[病毒样本] 24

显示全部楼层 · 发表于 2008-7-23 23:40:53

8f27651bf1c1575a7a2cf1cee89e35a1  1.exe2
936973c30936d8305c34b9215d4b4f7a  alidevice.sys
e057aa4a56a9a2a628a8053f25a27d7d  bplay.exe.Seg
98f3f5d4d2b8e42b39c1e50ad3cbcf7e  bplay.exe.Slg
e057aa4a56a9a2a628a8053f25a27d7d  bsplay.exe.Seg
989b771512722ba7ac8aee3c4518def2  bsplay.exe.Slg
03dc62ad71094d18191c8fc9d4770db8  evgratsm.exe3
599d22017f850968d0ec29e42accfe9b  ipsec.exe.Seg
51ddbd977cc5dd67d8fbec6928eb62b0  ipsec.exe.Slg
d9f5bb5efa2f5ccd348b7851e338988c  kbdswjr.dll3
79f7c45b5d74b11bb874c4fa9f011618  myPhoto10.jpeg-www.imageshack.com3
8bfdb5f2d463abe7c4e94059e951bc41  Plx.exe3
7f1e65bde053985ba645340bc0cf6497  reg.exe.Seg
3f701ba330e12c15e3cbb7657020cb78  reg.exe.Slg

已刪除: 特洛伊木馬程式 Trojan.Win32.Vapsup.iqn 檔案: C:\Documents and Settings\kato9096\桌面\24\evgratsm.exe3
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sfoa 檔案: C:\Documents and Settings\kato9096\桌面\24\kbdswjr.dll3
已刪除: 特洛伊木馬程式 Trojan.Win32.Delf.chw 檔案: C:\Documents and Settings\kato9096\桌面\24\Plx.exe3

卡巴只报3个

不报的已上报给卡巴.

显示全部楼层 · 发表于 2008-7-23 23:47:19

显示全部楼层 · 发表于 2008-7-23 23:49:58

Begin scan in 'C:\Documents and Settings\Administrator\桌面\24'
C:\Documents and Settings\Administrator\桌面\24\24\1.exe2
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    A backup was created as '48ec5340.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\24\24\evgratsm.exe3
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
[NOTE]    A backup was created as '48ee5388.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\24\24\kbdswjr.dll3
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '48eb5374.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\24\24\Plx.exe3
[DETECTION] Is the TR/Delf.chw Trojan
[NOTE]    A backup was created as '48ff537e.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\24\24\system[1].exe2
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    A backup was created as '48fa538b.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\24\24\xueshacc0709.exe2
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    A backup was created as '48ec5387.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2008年7月23日  23:49
Used time: 00:03 Minute(s)

The scan has been done completely.

   2 Scanning directories
   30 Files were scanned
   6 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   6 files were deleted
   0 files were repaired
   6 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   24 Files not concerned
   1 Archives were scanned
   0 Warnings
   6 Notes

