番茄每日精选 20080617

显示全部楼层 · 发表于 2008-6-17 05:18:27

样本都是4月份的样本，5，6月的样本因为要做list，就不放出来了。

PS：欢迎光临PC安全实验室,网站已经全新改版 http://www.pcsl.info/cn/index.php

同时番茄感谢给analysis@pcsl.info发送样本的各位用户，这几天以来我们收到了非常多的网友给我们发来的样本，我们会分析并加入到我们的平台中，再次感谢，感恩感恩。

显示全部楼层 · 发表于 2008-6-17 05:28:29

D:\下载文件夹\20080617.rar > RAR > 20080617\XX_169.exe - Win32/Poison.NAE 特洛伊木马
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_185.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_188.exe - Win32/Small.NO 特洛伊木马的变种
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_190.exe - Win32/Agent.OH 特洛伊木马
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_196.exe - Win32/Spy.Flux 特洛伊木马的变种
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_200.exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_204.exE - Win32/PSW.OnLineGames.OAR 特洛伊木马的变种
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_205.exe - Win32/PSW.WOW.WU 特洛伊木马
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_207.exe - 可能是 Win32/PcClient 特洛伊木马的变种
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_208.exe - Win32/PSW.OnLineGames.NMN 特洛伊木马的变种
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_209.exe - Win32/PcClient 特洛伊木马的变种
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_212.exe - Win32/PSW.QQPass.NDF 特洛伊木马的变种
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_214.exe - Win32/DoS.Sypak 特洛伊木马的变种
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_215.exe - Win32/PSW.OnLineGames.NMQ 特洛伊木马
D:\下载文件夹\20080617.rar > RAR > 20080617\XX_216.exe - Win32/PSW.OnLineGames.PBQ 特洛伊木马

显示全部楼层 · 发表于 2008-6-17 05:41:18

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\20080617'
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_169.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Poison.CPD Backdoor server programs
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_185.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_188.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.dmz.27 Backdoor server programs
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_190.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_196.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_200.exe
   [DETECTION] Contains detection pattern of the dropper DR/MicroJoiner.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_204.exE
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_205.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_207.exe
   [DETECTION] Contains detection pattern of the dropper DR/PcClient.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_208.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/Agent.20704.2
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_209.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_212.exe
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_214.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Ceckno.alz.1 Backdoor server programs
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_215.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.Agent.agp
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/OnLineGames.C.1
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080617\20080617\XX_216.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.11987
   [NOTE]    The file was deleted!

End of the scan: 星期二 2008年6月17日  05:40
Used time: 00:13 min

The scan has been done completely.

   2 Scanning directories
   15 Files were scanned
   16 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   15 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -1 Files not concerned
   0 Archives were scanned
   0 Warnings
   15 Notes

显示全部楼层 · 发表于 2008-6-17 06:15:55

2008-6-17 6:15:15 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_169.EXE BackDoor-DKI.gen.a(特洛伊)
2008-6-17 6:15:17 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_185.EXE PWS-Mmorpg.gen(特洛伊)
2008-6-17 6:15:17 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_188.EXE Generic Downloader.k(特洛伊)
2008-6-17 6:15:17 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_190.EXE\00001060.EXE\00001060.EXE Proxy-Agent.ai(特洛伊)
2008-6-17 6:15:17 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_196.EXE BackDoor-CDC.svr(特洛伊)
2008-6-17 6:15:17 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_200.EXE Generic Dropper(特洛伊)
2008-6-17 6:15:18 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_204.EXE Generic PWS.y(特洛伊)
2008-6-17 6:15:18 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_205.EXE PWS-OnlineGames.a(特洛伊)
2008-6-17 6:15:18 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_207.EXE Generic.dx(特洛伊)
2008-6-17 6:15:18 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_208.EXE PWS-Mmorpg.gen(特洛伊)
2008-6-17 6:15:18 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_209.EXE\XX_209.EXE BackDoor-CKB(特洛伊)
2008-6-17 6:15:18 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_212.EXE New Malware.n(特洛伊)
2008-6-17 6:15:18 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_214.EXE Generic.dx(特洛伊)
2008-6-17 6:15:18 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080617.rar\XX_215.EXE\XX_215.EXE PWS-Onlinegames.dr(特洛伊)
mcafee 14

