收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 banker*22
1234下一页
返回列表 发新帖
查看: 4952|回复: 35
收起左侧

[病毒样本] banker*22

[复制链接]
电影结束了
发表于 2008-7-30 21:04:42 | 显示全部楼层 |阅读模式
昨天和今天的。。
地址:http://www.fs2you.com/files/6edac18a-5e37-11dd-8d24-0014221b798a/
PW:virus
回复

举报

allinwonderi
发表于 2008-7-30 21:08:51 | 显示全部楼层
沙发。banker做的都这么肥。                18.9MB

[ 本帖最后由 allinwonderi 于 2008-7-30 21:13 编辑 ]
回复

举报

aerbeisi
发表于 2008-7-30 21:13:28 | 显示全部楼层
很慢,这两天看NOD32更新了一些banker定义,待会看看效果如何。
回复

举报

allinwonderi
发表于 2008-7-30 21:14:03 | 显示全部楼层

ArcaVir2008

[Scanning : C:\Download Files]


C:\Download Files\list vir\IMG_Hipercard.jpg<UPX>:IMG_Hipercard.jpg <- Trojan.Banker.Banker.Pul : No action



Scanned objects : 27

Infected objects : 1
回复

举报

allinwonderi
发表于 2008-7-30 21:15:13 | 显示全部楼层

F-Prot 4.4.4

[发现可能为病毒:]        <W32/Trojan-Gypikon-based.DE!Maximus>        C:\Download Files\list vir\Ibama.jpg
[发现可能为病毒:]        <W32/Trojan-Gypikon-based.DE!Maximus>        C:\Download Files\list vir\IMGBrad.jpg
[发现自动下载软件:]        <W32/Downloader.H.gen!Eldorado (not disinfectable, 普通)>        C:\Download Files\list vir\imglog.jpg->(PKLite32)
[发现可能为病毒:]        <W32/Trojan-Gypikon-based.DE!Maximus>        C:\Download Files\list vir\IMGNOSSACX.jpg
[发现可能为病毒:]        <W32/Trojan-Gypikon-based.DE!Maximus>        C:\Download Files\list vir\IMG_brasil.jpg
[发现可能为特洛伊木马:]        <W32/Heuristic-VFM!Eldorado (not disinfectable)>        C:\Download Files\list vir\IMG_Hipercard.jpg
[发现自动下载软件:]        <W32/Downloader.H.gen!Eldorado (not disinfectable, 普通)>        C:\Download Files\list vir\orkutkut.jpg->(PKLite32)
[发现自动下载软件:]        <W32/Downloader.X.gen!Eldorado (not disinfectable, 普通)>        C:\Download Files\list vir\reboot87x587.jpg
[发现可能为病毒:]        <W32/Trojan-juke-based!Maximus>        C:\Download Files\list vir\rjuju.jpg->(UPX_LZMA)
[发现自动下载软件:]        <W32/Banload.E.gen!Eldorado (not disinfectable, 普通)>        C:\Download Files\list vir\systen.jpg
[发现自动下载软件:]        <W32/Downloader.H.gen!Eldorado (not disinfectable, 普通)>        C:\Download Files\list vir\vertpre_2003_6.xml->(PKLite32)
[发现自动下载软件:]        <W32/Downloader.H.gen!Eldorado (not disinfectable, 普通)>        C:\Download Files\list vir\vertpre_2003_9.xml->(PKLite32)

---------------------------------------------------------------------
扫描已结束:        2008-7-30, 21:14:31
用时:        0:00:18

扫描结果:

已扫描的文件:                 27
已感染的对象:         12
已清除的对象:         0
已隔离的文件:         0
---------------------------------------------------------------------

报的名字不是很准
回复

举报

zwl2828
发表于 2008-7-30 21:15:39 | 显示全部楼层

ESET Smart Security

C:\Users\Wesley\Desktop\list vir\imglog.jpg - Win32/Spy.Banker.OZM trojan
C:\Users\Wesley\Desktop\list vir\orkutkut.jpg - Win32/Spy.Banker.QLZ trojan
C:\Users\Wesley\Desktop\list vir\reenvio.jpg - a variant of Win32/VB.IF worm
回复

举报

wangjay1980
发表于 2008-7-30 21:15:48 | 显示全部楼层
最烦FS

[ 本帖最后由 wangjay1980 于 2008-7-30 21:38 编辑 ]
回复

举报

allinwonderi
发表于 2008-7-30 21:16:29 | 显示全部楼层

Norman Virus Control 5.99



[ 本帖最后由 allinwonderi 于 2008-7-30 21:18 编辑 ]
回复

举报

Kitman
发表于 2008-7-30 21:16:40 | 显示全部楼层
Begin scan in 'C:\Users\TOSHIBA\Downloads\list vir'
C:\Users\TOSHIBA\Downloads\list vir\Ibama.jpg
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '48f169df.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\IMGBrad.jpg
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '48d769ca.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\imglog.jpg
    [DETECTION] Contains HEUR/Crypted.E suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '48f769ea.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\IMGNOSSACX.jpg
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '4aac91e3.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\IMG_brasil.jpg
      [DETECTION] Contains HEUR/Crypted.E suspicious code
    [NOTE]      A backup was created as '48d769cc.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\IMG_Hipercard.jpg
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE]      A backup was created as '4aac91e5.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\msne.jpg
    [DETECTION] Is the TR/Spy.Banker.Gen Trojan
    [NOTE]      A backup was created as '48fe69f2.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\orkutkut.jpg
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      A backup was created as '48fb69f1.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\ponto.DLL
    [DETECTION] Is the TR/Agent.GYK Trojan
    [NOTE]      A backup was created as '48fe69ee.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\process.jpg
    [DETECTION] Is the TR/Spy.Banker.Gen Trojan
    [NOTE]      A backup was created as '48ff69f2.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\reboot87x587.jpg
    [DETECTION] Contains HEUR/Crypted.E suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '48f269e5.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\reenvio.jpg
      [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      A backup was created as '48f569e5.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\rjuju.jpg
    [DETECTION] Contains HEUR/Crypted.E suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '490569ea.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\systen.jpg
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '490369fa.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\vertpre_2003_6.xml
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '490269e6.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\list vir\w87.jpg
    [DETECTION] Contains HEUR/Crypted.E suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '48c769ba.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2008年7月30日  21:15
Used time: 00:07 Minute(s)

The scan has been done completely.

      1 Scanning directories
     22 Files were scanned
      9 viruses and/or unwanted programs were found
      7 Files were classified as suspicious:
     16 files were deleted
      0 files were repaired
     16 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      6 Files not concerned
      0 Archives were scanned
      0 Warnings
     16 Notes
回复

举报

allinwonderi
发表于 2008-7-30 21:18:20 | 显示全部楼层

回复 7楼 wangjay1980 的帖子

FS
回复

举报

下一页 »
1234下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-7-14 06:18 , Processed in 0.126070 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表