7月20日:
4699a966d923ad43fd4804155c073c20 agpqlrfm.exe3
cd54e5d024278fea566a4c62d77fc28d Antivirus2008PRO.exe3
c157d4e8fc05a6f2c6199d591399f47f dssc32.exe.bat3
f02d156773f516764fd4c66d0f349ca5 dssc32.exe3
9c253a3bd6cd48c339598d995a5928c5 elxw.exe3
803d22f54ee8bbe76d16e20df0a05458 evgratsm.dll3
7ef9a4af3d92a027f883c95e9042736d kgxmotapqtm.dll3
6d6fcc6b4c78dd4437f7b1475bbc220b kvxqmtre.dll3
e44dcdf7b3e6805e58b15f6837375d6a qndsfmao.dll3
602da0c16f1f74ad6524c0cf8ea1d01f s1265.php.bat3
6cad4f173232a1861659d2800fb60262 Setup_ver1.422.0.exe3
下載者:
Setup_ver1.422.0.exe3 (6cad4f173232a1861659d2800fb60262)
下載物:
Antivirus2008PRO.exe3 (cd54e5d024278fea566a4c62d77fc28d)
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Zlob.siz 檔案: C:\Sandbox\kato9096\DefaultBox\drive\C\WINDOWS\Setup_ver1.422.0.exe3
已刪除: Riskware not-a-virus:FraudTool.Win32.Antivirus2008pro.ao 檔案: C:\Sandbox\kato9096\DefaultBox\drive\C\WINDOWS\Antivirus2008PRO.exe3
卡巴只报2,不报的已上报.
Hello,
agpqlrfm.exe3 - Trojan.Win32.Vapsup.iqu,
elxw.exe3 - Trojan.Win32.Vapsup.iqw,
evgratsm.dll3 - Trojan.Win32.Vapsup.iqx,
kgxmotapqtm.dll3 - Trojan.Win32.Vapsup.iqy,
kvxqmtre.dll3 - Trojan.Win32.Vapsup.iqz,
qndsfmao.dll3 - Trojan.Win32.Vapsup.ira
New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.
dssc32.exe.bat3, s1265.php.bat3
No malicious code were found in these files.
dssc32.exe3 - not-a-virus:FraudTool.Win32.Antivirus2008pro.ar
New potentially risk software was found in this file. It's detection will be included in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Vladimir Lebedev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/
http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.
==================================================================
7月21日:
1575592b5e983d01a67fb34d1095c9f3 d226[1].exe3
6717995f2f1cd7df8ade9ae8c853dc1d index.dat2
64be464a73f349359bc2b3b10aef0886 index.dat3
602da0c16f1f74ad6524c0cf8ea1d01f s1265.php.bat3
c9522aac31217971587f1a1ef19d08a2 Setup_ver1.422.0.exe3
714c4f68dcc8c8fbbc2e265f19d9544f smchk.exe.bat3
1575592b5e983d01a67fb34d1095c9f3 smchk.exe3
ef24c433618e7ca61c8d815284e4e785 WebSoftCodecDrivern.exe3
下載者:Setup_ver1.422.0.exe3 (c9522aac31217971587f1a1ef19d08a2)
下載物:WebSoftCodecDrivern.exe3 (ef24c433618e7ca61c8d815284e4e785)
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iro 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe3//stream//data0002
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqm 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe3//stream//data0003
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqp 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe3//stream//data0005
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.irr 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe3//stream//data0006
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqo 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe3//stream//data0007
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqn 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe3//stream//data0008
卡巴报6,但有7个不报,已上报到卡巴
Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.
-----------------
Regards, Namestnikov Yury
Virus Analyst, Kaspersky Lab.
Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com
==================================================================
7月22日:
61b596e760e67eafdccc6d0b9dfd8cb9 15.exe4
73b6f8d0047a095761715912f769dfb4 index.dat1
16518c018209859653f695bc0822695e index.dat2
29b3d0e193b91162277fb762e4a98714 index.dat3
602da0c16f1f74ad6524c0cf8ea1d01f s1265.php.bat3
dd78e8307d0936956d504d6bdb197c0d Setup_ver1.422.0.exe4
dc90dc7264ac011579d2e4b97842174a vistasp1.exe.bat3
b353f20fb018acb116912e3c93cec032 vistasp1.exe3
ef24c433618e7ca61c8d815284e4e785 WebSoftCodecDrivern.exe4
9d1da6d393ebc03571df4c0e09f9d002 WebSoftCodecDrivern[1].exe3
下載者:Setup_ver1.422.0.exe4(dd78e8307d0936956d504d6bdb197c0d)
下載物:WebSoftCodecDrivern.exe4(ef24c433618e7ca61c8d815284e4e785)
WebSoftCodecDrivern[1].exe3(9d1da6d393ebc03571df4c0e09f9d002)
15.exe4 (61b596e760e67eafdccc6d0b9dfd8cb9)
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.yqe 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\15.exe4
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iro 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe4//stream//data0002
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqm 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe4//stream//data0003
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqp 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe4//stream//data0005
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.irr 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe4//stream//data0006
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqo 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe4//stream//data0007
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqn 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern.exe4//stream//data0008
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iro 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern[1].exe3//stream//data0002
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqm 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern[1].exe3//stream//data0003
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqp 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern[1].exe3//stream//data0005
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.irr 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern[1].exe3//stream//data0006
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqo 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern[1].exe3//stream//data0007
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqn 檔案: C:\Documents and Settings\kato9096\桌面\Temp\Temp\WebSoftCodecDrivern[1].exe3//stream//data0008
卡巴报13,有7个不报,已上报
==================================================================
7月23日:
下載者:Setup_ver1.422.0.exe3(4ebe32a613f7ce84a68bd1f977e16257)
602da0c16f1f74ad6524c0cf8ea1d01f s1265.php.bat3
4ebe32a613f7ce84a68bd1f977e16257 Setup_ver1.422.0.exe3
d175f3aa95aca449d82b92a94f2f226c WebSoftCodecDrivern[1].exe5
c157d4e8fc05a6f2c6199d591399f47f dssc32.exe.bat3
d9f2a03ebef3f25aba1af22a49329c07 index.dat1
15ca1f4a704e639775036f86af2f6fec index.dat2
d175f3aa95aca449d82b92a94f2f226c s1265.php
这次下載物跟以前相同,所以把打包下載物
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iro 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -s1265.php//stream//data0002
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqm 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -s1265.php//stream//data0003
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqp 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -s1265.php//stream//data0005
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.irr 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -s1265.php//stream//data0006
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqo 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -s1265.php//stream//data0007
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Zlob.spn 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -Setup_ver1.422.0.exe3
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iro 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -WebSoftCodecDrivern[1].exe5//stream//data0002
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqm 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -WebSoftCodecDrivern[1].exe5//stream//data0003
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqp 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -WebSoftCodecDrivern[1].exe5//stream//data0005
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.irr 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -WebSoftCodecDrivern[1].exe5//stream//data0006
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqo 檔案: C:\Documents and Settings\kato9096\桌面\er\複製 -WebSoftCodecDrivern[1].exe5//stream//data0007
卡巴报11,有4个不报,已上报.(已入庫)
Hello.
No malicious software was found in the attached file.
Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Vyacheslav Zakorzhevsky
Virus Analyst, Kaspersky Lab.
Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com
==================================================================
7月23日第2次:
5bd6a9d6950591a66606784575d255e2 Setup_ver1.422.0.exe0
只有下載者,沒有时間分析衍生物和下載物
Hello.
New malicious software was found in the attached file.
Its detection will be included in the next update. Thank you for your help.
-----------------
Regards, Evgeny Aseev
Virus Analyst, Kaspersky Lab.
Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com
==================================================================
7月24日:
ed58b628d234d9fa6bed6853e07712d5 Setup_ver1.422.0.exe5
只有下載者,沒有时間分析衍生物和下載物
已上报卡巴
==================================================================
7月24日第2次:
6ce0e73a370e792fdfabfb60e66dbf0d Setup_ver1.422.0.exe5
39761d806e79d0802ffea1bbdc85f920 lwpwer.exe5
c157d4e8fc05a6f2c6199d591399f47f dssc32.exe.bat3
d175f3aa95aca449d82b92a94f2f226c s1265.php
602da0c16f1f74ad6524c0cf8ea1d01f s1265.php.bat3
d175f3aa95aca449d82b92a94f2f226c WebSoftCodecDrivern[1].exe5
4ebe32a613f7ce84a68bd1f977e16257 Setup_ver1.422.0.exe3
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Zlob.spn 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\Setup_ver1.422.0.exe3
已刪除: Riskware not-a-virus:FraudTool.Win32.Agent.ac 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\lwpwer.exe5/2.exe
已刪除: Riskware not-a-virus:FraudTool.Win32.UltimateAntivirus.y 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\lwpwer.exe5/5.exe/vav.cpl
已刪除: Riskware not-a-virus:FraudTool.Win32.UltimateAntivirus.ab 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\lwpwer.exe5/5.exe/vav.exe
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iro 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\s1265.php//stream//data0002
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqm 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\s1265.php//stream//data0003
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqp 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\s1265.php//stream//data0005
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.irr 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\s1265.php//stream//data0006
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqo 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\s1265.php//stream//data0007
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iro 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\WebSoftCodecDrivern[1].exe5//stream//data0002
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqm 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\WebSoftCodecDrivern[1].exe5//stream//data0003
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqp 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\WebSoftCodecDrivern[1].exe5//stream//data0005
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.irr 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\WebSoftCodecDrivern[1].exe5//stream//data0006
已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqo 檔案: C:\Sandbox\kato9096\DefaultBox\user\current\Local Settings\Temp\er\WebSoftCodecDrivern[1].exe5//stream//data0007
不报的,已上报卡巴
Hello,
Setup_ver1.422.0.exe5 - Trojan-Downloader.Win32.Zlob.svl
New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Vyacheslav Zakorzhevsky
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/
http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.
