[病毒样本] 31

显示全部楼层 · 发表于 2008-7-29 20:59:36

2008-7-26=http://uusina32.cn/mm/1.exe
2008-7-26=http://uusina32.cn/mm/2.exe
2008-7-26=http://uusina32.cn/mm/3.exe
2008-7-26=http://uusina32.cn/mm/4.exe
2008-7-26=http://uusina32.cn/mm/5.exe
2008-7-26=http://uusina32.cn/mm/6.exe
2008-7-26=http://uusina32.cn/mm/7.exe
2008-7-26=http://uusina32.cn/mm/8.exe
2008-7-26=http://uusina32.cn/mm/9.exe
2008-7-26=http://uusina32.cn/mm/10.exe
2008-7-26=http://uusina32.cn/mm/11.exe
2008-7-26=http://uusina32.cn/mm/12.exe
2008-7-26=http://uusina32.cn/mm/13.exe
2008-7-26=http://uusina32.cn/mm/14.exe
2008-7-26=http://uusina32.cn/mm/15.exe
2008-7-26=http://uusina32.cn/mm/16.exe
2008-7-26=http://uusina32.cn/mm/17.exe
2008-7-26=http://uusina32.cn/mm/18.exe
2008-7-26=http://uusina32.cn/mm/19.exe
2008-7-26=http://uusina32.cn/mm/20.exe
2008-7-26=http://uusina32.cn/mm/21.exe
2008-7-26=http://uusina32.cn/mm/22.exe
2008-7-26=http://uusina32.cn/mm/23.exe
2008-7-26=http://uusina32.cn/mm/24.exe
2008-7-26=http://uusina32.cn/mm/25.exe
2008-7-26=http://uusina32.cn/mm/26.exe
2008-7-26=http://uusina32.cn/mm/27.exe
2008-7-26=http://uusina32.cn/mm/28.exe
2008-7-26=http://it.m7ok.com/02/7.exe
2008-7-26=http://it.m7ok.com/02/8.exe
2008-7-26=http://it.m7ok.com/02/9.exe
2008-7-26=http://it.m7ok.com/02/c2.exe
2008-7-26=http://it.m7ok.com/02/c3.exe
2008-7-26=http://uusina32.cn/mm/29.exe
2008-7-26=http://uusina32.cn/mm/30.exe

14b1d0acc80391e9e0801aea24dc4324  28.exe3
9ac8427e2f376a3af24acf91e8cb8b01  3.exe3
484daa6f6dc162b9e5d90c64d3956e2a  4.exe3
a408c044d03057194a22bb5b8fb4a8d5  5.exe3
df6c036728280127a166417f1c1b531d  6.exe3
ecbd38e4ac518bc4529b3ec8ab19f7c5  7--.exe3
a5db3bf3b7fe82528c259ab2e9acd84a  7.exe3
d502e68790cb620b81d1c6bde3ca13a9  8--.exe3
785710b725cff33cbfaac140a3ae07cb  8.exe3
fe72ff990af3980fa8a374746060e636  9--.exe3
05319f564d52a5c48d334f8fb8aa0632  9.exe3
fdf4552b78815d84c98fa8dbf9209b42  1.exe3
2f0e5c8f7179a35599d89fb1cabe541a  10.exe3
d08940fbfcf95e0e4f55b4c250276f59  11.exe3
995d0bff6d91b94380254eb28e287f23  12.exe3
7227618fbd4809af52a9e4e5819c55fb  13.exe3
482e590c7417012396adabbaf0ac3f18  14.exe3
afc87d83e243e0c9f93cd9796bf3d81f  15.exe3
937075351dd65a1f3b5645b33aa62b98  16.exe3
9420ef691947999160a592bef7bb3639  17.exe3
8bbd165893ab865085edab3f8e28f3c7  18.exe3
2608ee8e92231a2102dd68e3c5dd2757  19.exe3
1ac36e0a625da1a65f363f31601c04da  2.exe3
92b8d9ebf049ae5808871b31b9cc6a9d  20.exe3
db593d17e5624464435435c85a209054  21.exe3
6295c70394e6e1e0690bd741bf234a41  22.exe3
13fd66dd907bb6e67e8fdeebb077a9c9  23.exe3
89288c5d18047545875c26de0aa7dc3c  24.exe3
e1d857caf25ce86a713709e2a53eee24  25.exe3
fda7b641d3c95ce82f8a05098dcee6d0  26.exe3
fa7c1b4fa2b63172a972ad61a3da83c4  27.exe3