显示全部楼层 · 发表于 2008-7-23 23:52:05

IKARUS 8
D:\病毒测试\临时解压\24\1.exe2 - 可疑代码段被发现 (Level: 65)
D:\病毒测试\临时解压\24\alidevice.sys
D:\病毒测试\临时解压\24\bplay.exe.Seg - 特征码 'Virus.Win32.Sality.m' 被发现
D:\病毒测试\临时解压\24\bplay.exe.Slg
D:\病毒测试\临时解压\24\bsplay.exe.Seg - 特征码 'Virus.Win32.Sality.m' 被发现
D:\病毒测试\临时解压\24\bsplay.exe.Slg
D:\病毒测试\临时解压\24\evgratsm.exe3 - 特征码 'AdWare.AdSpy' 被发现
D:\病毒测试\临时解压\24\ipsec.exe.Seg:\gpupdate.exe
D:\病毒测试\临时解压\24\ipsec.exe.Seg:\ipsec.bat
D:\病毒测试\临时解压\24\ipsec.exe.Seg:\ipseccmd.exe
D:\病毒测试\临时解压\24\ipsec.exe.Seg:\polstore.dll
D:\病毒测试\临时解压\24\ipsec.exe.Seg:\winipsec.dll
D:\病毒测试\临时解压\24\ipsec.exe.Seg:\使用说明.txt
D:\病毒测试\临时解压\24\ipsec.exe.Seg
D:\病毒测试\临时解压\24\ipsec.exe.Slg
D:\病毒测试\临时解压\24\kbdswjr.dll3 - 特征码 'Virus.Trojan.GameThief.Win32.OnLineGames.sfoa' 被发现
D:\病毒测试\临时解压\24\myPhoto10.jpeg-www.imageshack.com3
D:\病毒测试\临时解压\24\Plx.exe3 - 特征码 'Trojan.Win32.Delf.chw' 被发现
D:\病毒测试\临时解压\24\reg.exe.Seg
D:\病毒测试\临时解压\24\reg.exe.Slg
D:\病毒测试\临时解压\24\replace.exe.Seg
D:\病毒测试\临时解压\24\replace.exe.Slg
D:\病毒测试\临时解压\24\reshacker.exe.Seg
D:\病毒测试\临时解压\24\reshacker.exe.Slg
D:\病毒测试\临时解压\24\screnc.exe.Seg
D:\病毒测试\临时解压\24\screnc.exe.Slg
D:\病毒测试\临时解压\24\system[1].exe2 - 可疑代码段被发现 (Level: 65)
D:\病毒测试\临时解压\24\xueshacc0709.exe2 - 特征码 'Virus.Win32.Visel.E' 被发现
D:\病毒测试\临时解压\24\xvid.dll.Seg
D:\病毒测试\临时解压\24\xvid.dll.Slg

30 文件被扫描
(1 压缩档 6 文件)
6 特征码被侦测
2 可疑代码段被发现
耗时: 0:22.152

显示全部楼层 · 发表于 2008-7-23 23:52:10

大量的非毒

显示全部楼层 · 发表于 2008-7-23 23:52:34

25093759    alidevice.sys    6.5 KB    UNDER ANALYSIS
25093760    bplay.exe.Slg    75 Byte    UNDER ANALYSIS
25093761    bsplay.exe.Slg    76 Byte    UNDER ANALYSIS
212991    ipsec.exe.Seg    198.21 KB    CLEAN
25093762    ipsec.exe.Slg    72 Byte    UNDER ANALYSIS
25092939    myPhoto10.jpeg-w...ck.com3    42 KB    MALWARE
25093763    reg.exe.Slg    30 Byte    UNDER ANALYSIS
25093764    replace.exe.Seg    36 KB    UNDER ANALYSIS
25093765    replace.exe.Slg    58 Byte    UNDER ANALYSIS
25093766    reshacker.exe.Slg    78 Byte    UNDER ANALYSIS
25093767    screnc.exe.Seg    63.61 KB    UNDER ANALYSIS
25093768    screnc.exe.Slg    41 Byte    UNDER ANALYSIS
25093769    xvid.dll.Slg    40 Byte    UNDER ANALYSIS
234585    bplay.exe.Seg    12.5 KB    KNOWN CLEAN
234585    bsplay.exe.Seg    12.5 KB    KNOWN CLEAN
515031    reg.exe.Seg    63 KB    KNOWN CLEAN
602563    reshacker.exe.Seg    861 KB    KNOWN CLEAN
3928227    xvid.dll.Seg    668 KB    KNOWN CLEAN

显示全部楼层 · 发表于 2008-7-23 23:54:23

LZ，下回字节的就不要发了，是威胁的几率很小。。。。。我好像经常能从一些字节的bat里面看到网马地址

显示全部楼层 · 发表于 2008-7-24 10:58:18

病毒 2008-07-24  10:57:33 C:\Documents and Settings\Administrator\桌面\24\24\Plx.exe3 Win32.Troj.Delf.402944 清除成功
病毒 2008-07-24  10:57:33 C:\Documents and Settings\Administrator\桌面\24\24\kbdswjr.dll3 Win32.Troj.AgentT.aa.889632 清除成功
病毒 2008-07-24  10:57:32 C:\Documents and Settings\Administrator\桌面\24\24\evgratsm.exe3 Win32.Troj.Click.a.245760 清除成功

显示全部楼层 · 发表于 2008-7-24 11:19:08

卡巴杀得太少了，avg杀出来几个，蜘蛛逮到几个

显示全部楼层 · 发表于 2008-7-24 11:24:00

mcafee报了4只

[病毒样本] 24

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源