查看: 4969|回复: 22
收起左侧

[病毒样本] 调节口味,下载的东西x30

[复制链接]
IllusionWing
发表于 2008-7-29 15:02:57 | 显示全部楼层 |阅读模式
共 3个包
有广告有木马

卡巴=18

检测到:木马程序 Trojan-Downloader.Win32.Delf.jju 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\10043.exe//ASPack
检测到:广告程序 not-a-virus:AdWare.Win32.BHO.agy 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\ad7731.exe//data0002
检测到:木马程序 Trojan-Downloader.Win32.Adload.abw 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\explor0e.exe
检测到:木马程序 Trojan-Dropper.Win32.Agent.uoj 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\Explorev.exe
检测到:木马程序 Trojan-Dropper.Win32.Flystud.gg 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\Explorew.exe
检测到:木马程序 Trojan-Clicker.Win32.VB.bjk 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\IEXPLOER.EXE//FSG
检测到:木马程序 Trojan-Dropper.Win32.VB.bpz 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\IEXPLORER.EXE//FSG
检测到:木马程序 Trojan-Dropper.Win32.Flystud.gg 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\IEXPLORER2.EXE
检测到:木马程序 Trojan-Dropper.Win32.Agent.uoj 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\IEXPLORER3.EXE
检测到:木马程序 Trojan.Win32.VB.dzi 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\IEXPLORER4.EXE//FSG
检测到:木马程序 Trojan-Dropper.Win32.VB.bpy 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\IEXPLORER6.EXE//FSG
检测到:木马程序 Trojan-Dropper.Win32.Flystud.eb 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\IEXPLORER7.EXE
检测到:木马程序 Trojan-Downloader.Win32.VB.gcp 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\IEXPLORER8.EXE//#
检测到:木马程序 Trojan-Downloader.Win32.VB.gcp 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\pplivce.exe
检测到:木马程序 Trojan-Dropper.Win32.Flystud.eb 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\QQDoctor.exe
检测到:木马程序 Trojan-Downloader.Win32.Agent.wyy 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\Setup905.exe//ASPack
检测到:木马程序 Trojan-Downloader.Win32.VB.ftf 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\svhost.exe//FSG
检测到:木马程序 Trojan-Downloader.Win32.VB.erq 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\生成thing\win.exe//FSG
JY-YZX714
发表于 2008-7-29 15:08:19 | 显示全部楼层
红伞kill19!比卡巴多一个
kkgh
发表于 2008-7-29 15:11:22 | 显示全部楼层
费尔18个

        瑞星病毒查杀结果报告

清除病毒种类列表:
病毒: Trojan.DL.Win32.Undef.tm
病毒: Trojan.Win32.VB.ztk      
病毒: Trojan.Win32.Undef.gqw   
病毒: Trojan.Win32.VB.ftn      
病毒: Trojan.Win32.Delf.fet   
病毒: Dropper.Win32.Agent.gar  

用户来源:互联网

软件版本:20.55.10

8个
IllusionWing
 楼主| 发表于 2008-7-29 15:12:01 | 显示全部楼层
UG5 (With KPS) 24/30
UG5 (Without KPS) 17/30 (+1 nFile)
UG6 (Smart Search 2) 21/30 (咋没5好....)
wangjay1980
发表于 2008-7-29 15:15:35 | 显示全部楼层
TO KL
Ray1112
发表于 2008-7-29 15:17:54 | 显示全部楼层
原帖由 yzx714 于 2008-7-29 15:08 发表
红伞kill19!比卡巴多一个
我的红伞怎么干掉21个……
IllusionWing
 楼主| 发表于 2008-7-29 15:21:25 | 显示全部楼层
...检查了一下,有两个不是PE
e11skDi7u.dll
和YCHLQUYCHLQUYD.DAT,可以无视
woai_jolin
发表于 2008-7-29 15:28:46 | 显示全部楼层

漏11个

2008-7-29 15:27:52        Real-time file system protection        file        G:\v\QUYCIMQUZD.DLL        probably a variant of Win32/Adware.MoKeAD application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:47        Real-time file system protection        file        G:\v\YjsCNYhr10043.exe        probably a variant of Win32/Adware.MoKeAD application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:43        Real-time file system protection        file        G:\v\win.exe        probably unknown NewHeur_PE virus        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:43        Real-time file system protection        file        G:\v\Setup905.exe        probably a variant of Win32/Genetik trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:43        Real-time file system protection        file        G:\v\QQDoctor.exe        Win32/HideProc.D application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:42        Real-time file system protection        file        G:\v\IEXPLORER8.EXE        Win32/HideProc.D application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:41        Real-time file system protection        file        G:\v\IEXPLORER7.EXE        Win32/HideProc.D application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:41        Real-time file system protection        file        G:\v\IEXPLORER6.EXE        probably a variant of Win32/Genetik trojan        deleted - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:40        Real-time file system protection        file        G:\v\IEXPLORER5.EXE        Win32/HideProc.D application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:40        Real-time file system protection        file        G:\v\IEXPLORER4.EXE        probably unknown NewHeur_PE virus        deleted - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:38        Real-time file system protection        file        G:\v\IEXPLORER3.EXE        Win32/HideProc.D application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:38        Real-time file system protection        file        G:\v\IEXPLORER2.EXE        Win32/HideProc.D application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:37        Real-time file system protection        file        G:\v\IEXPLORER.EXE        probably unknown NewHeur_PE virus        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:37        Real-time file system protection        file        G:\v\fonts.exe        Win32/HideProc.D application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:37        Real-time file system protection        file        G:\v\Explorew.exe        Win32/HideProc.D application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:36        Real-time file system protection        file        G:\v\Explorev.exe        Win32/HideProc.D application        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:36        Real-time file system protection        file        G:\v\explor0e.exe        Win32/VB.NMN trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:22        Real-time file system protection        file        G:\v\ad7731.exe        Win32/Adware.Cinmus application        deleted - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-7-29 15:27:18        Real-time file system protection        file        G:\v\10043.exe        probably unknown NewHeur_PE virus        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
64575509
发表于 2008-7-29 15:29:17 | 显示全部楼层
D:\工具\样本\新建文件夹\10043.exe.1        发现        Trojan/Win32.Delf.jju[Downloader]        仅报告
D:\工具\样本\新建文件夹\explor0e.exe.1        发现        Trojan/Win32.Adload.abw[Downloader]        仅报告
D:\工具\样本\新建文件夹\Setup905.exe.1        发现        Trojan/Win32.Agent.wyy[Downloader]        仅报告
D:\工具\样本\新建文件夹\svhost.exe.1        发现        Trojan/Win32.VB.ftf[Downloader]        仅报告
D:\工具\样本\新建文件夹\win.exe.1        发现        Trojan/Win32.VB.erq[Downloader]        仅报告
安天防线
纽约的麻雀
发表于 2008-7-29 15:31:29 | 显示全部楼层
我的费尔20
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-7-14 06:37 , Processed in 0.138927 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表