已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.WOW.bmu 檔案: C:\Documents and Settings\kato9096\桌面\52651323\9--.exe3//PE_Patch.PECompact//PecBundle//PECompact
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjcq 檔案: C:\Documents and Settings\kato9096\桌面\52651323\9.exe3//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjbv 檔案: C:\Documents and Settings\kato9096\桌面\52651323\10.exe3
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slit 檔案: C:\Documents and Settings\kato9096\桌面\52651323\11.exe3
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.siov 檔案: C:\Documents and Settings\kato9096\桌面\52651323\12.exe3
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhv 檔案: C:\Documents and Settings\kato9096\桌面\52651323\13.exe3//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjcq 檔案: C:\Documents and Settings\kato9096\桌面\52651323\15.exe3//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sliv 檔案: C:\Documents and Settings\kato9096\桌面\52651323\16.exe3
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slit 檔案: C:\Documents and Settings\kato9096\桌面\52651323\19.exe3
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjcq 檔案: C:\Documents and Settings\kato9096\桌面\52651323\2.exe3//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Agent.nr 檔案: C:\Documents and Settings\kato9096\桌面\52651323\20.exe3
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sfru 檔案: C:\Documents and Settings\kato9096\桌面\52651323\22.exe3//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjcq 檔案: C:\Documents and Settings\kato9096\桌面\52651323\23.exe3//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjxn 檔案: C:\Documents and Settings\kato9096\桌面\52651323\24.exe3//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.udd 檔案: C:\Documents and Settings\kato9096\桌面\52651323\25.exe3//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhw 檔案: C:\Documents and Settings\kato9096\桌面\52651323\26.exe3//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shaf 檔案: C:\Documents and Settings\kato9096\桌面\52651323\27.exe3
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhw 檔案: C:\Documents and Settings\kato9096\桌面\52651323\28.exe3//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhv 檔案: C:\Documents and Settings\kato9096\桌面\52651323\3.exe3//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sliu 檔案: C:\Documents and Settings\kato9096\桌面\52651323\4.exe3
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjcq 檔案: C:\Documents and Settings\kato9096\桌面\52651323\5.exe3//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shss 檔案: C:\Documents and Settings\kato9096\桌面\52651323\6.exe3//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.QQHelper.boj 檔案: C:\Documents and Settings\kato9096\桌面\52651323\7--.exe3
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sasz 檔案: C:\Documents and Settings\kato9096\桌面\52651323\7.exe3//UPack
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.Cinmus.nex 檔案: C:\Documents and Settings\kato9096\桌面\52651323\8--.exe3//data0003
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.Cinmus.nbb 檔案: C:\Documents and Settings\kato9096\桌面\52651323\8--.exe3//data0004

卡巴报26个,有6个不报

不报的已上报到卡巴

Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Sincerely yours,
Andrey Bezborodov,
Virus Analyst.
_____________________
Kaspersky Lab Ltd
Moscow, Russia
Tel/Fax : +7 (095) 797-8700
E-mail  : newvirus@kaspersky.com
Internet: http://www.kaspersky.com, http://www.viruslist.com

[ 本帖最后由 kato9096 于 2008-7-30 19:08 编辑 ]

显示全部楼层 · 发表于 2008-7-29 21:06:35

诺顿的杀毒效果

显示全部楼层 · 发表于 2008-7-29 21:08:38

[Scanning : C:\Download Files]

