AV网站病毒

显示全部楼层 · 发表于 2008-6-11 14:09:46

http://vip.av811.com/ 这网站我开着红伞进去主页红伞没报毒可是一点注册红伞狂报请各位大虾分析一下是不是红伞误报

显示全部楼层 · 发表于 2008-6-11 14:15:24

http://mp3.5151aiai.com/4561.swf
http://aaa.awercom.com/aaa.exe不知道是不是这个

Log is generated by FreShow.
[wide]http://vip.av811.com/
[frame]http://aa.yahoosese.cn/liao8.html
[script]http://vip.av811.com/image/Deploy.js
[script]http://vip.av811.com/image/global.js
[script]http://s88.cnzz.com/stat.php?id=321517&web_id=321517
[frame]http://aaa.awerorg.cn/kk/index.htm
      [frame]http://cao.gmwo01.com/kk/14.htm
         [object]http://aaa.awercom.com/aaa.exe
      [frame]http://mp3.5151aiai.com/fzl.htm
         [object]http://mp3.5151aiai.com/4561.swf
      [frame]http://cao.gmwo01.com/kk/real.htm
      [frame]http://aaa.awerorg.cn/kk/lz.htm
      [script]http://js.tongji.cn.yahoo.com/606759/ystat.js
对不？

[ 本帖最后由 huai168an 于 2008-6-11 14:24 编辑 ]

显示全部楼层 · 发表于 2008-6-11 14:31:01

Starting the file scan:

Begin scan in 'E:\Avira\aaa.exe'
E:\Avira\aaa.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.25744
[NOTE] The file was deleted!

显示全部楼层 · 发表于 2008-6-11 14:55:51

2008-06-11 14:53:06 创建文件    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
文件路径:C:\WINDOWS\system32\update.exe
触发规则:所有程序规则->保护windows目录及所有子目录下指定的文件不能被创建和修改->%windir%\*.exe

2008-06-11 14:53:06 结束/挂起进程    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
目标进程:C:\WINDOWS\system32\ctfmon.exe
触发规则:所有程序规则->*

2008-06-11 14:53:06 结束/挂起进程    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
目标进程:C:\WINDOWS\system32\ctfmon.exe
触发规则:所有程序规则->*

2008-06-11 14:53:06 结束/挂起进程    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
目标进程:C:\WINDOWS\system32\ctfmon.exe
触发规则:所有程序规则->*

2008-06-11 14:53:06 修改文件    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
文件路径:C:\windows\system32\ctfmon.exe
触发规则:高优先规则->伪系统常用文件规则->*\ctfmon.exe

2008-06-11 14:53:06 修改文件    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
文件路径:C:\windows\system32\ctfmon.exe
触发规则:高优先规则->伪系统常用文件规则->*\ctfmon.exe

2008-06-11 14:53:06 修改文件    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
文件路径:C:\windows\system32\ctfmon.exe
触发规则:高优先规则->伪系统常用文件规则->*\ctfmon.exe

2008-06-11 14:53:06 修改文件    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
文件路径:C:\WINDOWS\system32\wuauclt.exe
触发规则:高优先规则->伪系统常用文件规则->*\wuauclt.exe

2008-06-11 14:53:06 修改文件    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
文件路径:C:\WINDOWS\system32\wuauclt.exe
触发规则:高优先规则->伪系统常用文件规则->*\wuauclt.exe

2008-06-11 14:53:06 修改文件    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
文件路径:C:\WINDOWS\system32\wuauclt.exe
触发规则:高优先规则->伪系统常用文件规则->*\wuauclt.exe

2008-06-11 14:53:06 创建文件    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
文件路径:C:\WINDOWS\system32\drivers\beep.sys
触发规则:所有程序规则->保护windows目录及所有子目录下指定的文件不能被创建和修改->%windir%\*.sys

2008-06-11 14:53:06 创建注册表值    操作:阻止
进程路径:C:\WINDOWS\system32\services.exe
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\klheb
注册表名称:[Key]
触发规则:所有程序规则->监控《服务》->HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\*

2008-06-11 14:53:06 创建文件    操作:阻止
进程路径:C:\Documents and Settings\Administrator\桌面\aaa.exe
文件路径:C:\_uniep.bat
触发规则:所有程序规则->重要文件保护->%SystemDrive%\*

