番茄每日精选 20080621 附PC安全实验室手册

显示全部楼层 · 发表于 2008-6-21 02:32:02

样本都是4月份的样本，5，6月的样本因为要做list，就不放出来了。

PC安全实验室手册第二版全新发布，希望您在观看之后对我们实验室的概况和研究项目有初步的了解。
详情请访问：
http://www.pcsl.info/cn/index.php

2008年PCSL-Testing测评项目时间表

最后是样本包

给我们发送样本，请将样本打包加密infected 发送到 analysis@pcsl.info 多谢

[ 本帖最后由 lanvin 于 2008-6-21 02:44 编辑 ]

显示全部楼层 · 发表于 2008-6-21 02:42:42

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\20080621.zip'
C:\Documents and Settings\Administrator\桌面\20080621.zip
C:\Documents and Settings\Administrator\桌面\20080621.zip
  [0] Archive type: ZIP
--> 20080621/XX_336.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
         [4] Archive type: RSRC
         --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abej
  --> 20080621/XX_369.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
  --> 20080621/XX_372.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aanw
--> 20080621/XX_373.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
  --> 20080621/XX_375.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 20080621/XX_376.exe
   [DETECTION] Contains detection pattern of the dropper DR/PcClient.Gen
--> 20080621/XX_377.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.zed
--> 20080621/XX_380.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 20080621/XX_381.exe
   [DETECTION] Contains detection pattern of the dropper DR/PcClient.Gen
  --> 20080621/XX_383.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.YZD
  --> 20080621/XX_387.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 20080621/XX_388.exe
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.bix.8
--> 20080621/XX_391.exe
      [DETECTION] Is the Trojan horse TR/Onlinegames.NVI
  --> 20080621/XX_394.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 20080621/XX_400.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.YZD
--> 20080621/XX_402.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.zjk
  --> 20080621/XX_407.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
--> 20080621/XX_409.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
  --> 20080621/XX_410.exe
   [DETECTION] Is the Trojan horse TR/Agent.jtr.1
  --> 20080621/XX_411.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.hax
  --> 20080621/XX_412.exe
   [DETECTION] Is the Trojan horse TR/Agent.bcn
   [NOTE]    The file was deleted!

End of the scan: 星期六 2008年6月21日  02:42
Used time: 00:08 min

The scan has been done completely.

   0 Scanning directories
   24 Files were scanned
   23 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-6-21 03:08:53

无法识别的..已上传卡巴分析

显示全部楼层 · 发表于 2008-6-21 06:58:29

2008-6-21 6:57:33 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_333.exe\XX_333.exe\XX_333.exe\00004060.EXE PWS-OnlineGames.c.dll(特洛伊)
2008-6-21 6:57:37 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_369.exe Generic.dx(特洛伊)
2008-6-21 6:57:37 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_372.exe Generic PWS.y(特洛伊)
2008-6-21 6:57:37 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_373.exe PWS-Mmorpg.gen(特洛伊)
2008-6-21 6:57:37 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_376.exe BackDoor-CKB(特洛伊)
2008-6-21 6:57:37 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_377.exe PWS-Mmorpg.gen(特洛伊)
2008-6-21 6:57:37 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_380.exe Generic Downloader.y(特洛伊)
2008-6-21 6:57:37 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_381.exe BackDoor-CKB.dr(特洛伊)
2008-6-21 6:57:37 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_383.exe Generic BackDoor(特洛伊)
2008-6-21 6:57:37 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_388.exe New Malware.n(特洛伊)
2008-6-21 6:57:38 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_391.exe Generic PWS.y(特洛伊)
2008-6-21 6:57:38 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_400.exe\000059e0.EXE BackDoor-DKI.gen.a(特洛伊)
2008-6-21 6:57:38 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_402.exe PWS-Mmorpg.gen(特洛伊)
2008-6-21 6:57:41 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_410.exe Generic Downloader.k(特洛伊)
2008-6-21 6:57:41 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_411.exe Generic.dx(特洛伊)
2008-6-21 6:57:41 未采取操作 Administrator C:\Documents and Settings\Administrator\桌面\20080621.zip\XX_412.exe\0000491c.EXE BackDoor-CEP.svr(特洛伊)

显示全部楼层 · 发表于 2008-6-21 07:24:18

显示全部楼层 · 发表于 2008-6-21 07:54:29

Scan Log
Version of virus signature database: 3203 (20080620)
Date: 2008-6-21 Time: 7:53:46
Scanned disks, folders and files: E:\virus\20080621.zip
E:\virus\20080621.zip » ZIP » 20080621/XX_333.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_336.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_369.exe - is OK
E:\virus\20080621.zip » ZIP » 20080621/XX_372.exe - a variant of Win32/PSW.OnLineGames.OAR trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_373.exe - Win32/PSW.OnLineGames.NFL trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_375.exe - is OK
E:\virus\20080621.zip » ZIP » 20080621/XX_376.exe - a variant of Win32/PcClient trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_377.exe - a variant of Win32/PSW.OnLineGames.OAR trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_380.exe - Win32/TrojanDownloader.Delf.BHO trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_381.exe - is OK
E:\virus\20080621.zip » ZIP » 20080621/XX_383.exe - a variant of Win32/Poison trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_387.exe - is OK
E:\virus\20080621.zip » ZIP » 20080621/XX_388.exe - probably a variant of Win32/Delf.NDF worm
E:\virus\20080621.zip » ZIP » 20080621/XX_390.exe - is OK
E:\virus\20080621.zip » ZIP » 20080621/XX_391.exe - Win32/PSW.OnLineGames.NFL trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_394.exe - probably unknown NewHeur_PE virus [7]
E:\virus\20080621.zip » ZIP » 20080621/XX_400.exe - a variant of Win32/Poison trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_402.exe - a variant of Win32/PSW.OnLineGames.ZJK trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_407.exe - a variant of Win32/Spy.Delf.NIL trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_409.exe - a variant of Win32/TrojanDownloader.Flux trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_410.exe - Win32/Small.NO trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_411.exe - Win32/Inject.AED trojan
E:\virus\20080621.zip » ZIP » 20080621/XX_412.exe - probably a variant of Win32/Bifrose trojan
Number of scanned objects: 23
Number of threats found: 18
Number of cleaned objects: 0
Time of completion: 7:53:55 Total scanning time: 9 sec (00:00:09)

