番茄每日精选 20080612（要出去high，提前放包）另感谢给PCSL发送样本的人

lanvin

不出意外的话，每天我都会发10个左右的样本，样本都会分属于不同的病毒组别，不会出现一个变种一大堆样本的情况，而且均为可运行样本，无僵尸，敬请各位品尝。

PS：欢迎光临PC安全实验室   http://www.pcsl.info/cn/index.php

同时番茄感谢给analysis@pcsl.info发送样本的各位用户，这几天以来我们收到了非常多的网友给我们发来的样本，我们会分析并加入到我们的平台中，再次感谢，感恩感恩。

PlayWill

沙发一下

卡巴09全灭

[ 本帖最后由 fanghao1234 于 2008-6-11 16:47 编辑 ]

Starting the file scan:

Begin scan in 'E:\Avira\20080612'
E:\Avira\20080612\20080612_1.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was deleted!
E:\Avira\20080612\20080612_2.exe
      [DETECTION] Contains detection pattern of the dropper DR/PcClient.Gen
      [NOTE]      The file was deleted!
E:\Avira\20080612\20080612_3.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was deleted!
E:\Avira\20080612\20080612_4.exe
      [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
      [NOTE]      The file was deleted!
E:\Avira\20080612\20080612_6.exe
      [DETECTION] Is the Trojan horse TR/Agent.22016.A
      [NOTE]      The file was deleted!
E:\Avira\20080612\20080612_7.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      The file was deleted!
E:\Avira\20080612\20080612_8.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.zrv
      [NOTE]      The file was deleted!
E:\Avira\20080612\20080612_9.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Delf.LS Backdoor server programs
      [NOTE]      The file was deleted!


End of the scan: 2008年6月11日  16:47
Used time: 00:19 min

The scan has been done completely.

      1 Scanning directories
      9 Files were scanned
      8 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      8 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      0 Archives were scanned
      0 Warnings
      8 Notes

Effenberg

吃番茄....

11-06-2008 16:50:21 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_1.exe - 已感染 Trojan.DownLoader.46203
11-06-2008 16:50:21 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_1.exe - 已修复
11-06-2008 16:50:21 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_2.exe - 已感染 BackDoor.Update.70
11-06-2008 16:50:21 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_2.exe - 已修复
11-06-2008 16:50:28 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_3.exe - 已感染 Trojan.PWS.Gamania.origin
11-06-2008 16:50:28 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_3.exe - 已移动为 '20080612_3.exe.3A739FA8'
11-06-2008 16:50:28 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_4.exe - 已感染 Trojan.DownLoader.62795
11-06-2008 16:50:28 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_4.exe - 已修复
11-06-2008 16:50:28 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_7.exe - 已感染 BackDoor.Pigeon.12848
11-06-2008 16:50:28 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_7.exe - 已修复
11-06-2008 16:50:28 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_8.exe - 已感染 Trojan.DownLoader.55879
11-06-2008 16:50:28 [CL] C:\Documents and Settings\Effenberg\桌面\20080612\20080612\20080612_8.exe - 已修复

[ 本帖最后由 Effenberg 于 2008-6-11 16:53 编辑 ]

yunhan123

信息        2008-06-11  16:48:01        您此次查毒共查出7个病毒以及危险代码                       
信息        2008-06-11  16:48:01        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件16个                       
信息        2008-06-11  16:48:01        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-06-11  16:48:01        C:\Documents and Settings\Administrator\桌面\20080612.zip\20080612\20080612_8.exe        Win32.Troj.Downloader.tb.24576        跳过，未处理       
病毒        2008-06-11  16:48:01        C:\Documents and Settings\Administrator\桌面\20080612.zip\20080612\20080612_7.exe        Win32.Troj.DialerT.nh.126976        跳过，未处理       
病毒        2008-06-11  16:48:01        C:\Documents and Settings\Administrator\桌面\20080612.zip\20080612\20080612_6.exe        Win32.Troj.Qhost.122880        跳过，未处理       
病毒        2008-06-11  16:48:01        C:\Documents and Settings\Administrator\桌面\20080612.zip\20080612\20080612_4.exe        Win32.TrojDownloader.VB.12365        跳过，未处理       
病毒        2008-06-11  16:48:01        C:\Documents and Settings\Administrator\桌面\20080612.zip\20080612\20080612_3.exe        Win32.Hack.VMProtectT.a.851968        跳过，未处理       
病毒        2008-06-11  16:48:01        C:\Documents and Settings\Administrator\桌面\20080612.zip\20080612\20080612_2.exe        Win32.Hack.PcClient.60771        跳过，未处理       
病毒        2008-06-11  16:48:01        C:\Documents and Settings\Administrator\桌面\20080612.zip\20080612\20080612_1.exe        Win32.Troj.Poison.na.8704        跳过，未处理

嘁。不稀罕~

TIS2008  7个  漏2个……

ssy275

KIS8全灭

The file '20080612_5.exe' has been determined to be 'MALWARE'. Our analysts named the threat W32/Autorun.ahn. The term "W32/" denotes a file virus or malware that runs on 32 Bit Windows systems (Windows 95 and higher) only.Detection will be added to our virus definition file (VDF) with one of the next updates.

woai_jolin

bearhead001

红伞没报20080612_5.exe，上报等分析