显示全部楼层 · 发表于 2008-6-17 07:52:56

显示全部楼层 · 发表于 2008-6-17 08:36:36

C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_169.exe - Win32/Poison.NAE 特洛伊木马
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_185.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_188.exe - Win32/Small.NO 特洛伊木马的变种
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_190.exe - Win32/Agent.OH 特洛伊木马
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_196.exe - Win32/Spy.Flux 特洛伊木马的变种
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_200.exe - 可能是 Win32/Genetik 特洛伊木马的变种
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_204.exE - Win32/PSW.OnLineGames.OAR 特洛伊木马的变种
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_205.exe - Win32/PSW.WOW.WU 特洛伊木马
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_207.exe - 可能是 Win32/PcClient 特洛伊木马的变种
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_208.exe - Win32/PSW.OnLineGames.NMN 特洛伊木马的变种
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_209.exe - Win32/PcClient 特洛伊木马的变种
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_212.exe - Win32/PSW.QQPass.NDF 特洛伊木马的变种
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_214.exe - Win32/DoS.Sypak 特洛伊木马的变种
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_215.exe - Win32/PSW.OnLineGames.NMQ 特洛伊木马
C:\Users\Administrator\Desktop\20080617.rar > RAR > 20080617\XX_216.exe - Win32/PSW.OnLineGames.PBQ 特洛伊木马

显示全部楼层 · 发表于 2008-6-17 08:42:45

KIS2009全杀~~!!

显示全部楼层 · 发表于 2008-6-17 08:43:09

熊猫 2009 网络安全套装： 15只全杀了

显示全部楼层 · 发表于 2008-6-17 08:46:47

IKARUS 全灭
D:\virus\20080617.rar:\20080617\XX_169.exe - 特征码 'Backdoor.Win32.PoisonIvy.ay' 被发现
D:\virus\20080617.rar:\20080617\XX_185.exe - 特征码 'Trojan-Spy.Win32.Delf.PD' 被发现
D:\virus\20080617.rar:\20080617\XX_188.exe - 特征码 'Backdoor.Win32.Small.dmz' 被发现
D:\virus\20080617.rar:\20080617\XX_190.exe - 特征码 'Trojan-Proxy.Win32.Xorpix.eb' 被发现
D:\virus\20080617.rar:\20080617\XX_196.exe - 特征码 'Backdoor.Win32.Flux.A' 被发现
D:\virus\20080617.rar:\20080617\XX_200.exe - 特征码 'Downloader.MicroJoiner' 被发现
D:\virus\20080617.rar:\20080617\XX_204.exE - 特征码 'Trojan-PWS.Win32.OnLineGames.abcu' 被发现
D:\virus\20080617.rar:\20080617\XX_205.exe - 特征码 'Trojan-PWS.Win32.Lmir.bpv' 被发现
D:\virus\20080617.rar:\20080617\XX_207.exe - 特征码 'Backdoor.Win32.PcClient.yw' 被发现
D:\virus\20080617.rar:\20080617\XX_208.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
D:\virus\20080617.rar:\20080617\XX_209.exe - 特征码 'Virus.Win32.Agent.GZY' 被发现
D:\virus\20080617.rar:\20080617\XX_212.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
D:\virus\20080617.rar:\20080617\XX_214.exe - 特征码 'Backdoor.Win32.Hupigon.mrv' 被发现
D:\virus\20080617.rar:\20080617\XX_215.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.aafo' 被发现
D:\virus\20080617.rar:\20080617\XX_216.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.rdx' 被发现
D:\virus\20080617.rar

16 文件被扫描
(1 压缩档 15 文件)
15 特征码被侦测
0 可疑代码段被发现
耗时: 0:00.984

显示全部楼层 · 发表于 2008-6-17 08:51:38

AVK06全灭
Virus check with AntiVirusKit
Version 17.0.6282
Virus signatures of 16.06.2008
Start time: 17.06.2008 08:50
Engine(s): Engine A (AVK 18.4150), Engine B (BD 18.1468)
Heuristic: On
Archives: On
System areas: Off

Check selected directories and files...
Object: XX_169.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Backdoor.Win32.Poison.cpb (Engine A)
Object: XX_185.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.zdz (Engine A)
Object: XX_188.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Backdoor.Win32.Small.dmz (Engine A)
Object: XX_190.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Trojan-Proxy.Win32.Xorpix.eb (Engine A)
Object: XX_196.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: GenPack:Backdoor.Flux.Y (Engine B)
Object: XX_200.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Trojan-Dropper.Win32.Agent.exc (Engine A)
Object: XX_204.exE
Path: D:\virus\20080617
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.abcu (Engine A)
Object: XX_205.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Trojan-PSW.Win32.Lmir.bpv (Engine A)
Object: XX_207.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Backdoor.Win32.PcClient.cqr (Engine A)
Object: XX_208.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.aagp (Engine A)
Object: XX_209.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Backdoor.Win32.PcClient.aro (Engine A)
Object: XX_212.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Trojan-PSW.Win32.QQPass.bsl (Engine A)
Object: XX_214.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Backdoor.Win32.Ceckno.alz (Engine A)
Object: XX_215.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.aafo (Engine A)
Object: XX_216.exe
Path: D:\virus\20080617
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.rdx (Engine A)
Analysis complete: 17.06.2008 08:50
15 files checked
15 infected files detected
0 suspected files detected

[病毒样本] 番茄每日精选 20080617

本帖子中包含更多资源

本帖子中包含更多资源

ESS

回复 1楼 lanvin 的帖子

浏览过的版块