收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 200811日病毒样本一帖,各位来测测看(加多3个包)
12下一页
返回列表 发新帖
查看: 4232|回复: 15
收起左侧

[病毒样本] 200811日病毒样本一帖,各位来测测看(加多3个包)

[复制链接]
molicn
发表于 2008-7-11 22:36:23 | 显示全部楼层 |阅读模式
症状:中毒的机子,网卡驱动被搞乱。
给各位看看,不过中毒机子原先是安装卡吧杀毒
提取地点:珠海唐家
加多3个包(红伞不鸟的一些)

[ 本帖最后由 molicn 于 2008-7-11 23:21 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

ssy275
发表于 2008-7-11 22:42:30 | 显示全部楼层
17个BitDefender Log FileRemaining issues:
Object NameThreat NameFinal Status
C:\Documents and Settings\ssy\桌面\20080711样本\kcoin32.dllDeepScan:Generic.Malware.SFdldgPWS.238C4F6BDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\jcqr.exeTrojan.Crypt.DJDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\apsggjba.dllTrojan.Dropper.RWYDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\axmsawin.exeTrojan.Dropper.RWYDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\lpsgajba.exeTrojan.Dropper.RWYDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\zxmsewin.dllTrojan.Dropper.RWYDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\catsrvwl.dllTrojan.PWS.Lmir.UMMDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\imgutilhx2.dllTrojan.PWS.Lmir.UMMDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\kbdgrms.dllTrojan.PWS.Lmir.UMMDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\wmpuiqhx.dllTrojan.PWS.Lmir.UMMDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\mndhfdwd.dllTrojan.PWS.OnlineGames.YZKDisinfect Failed
C:\Documents and Settings\ssy\桌面\20080711样本\tisqctyu.dllTrojan.PWS.OnlineGames.YZKDisinfect Failed


Resolved issues:
Object NameThreat NameFinal Status
C:\Documents and Settings\ssy\桌面\20080711样本\d32dx9.sysTrojan.Downloader.Agent.ZKTDeleted
C:\Documents and Settings\ssy\桌面\20080711样本\gpr3B.exeTrojan.Downloader.Agent.ZKTDeleted
C:\Documents and Settings\ssy\桌面\20080711样本\pldhadwd.exeTrojan.PWS.OnlineGames.YZJDeleted
C:\Documents and Settings\ssy\桌面\20080711样本\posqatyu.exeTrojan.PWS.OnlineGames.YZJDeleted
C:\Documents and Settings\ssy\桌面\20080711样本\BDGuard.SYSTrojan.Rootkit.AKDeleted
回复

举报

wangjay1980
发表于 2008-7-11 22:45:46 | 显示全部楼层
k

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

wmcxdb
发表于 2008-7-11 22:50:07 | 显示全部楼层
网卡驱动乱成什么样子?
直接操作系统内核F:\下载\新建文件夹\20080711样本[1]\jcqr.exe

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Palkia
发表于 2008-7-11 22:56:14 | 显示全部楼层
信息        2008-07-11  22:55:28        您此次查毒删除了18个文件                       
信息        2008-07-11  22:55:28        您此次查毒共查出18个病毒以及危险代码                       
信息        2008-07-11  22:55:28        您此次查毒共查了内存模块0个,磁盘引导扇区0个,文件39个                       
信息        2008-07-11  22:55:28        金山毒霸主程序查毒过程结束,查毒方式:命令行查毒
回复

举报

nosferatu
头像被屏蔽
发表于 2008-7-11 22:58:56 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\20080711样本'
C:\Documents and Settings\Administrator\桌面\20080711样本\apsggjba.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\axmsawin.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\BDGuard.SYS
      [DETECTION] Is the Trojan horse TR/Rootkit.AK
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\d32dx9.sys
      [DETECTION] Is the Trojan horse TR/Spy.KeySpy.U
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\gpr3B.exe
      [DETECTION] Is the Trojan horse TR/Agent.qsa
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\jcqr.exe
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\kcoin32.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\lpsgajba.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\mndhfdwd.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\pldhadwd.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\posqatyu.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\tisqctyu.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\20080711样本\zxmsewin.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!


End of the scan: 星期五 2008年7月11日  22:57
Used time: 00:14 min

The scan has been done completely.

