是不是有新漏洞？

显示全部楼层 · 发表于 2008-6-24 23:27:34

这两天在上网时avira总能拦到这么个东西
奇怪的是她的位置
见下图

那是我的临时文件变量环境

更奇怪的是浏览网页过程中没有解压任何东西...
补丁全打...

另简单分析了下这玩意
请求以下网址
http://www.tianyasoft.com/100.txt
强制推销鄙视...

貌似有风行还有酷我还有个听也没听说过的电子杂志

所以可以定性为 addropper...

显示全部楼层 · 发表于 2008-6-24 23:32:06

显示全部楼层 · 发表于 2008-6-24 23:39:20

TO KL

2008-6-24 JAY23:36:43 svchost.exe  Modification HKEY_USERS\S-1-5-21-1292428093-706699826-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections/SavedLegacySettings
2008-6-24 JAY23:36:42 svchost.exe : KLSystemData/FD-C/ Create C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat
2008-6-24 JAY23:36:42 svchost.exe : KLSystemData/FD-C/ Create C:\Documents and Settings\Owner\Cookies\index.dat
2008-6-24 JAY23:36:42 svchost.exe : KLSystemData/FD-C/ Create C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2008-6-24 JAY23:36:42 svchost.exe : KLSystemData/FD-C/ Create C:\WINDOWS\system32\MsDtc\msdtg.log
2008-6-24 JAY23:36:42 svchost.exe  Create C:\WINDOWS\system32\MsDtc\msdtg.log
2008-6-24 JAY23:36:42 svchost.exe  Process start C:\Documents and Settings\Owner\桌面\svchost.exe
2008-6-24 JAY23:36:42 svchost.exe  Placed in group Low Restricted
2008-6-24 JAY23:36:34 WinRAR.exe  Create C:\Documents and Settings\Owner\桌面\svchost.exe

Hello,

svchost.exe_ - Trojan-Downloader.Win32.Banload.pfi

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Evgeny Aseev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

> Attachment: svchost.rar

[ 本帖最后由 wangjay1980 于 2008-6-25 00:12 编辑 ]

显示全部楼层 · 发表于 2008-6-25 10:23:22

Begin scan in 'C:\Documents and Settings\haha\桌面\svchost.rar'
C:\Documents and Settings\haha\桌面\svchost.rar
  [0] Archive type: RAR
--> svchost.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
   [NOTE]    A backup was created as '48c4ac79.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-6-25 10:35:12

楼上的大大们装备真猛！我的装备以及蜘蛛毫无反应！

显示全部楼层 · 发表于 2008-6-25 10:38:44

VirSCAN.org Scanned Report :
Scanned time : 2008/06/25 10:36:02 (CST)
Scanner results: 36%的杀软(13/36)报告发现病毒
File Name    : svchost.rar
File Size    : 181604 byte
File Type    : RAR archive data, v1d, os
MD5          : 770a0b8138d545e67f41a231f9b22aa4
SHA1          : 3766e29d62c3e70bd161d7d75d04220b46206328
Online report  : http://virscan.org/report/9eddd2e203b9f0d43193297d9a483353.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    3.5.0.18       2008.06.23       2008-06-23  2.42 -
安博士V3    2008.06.24.02 2008.06.24       2008-06-24  1.43 -
AntiVir       7.8.0.59       7.0.5.3          2008-06-24  3.30 TR/Dldr.Delphi.Gen
Arcavir       1.0.4          200806242001    2008-06-24  1.91 -
AVAST!       1.0.8          080624-0       2008-06-24  4.61 -
AVG          7.5.51.442    270.4.1/1517    2008-06-24  3.48 Delf.FAI
BitDefender 7.60825.1263173 7.19693          2008-06-25  5.33 -
CA (VET)    9.0.0.143    31.6.5902       2008-06-25  1.19 -
ClamAV       0.93          7554             2008-06-25  0.36 -
Comodo       2.11          2.0.0.565       2008-06-24  0.86 -
CP Secure    1.1.0.715    2008.06.25       2008-06-25  8.15 -
Dr.Web       4.44.0.9170    2008.06.24       2008-06-24  5.93 -
ewido       4.0.0.2       2008.06.24       2008-06-24  2.42 -
F-Prot       4.4.1.52       20080624       2008-06-24  1.74 Possible W32/Infostealer.A!Maximus
F-Secure    5.51.6100    2008.06.24.08    2008-06-24  9.81 Trojan-Downloader.Win32.Banload.pfi [AVP]
飞塔          2.81-3.11    9.239          2008-06-25  1.86 Suspicious
ViRobot       20080624       2008.06.24       2008-06-24  0.53 -
Ikarus       T3.1.01.26    2008.06.24.70972  2008-06-24  3.24 Backdoor.Win32.Delf.aka
江民杀毒    11.0.706       2008.06.17       2008-06-17  1.19 -
卡巴斯基    5.5.10       2008.06.24       2008-06-24  0.11 Trojan-Downloader.Win32.Banload.pfi
金山毒霸    2008.1.14.15 2008.6.25.10    2008-06-25  1.01 -
迈克菲       5.2.00       5324             2008-06-24  4.61 -
Microsoft    1.3604       2008.06.24       2008-06-24  5.52 -
mks_vir       2.01          2008.06.24       2008-06-24  3.22 Heur.Win95
Norman       5.92.08       5.92.00          2008-06-24  7.82 W32/Malware.DARV
熊猫卫士    9.04.03       2008.06.24       2008-06-24  1.83 Suspicious file
趋势科技    8.700-1004    5.356.20       2008-06-22  0.59 -
Quick Heal    9.50          2008.06.23       2008-06-23  1.85 Suspicious - DNAScan
瑞星          20.0          20.50.10.00    2008-06-24  0.96 -
Sophos       2.74.1       4.30             2008-06-25  4.40 Mal/Packer
Sunbelt       3.0.1153.1    2093             2008-06-13  0.90 VIPRE.Suspicious
赛门铁克    1.3.0.24       20080624.003    2008-06-24  0.28 -
nProtect    2008-06-24.00 1553334          2008-06-24  3.34 -
The Hacker    6.2.92       v00361          2008-06-24  0.73 -
VBA32       3.12.6.8       20080623.1030    2008-06-23  2.05 -
VirusBuster 4.5.11.10    10.79.1/594378 2008-06-19  2.62 -

显示全部楼层 · 发表于 2008-6-25 11:21:18

检测到：木马程序 Trojan-Downloader.Win32.Banload.pfi URL: http://bbs.kafan.cn/attachment.p ... 2//svchost.exe//FSG

显示全部楼层 · 发表于 2008-6-25 11:33:31

ess不認識

显示全部楼层 · 发表于 2008-6-25 12:26:17

显示全部楼层 · 发表于 2008-6-25 12:29:50

rs 0

[病毒样本] 是不是有新漏洞？

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源