发现病毒
病毒: Worm.Win32.AutoRun.dhk (KAV 引擎), Worm.Generic.17299 (BD 引擎)
对象: 662546.exe3
在压缩档案里: F:\14.rar
Status: 已发现病毒
病毒: Trojan.Win32.Agent.nbl (KAV 引擎), Trojan.Generic.276704 (BD 引擎)
对象: dddddd.dll
在压缩档案里: F:\14.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.angp (KAV 引擎), Trojan.PWS.OnLineGames.NVI (BD 引擎)
对象: dddddd.exe5
在压缩档案里: F:\14.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.angb (KAV 引擎), Trojan.PWS.OnlineGames.YYN (BD 引擎)
对象: msosmhap00.dll
在压缩档案里: F:\14.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.anqv (KAV 引擎), Generic.PWS.Games.1.469B3D8A (BD 引擎)
对象: ytewcxzsw.dll
在压缩档案里: F:\14.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.angp (KAV 引擎), Trojan.PWS.OnLineGames.NVI (BD 引擎)
对象: c11.dll
在压缩档案里: F:\14.rar
Status: 已发现病毒
病毒: Adware.BDSearch.1 (BD 引擎)

9个

显示全部楼层 · 发表于 2008-6-10 20:35:50

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.Win32.Undef.hag
病毒： Worm.Win32.Autorun.jwi
病毒： Trojan.PSW.Win32.GameOL.nzo
病毒： Trojan.PSW.Win32.GameOL.nzj
病毒： Trojan.PSW.Win32.XYOnline.afi

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.48.12

显示全部楼层 · 发表于 2008-6-10 21:48:35

[Scanning : C:\Documents and Settings\All Users\Documents\Test]

C:\Documents and Settings\All Users\Documents\Test\14.rar<RAR>:MicroSoft.pif2 <- Trojan.Downloader.Agent.Qpv : Cleaning -> Delete
C:\Documents and Settings\All Users\Documents\Test\14.rar<RAR>:driver.exe2 <- Worm.Autorun.Dhk : Cleaning -> Delete
C:\Documents and Settings\All Users\Documents\Test\14.rar<RAR>:dddddd.exe5 <- Trojan.Psw.Onlinegames.Angb : Cleaning -> Delete
C:\Documents and Settings\All Users\Documents\Test\14.rar<RAR>:msosmhap00.dll <- Trojan.Psw.Onlinegames.Anqv : Cleaning -> Delete

Scanned objects : 16

Infected objects : 4

显示全部楼层 · 发表于 2008-6-10 22:09:46

用G DATA AntiVirus检测病毒
版本 18.5.8071.731
病毒特征库日期 2008/6/10
开始时间： 2008/6/10 22:09
引擎：引擎A (AVK 18.4083), 引擎B (AVKB 18.301)
启发式：开启
档案文件：开启
系统区域：开启

检测系统区域...
检测以下目录和文件：
C:\Documents and Settings\祝俊杰\桌面\14.rar

对象： MicroSoft.pif2
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\14.rar
状态：检测到病毒
病毒： Trojan-Downloader.Win32.Agent.qpv (引擎A)
对象： avp.exe2
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\14.rar
状态：检测到病毒
病毒： Virus.Win32.VB.lc (引擎A)
对象： driver.exe2
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\14.rar
状态：检测到病毒
病毒： Worm.Win32.AutoRun.dhk (引擎A)
对象： 662546.exe3
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\14.rar
状态：检测到病毒
病毒： Trojan.Win32.Agent.nbl (引擎A)
对象： dddddd.dll
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\14.rar
状态：检测到病毒
病毒： Trojan-PSW.Win32.OnLineGames.angp (引擎A)
对象： dddddd.exe5
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\14.rar
状态：检测到病毒
病毒： Trojan-PSW.Win32.OnLineGames.angb (引擎A)
对象： msosmhap00.dll
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\14.rar
状态：检测到病毒
病毒： Trojan-PSW.Win32.OnLineGames.anqv (引擎A)
对象： ytewcxzsw.dll
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\14.rar
状态：检测到病毒
病毒： Trojan-PSW.Win32.OnLineGames.angp (引擎A)
对象： 14.rar
路径: C:\Documents and Settings\祝俊杰\桌面
状态：移动文件到隔离区
病毒： Trojan-Downloader.Win32.Agent.qpv, Virus.Win32.VB.lc, Worm.Win32.AutoRun.dhk, Trojan.Win32.Agent.nbl, Trojan-PSW.Win32.OnLineGames.angp (2x), Trojan-PSW.Win32.OnLineGames.angb, Trojan-PSW.Win32.OnLineGames.anqv (引擎A)

检测执行时间： 2008/6/10 22:09
1个文件已检测
1个受感染文件
0个可疑文件被发现

显示全部楼层 · 发表于 2008-6-10 22:42:36

Hello.
New malicious software was found in the attached files.
Its detection will be included in the next update. Thank you for your help.
-----------------
Regards, Vladimir Lebedev
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

Filename Result
c11.dll    MALWARE

The file 'c11.dll' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/BDSearch.1.45. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.
Filename Result
cc2d1.exe2    MALWARE

The file 'cc2d1.exe2' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/Bho.aeq. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.
Filename Result
ytewcxzsw.dll    MALWARE

The file 'ytewcxzsw.dll' has been determined to be 'MALWARE'. Our analysts named the threat TR/PSW.OnlineGames.angp. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.04.157.
Filename Result
ynnegg.dll    CLEAN

The file 'ynnegg.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename Result
list.jpg3    CLEAN

The file 'list.jpg3' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename Result
MicroSoft.vbs2    CLEAN

The file 'MicroSoft.vbs2' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename Result
msosmhap00.dll    MALWARE

The file 'msosmhap00.dll' has been determined to be 'MALWARE'. Detection is added to our virus definition file (VDF) starting with version 7.00.04.160. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: TR/PSW.OnlineGames.anqv.

[病毒样本] 14

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

18/6

ArcaVir2008

浏览过的版块