C:\Download Files\52651323.rar<RAR>:10.exe3 <- Trojan.Gamethief.Onlinegames.Sjbv : No action
C:\Download Files\52651323.rar<RAR>:12.exe3 <- Trojan.Gamethief.Onlinegames.Siov : No action
C:\Download Files\52651323.rar<RAR>:12.exe3<UPX>:12.exe3<DLLRES>:res0.exe <- Trojan.Psw.Games.Onlinegames.Sjgt : No action
C:\Download Files\52651323.rar<RAR>:15.exe3 <- Trojan.Gamethief.Onlinegames.Sixs : No action
C:\Download Files\52651323.rar<RAR>:15.exe3<UPack>:15.exe3<DLLRES>:res0.exe <- Trojan.Gamethief.Onlinegames.Siqr : No action
C:\Download Files\52651323.rar<RAR>:16.exe3 <- Trojan.Psw.Games.Onlinegames.Skik : No action
C:\Download Files\52651323.rar<RAR>:20.exe3 <- Trojan.Psw.Agent.Nr : No action
C:\Download Files\52651323.rar<RAR>:22.exe3<UPack>:22.exe3<DLLRES>:res0.exe <- Trojan.Psw.Games.Onlinegames.Sedr : No action
C:\Download Files\52651323.rar<RAR>:23.exe3 <- Trojan.Gamethief.Onlinegames.Silw : No action
C:\Download Files\52651323.rar<RAR>:23.exe3<UPack>:23.exe3<DLLRES>:res0.exe <- Trojan.Gamethief.Onlinegames.Silz : No action
C:\Download Files\52651323.rar<RAR>:25.exe3<UPX>:25.exe3<DLLRES>:res0.exe <- Trojan.Agent.Von : No action
C:\Download Files\52651323.rar<RAR>:26.exe3 <- Trojan.Gamethief.Onlinegames.Shhw : No action
C:\Download Files\52651323.rar<RAR>:26.exe3<UPX>:26.exe3<DLLRES>:res0.exe <- Trojan.Gamethief.Onlinegames.Siyy : No action
C:\Download Files\52651323.rar<RAR>:27.exe3 <- Trojan.Psw.Games.Onlinegames.Shah : No action
C:\Download Files\52651323.rar<RAR>:27.exe3<UPX>:27.exe3<DLLRES>:res0.exe <- Trojan.Spy.Agent.Dfm : No action
C:\Download Files\52651323.rar<RAR>:28.exe3 <- Trojan.Gamethief.Onlinegames.Shhw : No action
C:\Download Files\52651323.rar<RAR>:28.exe3<UPX>:28.exe3<DLLRES>:res0.exe <- Trojan.Gamethief.Onlinegames.Sizd : No action
C:\Download Files\52651323.rar<RAR>:3.exe3 <- Trojan.Gamethief.Onlinegames.Shhv : No action
C:\Download Files\52651323.rar<RAR>:3.exe3<UPX>:3.exe3<DLLRES>:res0.exe <- Trojan.Agent.Vro : No action
C:\Download Files\52651323.rar<RAR>:6.exe3 <- Trojan.Gamethief.Onlinegames.Shss : No action
C:\Download Files\52651323.rar<RAR>:7--.exe3 <- Trojan.Downloader.Qqhelper.Boj : No action
C:\Download Files\52651323.rar<RAR>:7.exe3 <- Trojan.Gamethief.Onlinegames.Sasz : No action
C:\Download Files\52651323.rar<RAR>:7.exe3<UPack>:7.exe3<DLLRES>:MAIN0.exe <- Trojan.Gamethief.Onlinegames.Serv : No action
C:\Download Files\52651323.rar<RAR>:8--.exe3 <- Trojan.Shutdowner.Io : No action
C:\Download Files\52651323.rar<RAR>:8--.exe3<NSIS>:16.sys <- Downloader.Agent.Nas : No action

Scanned objects : 87

Infected objects : 25

显示全部楼层 · 发表于 2008-7-29 21:09:42

---------------------
扫描已结束: 2008-7-29, 21:09:01
用时: 0:00:24

扫描结果:

已扫描的文件:    6
已感染的对象:    22
已清除的对象:    0
已隔离的文件:    0
---------------------------------------------------------------------

