番茄每日精选 20080616

显示全部楼层 · 发表于 2008-6-16 15:39:45

样本都是4月份的样本，5，6月的样本因为要做list，就不放出来了。

PS：欢迎光临PC安全实验室,网站已经全新改版 http://www.pcsl.info/cn/index.php

同时番茄感谢给analysis@pcsl.info发送样本的各位用户，这几天以来我们收到了非常多的网友给我们发来的样本，我们会分析并加入到我们的平台中，再次感谢，感恩感恩。

[ 本帖最后由 lanvin 于 2008-6-16 15:41 编辑 ]

显示全部楼层 · 发表于 2008-6-16 15:51:00

D:\firefox download\20080616.rar » RAR » 20080616\XX_132.exe - is OK
D:\firefox download\20080616.rar » RAR » 20080616\XX_133.exe - Win32/TrojanDownloader.Dyfica.NAG trojan
D:\firefox download\20080616.rar » RAR » 20080616\XX_134.exe - is OK
D:\firefox download\20080616.rar » RAR » 20080616\XX_139.exe - Win32/Poison.NAN trojan
D:\firefox download\20080616.rar » RAR » 20080616\XX_147.exe - is OK
D:\firefox download\20080616.rar » RAR » 20080616\XX_153.exe - a variant of Win32/TrojanDownloader.Delf.BHO trojan
D:\firefox download\20080616.rar » RAR » 20080616\XX_157.exe - is OK
D:\firefox download\20080616.rar » RAR » 20080616\XX_158.exe - probably unknown NewHeur_PE virus
D:\firefox download\20080616.rar » RAR » 20080616\XX_163.exe - probably a variant of Win32/Genetik trojan

显示全部楼层 · 发表于 2008-6-16 15:58:31

Starting the file scan:

Begin scan in 'C:\Users\linzhizhuo\Desktop\20080616.rar'
C:\Users\linzhizhuo\Desktop\20080616.rar
  [0] Archive type: RAR
  --> 20080616\XX_132.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 20080616\XX_133.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.ds
  --> 20080616\XX_134.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 20080616\XX_139.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.YZD
  --> 20080616\XX_147.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.eso Backdoor server programs
  --> 20080616\XX_153.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 20080616\XX_157.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 20080616\XX_158.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
  --> 20080616\XX_163.exe
   [DETECTION] Is the Trojan horse TR/Hook.Shell.439
   [NOTE]    A backup was created as '48861d26.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!

End of the scan: 2008年6月16日  15:57
Used time: 00:03 min

The scan has been done completely.

   0 Scanning directories
   10 Files were scanned
   9 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-6-16 16:01:28

红伞全杀

显示全部楼层 · 发表于 2008-6-16 16:07:41

F-secure漏两个，其中AVP库6个，Hydra库1个。

Trojan-Downloader.Win32.Dyfuca.ei (virus)
C:\Documents and Settings\RonLiang\Desktop\20080616\20080616\XX_133.exe Action: deleted
Trojan-PSW.Win32.QQPass.bnr (virus)
C:\Documents and Settings\RonLiang\Desktop\20080616\20080616\XX_134.exe Action: deleted
Backdoor:W32/PoisonIvy.GI (virus)
C:\Documents and Settings\RonLiang\Desktop\20080616\20080616\XX_139.exe Action: deleted
Backdoor.Win32.Agent.eso (virus)
C:\Documents and Settings\RonLiang\Desktop\20080616\20080616\XX_147.exe Action: deleted
Trojan-Downloader.Win32.Delf.gmg (virus)
C:\Documents and Settings\RonLiang\Desktop\20080616\20080616\XX_157.exe Action: deleted
Trojan-Downloader.Win32.Agent.gdm (virus)
C:\Documents and Settings\RonLiang\Desktop\20080616\20080616\XX_158.exe Action: deleted
Trojan-Spy.Win32.Delf.aus (virus)
C:\Documents and Settings\RonLiang\Desktop\20080616\20080616\XX_163.exe Action: deleted