显示全部楼层 · 发表于 2008-6-11 15:09:13

AhnLab-V3 2008.6.11.0 2008.06.10 -
AntiVir 7.8.0.55 2008.06.11 TR/Drop.Agent.25744
Authentium 5.1.0.4 2008.06.11 W32/Agent.L.gen!Eldorado
Avast 4.8.1195.0 2008.06.11 -
AVG 7.5.0.516 2008.06.10 Generic10.AKOI
BitDefender 7.2 2008.06.11 Dropped:Generic.Malware.P!BdldPk!g.7591D6B8
CAT-QuickHeal 9.50 2008.06.10 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.06.11 PUA.Packed.UPack-2
DrWeb 4.44.0.09170 2008.06.10 MULDROP.Trojan
eSafe 7.0.15.0 2008.06.10 Suspicious File
eTrust-Vet 31.6.5864 2008.06.10 -
Ewido 4.0 2008.06.10 -
F-Prot 4.4.4.56 2008.06.10 W32/Agent.L.gen!Eldorado
F-Secure 6.70.13260.0 2008.06.11 W32/Suspicious_U.gen
Fortinet 3.14.0.0 2008.06.10 W32/OnLineGames.AOCG!tr.pws
GData 2.0.7306.1023 2008.06.11 Trojan-PSW.Win32.OnLineGames.aocg
Ikarus T3.1.1.26.0 2008.06.11 Win32.SuspectCrc
Kaspersky 7.0.0.125 2008.06.11 Trojan-PSW.Win32.OnLineGames.aocg
McAfee 5314 2008.06.10 New Malware.aj
Microsoft 1.3604 2008.06.11 TrojanDropper:Win32/Idicaf.A
NOD32v2 3175 2008.06.11 -
Norman 5.80.02 2008.06.10 W32/Suspicious_U.gen
Panda 9.0.0.4 2008.06.10 Suspicious file
Prevx1 V2 2008.06.11 -
Rising 20.48.12.00 2008.06.10 -
Sophos 4.30.0 2008.06.11 Mal/Behav-112
Sunbelt 3.0.1145.1 2008.06.05 VIPRE.Suspicious
Symantec 10 2008.06.11 -
TheHacker 6.2.92.342 2008.06.11 W32/Behav-Heuristic-060
VBA32 3.12.6.7 2008.06.10 suspected of Win32 Shadow Service Install
VirusBuster 4.3.26:9 2008.06.10 Packed/Upack
Webwasher-Gateway 6.6.2 2008.06.11 Trojan.Drop.Agent.25744

显示全部楼层 · 发表于 2008-6-11 16:22:02

a-squared	3.5.0.18	2008.06.10	2008-06-10	-	18.117
AntiVir	7.8.0.55	7.0.4.174	2008-06-11	TR/Drop.Agent.25744	12.737
Arcavir	1.0.4	200806102039	2008-06-10	Heur.Win32.I	5.130
AVAST	1.0.8	080611-0	2008-06-11	-	10.021
AVG	7.5.51.442	270.2.0/1495	2008-06-10	Generic10.AKOI	9.421
BitDefender	7.60825.1260248	7.19458	2008-06-11	Dropped:Generic.Malware.P!BdldPk!g.7591D6B8	16.259
CA (VET)	9.0.0.143	31.6.5864	2008-06-11	-	15.896
ClamAV	0.93	7434	2008-06-11	PUA.Packed.UPack-2	0.007
Comodo	2.11	2.0.0.552	2008-06-11	-	2.574
CP Secure	1.1.0.715	2008.06.11	2008-06-11	-	22.132
Dr.WEB	4.44.0.9170	2008.06.11	2008-06-11	MULDROP.Trojan	12.038
ewido	4.0.0.2	2008.06.10	2008-06-10	-	5.152
F-PROT	4.4.1.52	20080610	2008-06-10	Possible W32/Agent.L.gen!Eldorado (damaged, not disinfectable)	8.337
F-SECURE	5.51.6100	2008.06.11.02	2008-06-11	Trojan-PSW.Win32.OnLineGames.aocg [AVP]	11.362
IKARUS	T3.1.01.26	2008.06.11.70900	2008-06-11	Win32.SuspectCrc	10.570
Microsoft	1.3604	2008.06.11	2008-06-11	TrojanDropper:Win32/Idicaf.A	8.978
MKS_VIR	2.01	2008.06.11	2008-06-11	Heur.Win32	7.695
NORMAN	5.92.08	5.92.00	2008-06-10	W32/Suspicious_U.gen	14.817
nProtect	2008-06-11.00	1541744	2008-06-11	Trojan/W32.Small.13012	5.547
Prevx	V2	20080611	2008-06-11	-	22.872
QuickHeal	9.00	2008.06.10	2008-06-10	-	0.702
SOPHOS	2.74.1	4.30	2008-06-11	Mal/Behav-112	6.303
The Hacker	6.2.92	v00342	2008-06-10	W32/Behav-Heuristic-060	0.998
VBA32	3.12.6.7	20080610.0747	2008-06-10	Win32 Shadow Service Install (suspicious)	4.549
ViRobot	20080610	2008.06.10	2008-06-10	-	0.660
VirusBuster	4.3.19:9	9.131.6/11.0	2008-06-10	Packed/Upack	2.716
卡巴斯基	5.5.10	2008.06.11	2008-06-11	Trojan-PSW.Win32.OnLineGames.aocg	22.599
安博士V3	2008.06.11.00	2008.06.11	2008-06-11	-	3.725
江民杀毒	11.0.706	2008.06.11	2008-06-11	Trojan/Agent.avdb	2.607
熊猫卫士	9.04.03.0001	2008.06.10	2008-06-10	-	4.835
瑞星	20.0	20.48.12.00	2008-06-10	-	1.925
赛门铁克	1.3.0.24	20080609.003	2008-06-09	-	0.020
趋势	8.700-1004	5.338.02	2008-06-10	-	1.240
迈克菲	5.2.00	5314	2008-06-10	New Malware.aj	9.358
金山毒霸	2008.1.14.15	2008.6.11.14	2008-06-11	-	2.096
飞塔	2.81-3.11	9.188	2008-06-11	W32/OnLineGames.AOCG!tr.pws	3.575