==================================================================
7月25日:
bd4e88fc20d2ac29b7b523f426b1bd3b 0.exe3
f05dd7806771cd82beb0cd13d4a85787 1.exe3
9bf15215eccabddc06312c26cef1a413 3.exe3
76074137f1f8079bba170257cc3a10d0 4.exe3
a27e63a374237f3cfd5d42984077ec88 5.exe3
f10bc783207e5f193be1dcad62ed4d89 7.exe3
538f9ead95eba12134d95b4fe7082331 blphcj8bj0e940.scr4
d6f30f585b8392bf50bee8fdaaf8e066 lphcj8bj0e940.exe5
43794d676a7b04af7786fbac930d790f Setup_ver1.422.0.exe4
已刪除: Riskware not-a-virus:FraudTool.Win32.WinAntiVirus.ag 檔案: C:\Sandbox\kato9096\DefaultBox\drive\C\Program Files\PCHealthCenter\0.exe3
已刪除: Riskware not-a-virus:FraudTool.Win32.WinAntiVirus.af 檔案: C:\Sandbox\kato9096\DefaultBox\drive\C\Program Files\PCHealthCenter\3.exe3
已刪除: Riskware not-a-virus:FraudTool.Win32.UltimateAntivirus.y 檔案: C:\Sandbox\kato9096\DefaultBox\drive\C\Program Files\PCHealthCenter\5.exe3/vav.cpl
已刪除: Riskware not-a-virus:FraudTool.Win32.UltimateAntivirus.ab 檔案: C:\Sandbox\kato9096\DefaultBox\drive\C\Program Files\PCHealthCenter\5.exe3/vav.exe
不报的已上报
Hello.
New malicious software was found in the attached file.
Its detection will be included in the next update. Thank you for your help.
-----------------
Regards, Evgeny Aseev
Virus Analyst, Kaspersky Lab.
Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com
==================================================================
7月23第二次和7月24卡巴不报的衍生物:
6c843b01ca9487ac1d3f922cd0609920 vistasp1.exe3
c2537960b2e3caff4485db3c79ff926e smchk.exe4
Hello.
New malicious software was found in the attached file.
Its detection will be included in the next update. Thank you for your help.
-----------------
Regards, Evgeny Aseev
Virus Analyst, Kaspersky Lab.
Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com
vistasp1.exe3
This file is corrupted.
==================================================================
7月23第二次和7月24卡巴不报的衍生物(这是加回上一次的):
a17b37edf702e3ffa5e1ae97b683fd82 vistasp1.exe4
0b19216d22363f61093cc3efc68f438b erfn.exe4
764839427a86a0c115508b81672d8d65 wnslvxtf.dll
fc11deff795063b5f13815834ebaaa89 nfavxwdbmfe.dll
94f4f7356fb9a84bc5bdecc8d70a61be install.bat
948ec41706b9ba1ef5f060410730f60b grswptdl.exer
e1361d5988ac22847b684f52b5b1eba9 fdkowvbp.dll
0b19216d22363f61093cc3efc68f438b erfn.exe3
727af0c3f6f9980e61901ec73a764deb eqvwamkl.dll
5afd4a9b7e69e7c6e312b2ce4040394a blowfish.dll
d51380e00f9d66d3c03f47bd0ea30ac7 s1265.php
dbb0ac908a5a794338fc174e0134d832 s1265.php4
948ec41706b9ba1ef5f060410730f60b grswptdl.exe4
Hello,
blowfish.dll, install.bat_
No malicious code were found in these files.
erfn.exe3, erfn.exe4, fdkowvbp.dll, grswptdl.exe4, grswptdl.exer - Trojan.Win32.Vapsup.jbc,
vistasp1.exe4 - Trojan-Clicker.Win32.Femac.v
New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Vyacheslav Zakorzhevsky
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/
http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.
[ 本帖最后由 kato9096 于 2008-7-27 17:29 编辑 ] |
发表于 2008-7-20 18:07:51
发表于 2008-7-20 18:47:51
楼主