显示全部楼层 · 发表于 2008-7-29 21:10:37

显示全部楼层 · 发表于 2008-7-29 21:15:47

kv 28

显示全部楼层 · 发表于 2008-7-29 21:22:31

Begin scan in 'C:\Documents and Settings\Administrator\桌面\52651323.rar'
C:\Documents and Settings\Administrator\桌面\52651323.rar
[0] Archive type: RAR
--> 8.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 9--.exe3
   [DETECTION] Is the TR/PSW.Wow.blc Trojan
--> 9.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 1.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 10.exe3
      [DETECTION] Is the TR/Dropper.Gen Trojan
--> 11.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 13.exe3
      [DETECTION] Is the TR/PSW.OnLineGa.aqq Trojan
--> 14.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 15.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 16.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 17.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 18.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 19.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 2.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 20.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 21.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 22.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 23.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 24.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 25.exe3
      [DETECTION] Is the TR/PSW.Online.Osh.2 Trojan
   --> 26.exe3
      [DETECTION] Is the TR/PSW.OnL.BJ.24576 Trojan
   --> 27.exe3
      [DETECTION] Is the TR/PSW.Online.tdb Trojan
   --> 3.exe3
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/Agent.vro.2 Trojan
--> 4.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 5.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 6.exe3
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 7--.exe3
   [DETECTION] Is the TR/Downloader.Gen Trojan
--> 8--.exe3
   [DETECTION] Contains recognition pattern of the DR/Cinmus.nbb dropper
[NOTE]    The file was deleted!

End of the scan: 星期二 2008年7月29日  21:22
Used time: 00:13 Minute(s)

The scan has been done completely.

   0 Scanning directories
   32 Files were scanned
   31 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-7-29 21:24:55

显示全部楼层 · 发表于 2008-7-29 21:28:24

Scan Log
Version of virus signature database: 3306 (20080729)
Date: 2008-7-29 Time: 21:27:56
Scanned disks, folders and files: G:\v\52651323
G:\v\52651323\1.exe3 - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\10.exe3 - probably unknown NewHeur_PE virus [7] - deleted - quarantined
G:\v\52651323\11.exe3 - probably a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\12.exe3 - a variant of Win32/PSW.OnLineGames.NXI trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\13.exe3 - a variant of Win32/PSW.OnLineGames.NXI trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\14.exe3 - is OK
G:\v\52651323\15.exe3 - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\16.exe3 - Win32/PSW.Agent.NIG trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\17.exe3 - probably a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\18.exe3 - probably a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\19.exe3 - probably a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\2.exe3 - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\20.exe3 - Win32/TrojanDownloader.Agent.OBF trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\21.exe3 - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\22.exe3 - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\23.exe3 - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\24.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\25.exe3 - a variant of Win32/PSW.OnLineGames.NXI trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\26.exe3 - a variant of Win32/PSW.OnLineGames.NXI trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\27.exe3 - a variant of Win32/PSW.OnLineGames.NXI trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\28.exe3 - a variant of Win32/PSW.OnLineGames.NXI trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\3.exe3 - a variant of Win32/PSW.OnLineGames.NXI trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\4.exe3 - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\5.exe3 - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\6.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\7--.exe3 - is OK
G:\v\52651323\7.exe3 - probably a variant of Win32/PSW.OnLineGames.OAF trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\8--.exe3 » NSIS » Entries.bin - is OK
G:\v\52651323\8--.exe3 » NSIS » Strings.txt - is OK
G:\v\52651323\8--.exe3 » NSIS » System.dll - is OK
G:\v\52651323\8--.exe3 » NSIS » scm17.exe - a variant of Win32/Adware.Cinmus application - was a part of the deleted object
G:\v\52651323\8--.exe3 » NSIS » 16.sys - a variant of Win32/Ysmarsys trojan - was a part of the deleted object
G:\v\52651323\8.exe3 - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\9--.exe3 - a variant of Win32/TrojanDownloader.VB.CEJ trojan - cleaned by deleting - quarantined [1]
G:\v\52651323\9.exe3 - a variant of Win32/PSW.Agent.NHQ trojan - cleaned by deleting - quarantined [1]
Number of scanned objects: 35
Number of threats found: 30
Number of cleaned objects: 30
Time of completion: 21:28:00 Total scanning time: 4 sec (00:00:04)

Notes:
[1] Object has been deleted as it only contained the virus body.
[7] Object is probably infected with an unknown virus.

显示全部楼层 · 发表于 2008-7-29 21:36:40

[病毒样本] 31

查杀记录

ArcaVir2008

F-Prot 4.4.4

Norman Virus Control 5.99

31