最完美的磁碟机病毒样本--值得收藏和研究！（不断更新，添加感染文件exe、htm）

显示全部楼层 · 发表于 2008-7-22 11:02:40

磁碟机（Worm.Win32.DiskGen）V93696增强完整版

这是本人精心提取磁碟机病毒所放出的全部病毒！

由于压缩包比较大，无法直接上传，分卷压缩会影响压缩包的质量，所以我将样本上传到网盘上了，大家请到http://www.eeload.com/view/o/8715.html下载样本。

更新日志详见43楼！！

下图是中了磁碟机之后病毒下载的恶意软件列表（本人在中毒后30分钟后利用毒霸网页查毒方式最终检测的结果）

另外附赠最新版的磁碟机病毒安装程序下载地址http://w.c0mo.com/setup.exe再说一遍：安全第一！测试第二！严禁菜鸟下载使用，严禁在正常系统上运行！特别严禁利用本资源进行恶意传播行为，一旦发现，本人将彻底停止对本软件的更新！并且会立即删除本资源！测试研究时一定要高度谨慎，没有十足把握的不允许下载！一旦运行和传播开来所造成的一切后果和损失本人不承担任何责任！所以希望大家能够正确的应用该样本。最后祝大家学习愉快~我的QQ：527892415

[ 本帖最后由 youba 于 2009-10-4 14:24 编辑 ]

显示全部楼层 · 发表于 2008-7-22 11:06:38

Scanning Report
22 July 2008 11:05:53 - 11:05:55
Computer name: BALLAKAY-PC
Scanning type: Scan target
Target: C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾

--------------------------------------------------------------------------------

Result: 16 malware found
Virus.Win32.Xorer.dr (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\setup.exe Action: quarantined
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\lsass.exe Action: quarantined
Virus.Win32.Xorer.eu (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\037589.log Action: quarantined
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\446751.log Action: quarantined
Worm.Win32.AutoRun.dck (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\AUTORUN.0NF Action: quarantined
Virus.Win32.Xorer.dv (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\NetApi000.sys Action: quarantined
Virus.Win32.Xorer.ed (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\pagefile.exe Action: quarantined
Virus.Win32.Xorer.er (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\pagefile.pif Action: quarantined
Virus.Win32.Xorer.eo (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\Temp\Setup.exe Action: quarantined
Virus.Win32.Xorer.dp (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\dnsq.dll Action: quarantined
Backdoor.Win32.VB.ags (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Lcass.exe Action: quarantined
Trojan-Downloader.Win32.Agent.hjg (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\alg.exe Action: quarantined
Trojan-PSW.Win32.OnLineGames.mix (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\AntiTool.exe Action: quarantined
Virus.Win32.Xorer.dd (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\netcfg.000 Action: quarantined
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\netcfg.dll Action: quarantined
Virus.Win32.Xorer.dq (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\smss.exe Action: quarantined

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 16
Not scanned: 0
Result:
Viruses: 16
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Quarantined: 16
Failed: 0
Boot Sectors:
Scanned: 0
Infected: 0
Suspicious items: 0
Disinfected: 0

--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2008-07-21_06
Spyware: 2008-07-21_06
Scanning Engines:
F-Secure AVP: 7.00.171, 2008-07-21
F-Secure Libra: 2.04.05, 2008-07-16
F-Secure Orion: 1.02.41, 2008-07-21
F-Secure Draco: 1.01.00, 2008-07-08
Scanning options:
Scan all files
Scan inside archives
Actions:
Viruses: Quarantine and delete
Spyware: Quarantine and delete
一个不落!全死光光!

