没有见过这么嚣张网站

显示全部楼层 · 发表于 2008-6-25 21:34:46

原帖由 tanlimo 于 2008-6-25 21:02 发表

 http://www.30356769.cn/killbase/arp.exe
http://9u9u9.cn/wm/wincap.exe
http://www.30356769.cn/killbase/me.exe
http://www.9u9u9.cn/wm/10.exe（废）
http://www.9u9u9.cn/wm/9.exe（废）
http://www.9 ...

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.Win32.Undef.hdf

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.50.22

显示全部楼层 · 发表于 2008-6-25 22:34:17

说实在的，我们干脆就密切关注这个站点。。。还有大家要混入Q群拿样本

。。。

显示全部楼层 · 发表于 2008-6-25 22:48:25

http://bbs.77169.com/read-htm-tid-217931.html
照着样子看，他已经到了2.3免杀版本了

显示全部楼层 · 发表于 2008-6-25 22:57:27

F:\virus（5个）.rar>>1Backdoor.Agent.jok.vvxm.exe 后门
F:\virus（5个）.rar>>2.exeTrojanDownloader.Aqtemp.r.mhpj木马
F:\virus（5个）.rar>>arp.exeHacktool.ArpCheater.c.rzqm 黑客工具
F:\virus（5个）.rar>>me.exe TrojanDownloader.Agent.rei.zrpb木马
F:\virus（5个）.rar>>wincap.exeHeuri.Suspicious.ERNM 启发式...

显示全部楼层 · 发表于 2008-6-26 00:23:22

Hello.

No malicious software was found in the attached file.

-----------------
Regards, Evgeny Aseev
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

> Attachment: kd.rar

显示全部楼层 · 发表于 2008-6-26 00:43:23

这个是怎么回事？

安博士的分析师也说无毒，但是运行kb.exe后系统的确起不来了。

显示全部楼层 · 发表于 2008-6-26 00:54:10

Avira的分析师也是。。。作者的意思是他不怕分析。。。。你不觉得很奇怪么？难道他就是想入虎穴？。。。？

显示全部楼层 · 发表于 2008-6-26 00:54:19

The file 'C:\TDDOWNLOAD\me.exe'
contained a virus or unwanted program 'TR/Downloader.Gen' [trojan]
Action(s) taken:
The file was deleted!

显示全部楼层 · 发表于 2008-6-26 00:54:56

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\virus（5个）'
C:\Documents and Settings\morgan\My Documents\virus（5个）\
  1.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
  2.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Aqtemp.R
   [NOTE]    The file was deleted!
  arp.exe
   [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.2
   [NOTE]    The file was deleted!
  me.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  wincap.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      --> Object
      --> Object
      --> Object
   [DETECTION] Contains suspicious code HEUR/Crypted
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48d078bd.qua'!

End of the scan: 2008年6月25日  09:54
Used time: 00:04 min

The scan has been done completely.

   1 Scanning directories
   5 Files were scanned
   4 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   4 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   5 Notes

显示全部楼层 · 发表于 2008-6-26 00:57:04

The file 'C:\TDDOWNLOAD\hackshen.swf'
contained a virus or unwanted program 'EXP/Flash.Gen' [exploit]
Action(s) taken:
The file was deleted!

[已鉴定] 没有见过这么嚣张网站

13/1

回复 37楼 aerbeisi 的帖子