http://aaa.awercom.com/txt.txt
http://cao.gmwo02.com/cao/aa1.exe
http://cao1.gmwo02.com/cao/aa2.exe
http://cao.gmwo02.com/cao/aa3.exe
http://cao2.gmwo02.com/cao/aa4.exe
http://cao3.gmwo02.com/cao/aa5.exe
http://cao.gmwo02.com/cao/aa6.exe
http://cao.gmwo02.com/cao/aa7.exe
http://cao1.gmwo02.com/cao/aa8.exe
http://cao1.gmwo02.com/cao/aa9.exe
http://cao2.gmwo02.com/cao/aa10.exe
http://cao3.gmwo02.com/cao/aa11.exe
http://cao3.gmwo02.com/cao/aa12.exe
http://cao3.gmwo02.com/cao/aa13.exe
http://cao3.gmwo02.com/cao/aa14.exe
http://cao3.gmwo02.com/cao/aa15.exe
http://cao2.gmwo02.com/cao/aa16.exe
http://cao2.gmwo02.com/cao/aa17.exe
http://cao2.gmwo02.com/cao/aa18.exe
http://cao2.gmwo02.com/cao/aa19.exe
http://cao1.gmwo02.com/cao/aa20.exe
http://cao1.gmwo02.com/cao/aa21.exe
http://cao1.gmwo02.com/cao/aa22.exe
http://cao.gmwo02.com/cao/aa23.exe
http://cao.gmwo02.com/cao/aa24.exe

复制代码

这东西把我用的还原精灵给穿了

[ 本帖最后由 tanlimo 于 2008-6-11 16:24 编辑 ]

显示全部楼层 · 发表于 2008-6-11 17:28:18

http://aaa.awercom.com/txt.txt 这个是如何分析出来的

刚学，还有很多不懂

显示全部楼层 · 发表于 2008-6-11 17:34:18

C:\Documents and Settings\Administrator\桌面\新建文件夹\aa1.exe       TrojanPSW.OnLineGames.ajom.rdtn       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa10.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa11.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa12.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa13.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa14.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa15.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa16.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa17.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa18.exe       TrojanPSW.QQGame.bz.zuiu       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa19.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa2.exe       Trojan.Cap852916.jdlv       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa20.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa21.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa22.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa23.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa24.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa3.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa4.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa5.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa6.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa7.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa8.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\新建文件夹\aa9.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理

显示全部楼层 · 发表于 2008-6-11 17:46:26

要运行啊。不敢运行

显示全部楼层 · 发表于 2008-6-11 17:48:29

运行后看隐私

[ 本帖最后由 tanlimo 于 2008-6-11 18:03 编辑 ]

[已鉴定] AV网站病毒

回复 6楼 tanlimo 的帖子

24

回复 9楼 tanlimo 的帖子