显示全部楼层 · 发表于 2008-7-22 11:14:03

估计全可以干掉

显示全部楼层 · 发表于 2008-7-22 11:16:27

红伞扫描17个，杀17个

显示全部楼层 · 发表于 2008-7-22 11:38:36

2008-7-22 11:35:09 http://bbs.kafan.cn/attachment.p ... //PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.dr
2008-7-22 11:35:09 http://bbs.kafan.cn/attachment.p ... //PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.dr
2008-7-22 11:35:13 http://bbs.kafan.cn/attachment.p ... //PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.dr
2008-7-22 11:35:13 http://bbs.kafan.cn/attachment.p ... //PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.dr
2008-7-22 11:35:19 http://bbs.kafan.cn/attachment.p ... //PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.dr
2008-7-22 11:35:19 http://bbs.kafan.cn/attachment.p ... //PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.dr
2008-7-22 11:36:47 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:36:47 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:36:48 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:36:48 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:36:54 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:36:54 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:00 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:00 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:06 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:06 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:12 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:12 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:18 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:18 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:28 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:28 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:37 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:37 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:43 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:43 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:38:02 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.dp
2008-7-22 11:38:02 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.dp
2008-7-22 11:38:02 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.dp
2008-7-22 11:38:02 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.dp
2008-7-22 11:38:04 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.dp
2008-7-22 11:38:04 http://bbs.kafan.cn/attachment.p ... &t=1216697618//本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.dp

显示全部楼层 · 发表于 2008-7-22 12:18:50

avast！清空

显示全部楼层 · 发表于 2008-7-22 12:20:35

原帖由 yzx714 于 2008-7-22 11:16 发表
红伞扫描17个，杀17个

我用的红伞

显示全部楼层 · 发表于 2008-7-22 21:19:36

McAfee报了16个。。。

显示全部楼层 · 发表于 2008-8-12 08:24:26

再次更新：加入下载的病毒程序hxxp://js.k0102.com/data.gif,data.gif文件被下载到WINDOWS临时文件夹,也就是WINDOWS\Temp目录下

显示全部楼层 · 发表于 2008-8-12 08:30:11

Starting the file scan:

Begin scan in 'E:\本地磁盘(C：)'
E:\本地磁盘(C：)\AUTORUN.INF
[DETECTION] Contains recognition pattern of the INF/AutoRun.K INF virus
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\NetApi000.sys
[DETECTION] Contains recognition pattern of the RKIT/Xorer.A.11 root kit
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\pagefile.pif
[DETECTION] Is the TR/Drop.Xorer.C Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\pagefile.exe
[DETECTION] Is the TR/Xorer.ed.8192 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\037589.log
[DETECTION] Is the TR/Drop.Xorer.C Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\dnsq.dll
[DETECTION] Contains recognition pattern of the RKIT/Xorer.2 root kit
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Lcass.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Tzhen.A.1 back-door program
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\446751.log
[DETECTION] Is the TR/Drop.Xorer.C Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\alg.exe
[DETECTION] Is the TR/Dldr.Xorer.E.1 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\AntiTool.exe
[DETECTION] Is the TR/PSW.OnlineGames.Mix.2 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\lsass.exe
[DETECTION] Is the TR/Fujacks.A.1 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\netcfg.000
[DETECTION] Is the TR/Xorer.G Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\netcfg.dll
[DETECTION] Is the TR/Xorer.G Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\smss.exe
[DETECTION] Is the TR/Xorer.E.2 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\Temp\data.gif
   [DETECTION] Is the TR/Xorer.94208 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\Temp\Setup.exe
   [DETECTION] Is the TR/Xorer.94208 Trojan
[NOTE]    The file was deleted!
Begin scan in 'E:\setup.exe'
E:\setup.exe
[0] Archive type: RAR SFX (self extracting)
   --> Setup.exe
      [DETECTION] Is the TR/Xorer.94208 Trojan
[DETECTION] Contains recognition pattern of the DR/Xorer.A.3 dropper
[NOTE]    The file was deleted!

End of the scan: 2008年8月12日  08:31
Used time: 00:24 Minute(s)

The scan has been done completely.

   4 Scanning directories
   18 Files were scanned
   18 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   17 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   1 Archives were scanned
   0 Warnings
   17 Notes

[病毒样本] 最完美的磁碟机病毒样本--值得收藏和研究！（不断更新，添加感染文件exe、htm）

本帖子中包含更多资源

本帖子中包含更多资源

18