      1 Scanning directories
     30 Files were scanned
     13 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     13 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     17 Files not concerned
      0 Archives were scanned
      0 Warnings
     13 Notes
回复

举报

qianwenxiang
发表于 2008-7-11 23:25:34 | 显示全部楼层
终于把这个破程序改完了 玩一下..

5个 汗..飘走..继续改

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

woai_jolin
发表于 2008-7-12 00:07:58 | 显示全部楼层
Scan Log
Version of virus signature database: 3262 (20080711)
Date: 2008-7-12  Time: 0:07:58
Scanned disks, folders and files: G:\v\新建文件夹
G:\v\新建文件夹\536enc.dll - is OK
G:\v\新建文件夹\ADSNTZT.DLL - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\ADSNTZT.NLS - is OK
G:\v\新建文件夹\apsggjba.dll - probably a variant of Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\axmsawin.exe - Win32/PSW.OnLineGames.OAF trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\BDGuard.SYS - is OK
G:\v\新建文件夹\bootvidgj.dll - probably a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\catsrvwl.dll - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\cgsqatyu.sys - is OK
G:\v\新建文件夹\cid_store.dat - is OK
G:\v\新建文件夹\CLICONFGZX.DLL - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\CLICONFGZX.NLS - is OK
G:\v\新建文件夹\d32dx9.sys - Win32/Spy.KeySpy.U trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\DISPEXCB.DLL - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\explorer.exe - is OK
G:\v\新建文件夹\fzmsbwin.sys - is OK
G:\v\新建文件夹\gpr3B.exe - Win32/Spy.KeySpy.NAA trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\gpsgajba.sys - is OK
G:\v\新建文件夹\gsdhadwd.sys - is OK
G:\v\新建文件夹\imgutilhx2.dll - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\jcqr.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\kbdgrms.dll - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\kbdswjr.dll - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\KBDSWJR.NLS - is OK
G:\v\新建文件夹\kcoin32.dll - is OK
G:\v\新建文件夹\KSUSERFY.DLL - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\lpsgajba.exe - probably a variant of Win32/PSW.OnLineGames.OAF trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\mndhfdwd.dll - probably a variant of Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\NWAPI32DJ.DLL - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\peer.exe - is OK
G:\v\新建文件夹\pldhadwd.exe - probably a variant of Win32/PSW.OnLineGames.OAF trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\posqatyu.exe - probably a variant of Win32/PSW.OnLineGames.OAF trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\setpwrcg.exe - is OK
G:\v\新建文件夹\SLBIOPFS2.DLL - Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\tisqctyu.dll - probably a variant of Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\wmpuiqhx.dll - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\新建文件夹\wpa.dbl - is OK
G:\v\新建文件夹\wyunst.exe - is OK
G:\v\新建文件夹\zxmsewin.dll - Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined [1]
Number of scanned objects: 39
Number of threats found: 23
Number of cleaned objects: 23
Time of completion: 0:08:03  Total scanning time: 5 sec (00:00:05)

Notes:
[1] Object has been deleted as it only contained the virus body.
回复

举报

kkgh
发表于 2008-7-12 11:05:06 | 显示全部楼层
费尔24个

瑞星病毒查杀结果报告

清除病毒种类列表:
病毒: Trojan.PSW.Win32.Mapdimp.b
病毒: Win32.ExplorerDL.f      
病毒: Trojan.PSW.Win32.GameOL.orz
病毒: Trojan.PSW.Win32.GameOL.ofj
病毒: Trojan.PSW.Win32.GameOL.opd
病毒: Trojan.PSW.Win32.GameOL.olx
病毒: Trojan.PSW.Win32.GameOL.olw
病毒: Trojan.PSW.Win32.GameOL.oly
病毒: Trojan.PSW.Win32.GameOL.oqh
病毒: Trojan.PSW.Win32.GameOL.opd
病毒: Trojan.PSW.Win32.GameOL.opf
病毒: Trojan.PSW.Win32.XYOnline.aec
病毒: Trojan.PSW.Win32.XYOnline.afw
病毒: Trojan.PSW.Win32.GameOL.opc

用户来源:互联网

软件版本:20.52.42

24个
回复

举报

电影结束了
发表于 2008-7-12 11:11:09 | 显示全部楼层

太肥了...有点不想下..~
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-7-16 08:11 , Processed in 0.137026 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表