Notes:
[7] Object is probably infected with an unknown virus.

显示全部楼层 · 发表于 2008-6-21 08:18:42

E:\20080621.zip>>20080621\... TrojanPSW.OnLineGame... 木马
E:\20080621.zip>>20080621\... TrojanPSW.OnLineGame... 木马
E:\20080621.zip>>20080621\... Backdoor.Ceckno.aym.... 后门
E:\20080621.zip>>20080621\... TrojanPSW.OnLineGame... 木马
E:\20080621.zip>>20080621\... Trojan.Cap841023.jvnq 木马
E:\20080621.zip>>20080621\... Backdoor.CKB.skyq    后门
E:\20080621.zip>>20080621\... TrojanPSW.OnLineGame... 木马
E:\20080621.zip>>20080621\... TrojanDownloader.Del... 木马
E:\20080621.zip>>20080621\... Trojan.PcClient.Gen.... 木马
E:\20080621.zip>>20080621\... Heuri.Possible/Packed 启发式.
E:\20080621.zip>>20080621\... Trojan.Brlrhe.zhuz    木马
E:\20080621.zip>>20080621\... Worm.AutoRun.bix.xstk 病毒
E:\20080621.zip>>20080621\... Trojan.Ayqliy.fsoa    木马
E:\20080621.zip>>20080621\... TrojanDropper.Gen.sojk  木马
E:\20080621.zip>>20080621\... TrojanSpy.Agent.acn.... 木马
E:\20080621.zip>>20080621\... Trojan.Buzus.fjh.sxqx 木马
E:\20080621.zip>>20080621\... TrojanPSW.OnLineGame... 木马
E:\20080621.zip>>20080621\... TrojanDownloader.Und... 木马
E:\20080621.zip>>20080621\... Backdoor.DKA.shlo    后门
E:\20080621.zip>>20080621\... TrojanDDos.Agent.si.... 木马
E:\20080621.zip>>20080621\... Trojan.Inject.aed.lvaj  木马
E:\20080621.zip>>20080621\... Trojan.Undef.dnc.rrba 木马

显示全部楼层 · 发表于 2008-6-21 08:38:03

显示全部楼层 · 发表于 2008-6-21 08:59:27

，才17个。

显示全部楼层 · 发表于 2008-6-21 09:06:27

C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_333.exe       TrojanPSW.OnLineGames.ajpn.brzq       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_336.exe       TrojanPSW.OnLineGames.yog.uibj       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_369.exe       Backdoor.Ceckno.aym.dwtf.arc       后门       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_372.exe       TrojanPSW.OnLineGames.aanw.pttl       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_373.exe       Trojan.Cap841023.jvnq       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_376.exe       Backdoor.CKB.skyq       后门       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_377.exe       TrojanPSW.OnLineGames.rri.fccq       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_380.exe       TrojanDownloader.Delf.bho.dgoh       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_381.exe       Trojan.PcClient.Gen.scdq       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_387.exe       Trojan.Brlrhe.zhuz       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_388.exe       Worm.AutoRun.bix.xstk       病毒       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_390.exe       Trojan.Ayqliy.fsoa       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_391.exe       TrojanDropper.Gen.sojk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_394.exe       TrojanSpy.Agent.acn.wafw       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_400.exe       Trojan.Buzus.fjh.sxqx       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_402.exe       TrojanPSW.OnLineGames.wlu.kjdk       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_407.exe       TrojanDownloader.Undef.jn.hell       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_409.exe       Backdoor.DKA.shlo       后门       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_410.exe       TrojanDDos.Agent.si.ebwi       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_411.exe       Trojan.Inject.aed.lvaj       木马       还未处理
C:\Documents and Settings\Administrator\桌面\20080621.zip>>20080621\XX_412.exe       Trojan.Undef.dnc.rrba       木马       还未处理

XX_375.exe 6.79/6.79KB 100.00% 在线扫描它是一个“木马” 2008-6-21 9:07:01 2008-6-21 9:07:08
XX_383.exe 5.67/5.67KB 100.00% 在线扫描它是一个“后门程序”2008-6-21 9:07:05 2008-6-21 9:07:15

[ 本帖最后由 tvuser2007 于 2008-6-21 09:07 编辑 ]

[病毒样本] 番茄每日精选 20080621 附PC安全实验室手册

本帖子中包含更多资源

回复 1楼 lanvin 的帖子

mcafee：20

本帖子中包含更多资源

18

本帖子中包含更多资源

17

本帖子中包含更多资源

21