显示全部楼层 · 发表于 2008-6-16 16:14:05

[扫描路径] E:\VIRUS\20080616
E:\VIRUS\20080616\20080616\XX_132.exe - 确定
>E:\VIRUS\20080616\20080616\XX_133.exe 已被病毒感染：  Trojan.Dyfuca
>>>>E:\VIRUS\20080616\20080616\XX_134.exe\server.exe 已被病毒感染：  Trojan.MulDrop.16156
>E:\VIRUS\20080616\20080616\XX_134.exe - 发现压缩文件中有被感染的对象
E:\VIRUS\20080616\20080616\XX_139.exe 已被病毒感染：  BackDoor.Poison
E:\VIRUS\20080616\20080616\XX_147.exe 已被病毒感染：  Trojan.PWS.Wsgame.5087
>>>>E:\VIRUS\20080616\20080616\XX_153.exe 已被病毒感染：  Win32.HLLW.Creater.91
E:\VIRUS\20080616\20080616\XX_157.exe - 确定
E:\VIRUS\20080616\20080616\XX_158.exe 已被病毒感染：  Win32.HLLW.Autoruner.1339
>>E:\VIRUS\20080616\20080616\XX_163.exe 已被病毒感染：  Trojan.MulDrop.12994

显示全部楼层 · 发表于 2008-6-16 16:25:24

信息 2008-06-16  16:24:52 您此次查毒清除了7个病毒
信息 2008-06-16  16:24:52 您此次查毒共查出7个病毒以及危险代码
信息 2008-06-16  16:24:52 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件15个
信息 2008-06-16  16:24:52 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-06-16  16:24:52 D:\Desktop\20080616.rar\20080616\XX_163.exe Win32.Hack.MaskPET.a.36864 清除成功
病毒 2008-06-16  16:24:51 D:\Desktop\20080616.rar\20080616\XX_158.exe Win32.TrojDownloader.Agent.57856 清除成功
病毒 2008-06-16  16:24:51 D:\Desktop\20080616.rar\20080616\XX_153.exe Win32.Hack.VMProtectT.a.851968 清除成功
病毒 2008-06-16  16:24:51 D:\Desktop\20080616.rar\20080616\XX_147.exe Win32.Hack.Agent.35126 清除成功
病毒 2008-06-16  16:24:51 D:\Desktop\20080616.rar\20080616\XX_139.exe Win32.Hack.Poison.pg.5844 清除成功
病毒 2008-06-16  16:24:51 D:\Desktop\20080616.rar\20080616\XX_133.exe Win32.Troj.DyFuCA.ei.52104 清除成功
病毒 2008-06-16  16:24:51 D:\Desktop\20080616.rar\20080616\XX_132.exe Win32.Hack.XComp.a.410674 清除成功

显示全部楼层 · 发表于 2008-6-16 17:06:33

费尔杀5个

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Packer.Win32.Xcomp.a
病毒： Trojan.DL.Dyfuca.c
病毒： Trojan.Win32.Undef.dnc
病毒： Packer.Win32.VmpPacker.a
病毒： Backdoor.Win32.Agent.zxm
病毒： Trojan.DL.Win32.Mnless.ko
病毒： Trojan.PSW.Win32.QQPass.zaj

用户来源：互联网

软件版本：20.49

8个

显示全部楼层 · 发表于 2008-6-16 19:31:44

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Packer.Win32.Xcomp.a
病毒： Trojan.DL.Dyfuca.c
病毒： Trojan.Win32.Undef.dnc
病毒： Packer.Win32.VmpPacker.a
病毒： Backdoor.Win32.Agent.zxm
病毒： Trojan.DL.Win32.Mnless.ko
病毒： Trojan.PSW.Win32.QQPass.zaj

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.49.02

显示全部楼层 · 发表于 2008-6-16 19:32:50

卡巴2009

乐了还剩下一个

[病毒样本] 番茄每日精选 20080616

本帖子中包含更多资源

蜘蛛

21/8