来二只小网马

显示全部楼层 · 发表于 2008-7-31 16:22:20

来二只小网马

没报的快去上报吧。。。

文件 aaa.rar 接收于 2008.07.31 10:13:12 (CET)
反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.7.29.1 2008.07.31 -
AntiVir 7.8.1.12 2008.07.31 HTML/Infected.WebPage.Gen
Authentium 5.1.0.4 2008.07.30 HTML/Iframe.A!Camelot
Avast 4.8.1195.0 2008.07.30 -
AVG 8.0.0.156 2008.07.30 -
BitDefender 7.2 2008.07.31 -
CAT-QuickHeal 9.50 2008.07.30 -
ClamAV 0.93.1 2008.07.31 Exploit.Iframe-1
DrWeb 4.44.0.09170 2008.07.31 -
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5997 2008.07.31 -
Ewido 4.0 2008.07.30 -
F-Prot 4.4.4.56 2008.07.30 -
F-Secure 7.60.13501.0 2008.07.31 HTML/Exploit!IFrame.G
Fortinet 3.14.0.0 2008.07.31 -
GData 2.0.7306.1023 2008.07.31 -
Ikarus T3.1.1.34.0 2008.07.31 -
Kaspersky 7.0.0.125 2008.07.31 -
McAfee 5350 2008.07.30 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3312 2008.07.31 -
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.30 -
PCTools 4.4.2.0 2008.07.30 -
Prevx1 V2 2008.07.31 -
Rising 20.55.31.00 2008.07.31 -
Sophos 4.31.0 2008.07.31 -
Sunbelt 3.1.1537.1 2008.07.29 -
Symantec 10 2008.07.31 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.31 -
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.30.1317 2008.07.30 -
VirusBuster 4.5.11.0 2008.07.30 -
Webwasher-Gateway 6.6.2 2008.07.31 Script.Infected.WebPage.Gen
附加信息
File size: 765 bytes
MD5...: 55a67d61df1a338f4cc8015949aa5e11
SHA1..: 667e292ec17fea08d153855de87c0746414243d4
SHA256: 2ddcbcb6b8d74a30116b83d1919cd76c5b47dcd87123d0c5c637fa7a470c27b0
SHA512: 58c00cecbfd0b85aac8b4275416367c6ea6c5a81dcdcab05a986a6c01bbd4b41
d8ff3f3b349a3e0f69360b28dbbf4a95a8e22f1b8a301cfbb2fe5dcb498e5960
PEiD..: -
PEInfo: -

VirSCAN.org Scanned Report :
Scanned time : 2008/07/31 16:13:16 (CST)
Scanner results: 8%的杀软(3/36)报告发现病毒
File Name    : aaa.rar
File Size    : 765 byte
File Type    : RAR archive data, v1d, os
MD5          : 55a67d61df1a338f4cc8015949aa5e11
SHA1          : 667e292ec17fea08d153855de87c0746414243d4
Online report  : ht　tp://virscan.org/report/f61962ea48bc50ab26a8cdd2db050c74.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    3.5.0.22       2008.07.30       2008-07-30  2.44 -
安博士V3    2008.07.31.01 2008.07.31       2008-07-31  0.88 -
AntiVir       7.8.1.12       7.0.5.195       2008-07-31  2.19 HTML/Infected.WebPage.Gen
Arcavir       1.0.5          200807301701    2008-07-30  1.18 -
AVAST!       3.0.1          080730-0       2008-07-30  0.66 -
AVG          7.5.51.442    270.5.8/1582    2008-07-30  1.50 -
BitDefender 7.60825.1410538 7.20274          2008-07-31  2.63 -
CA (VET)    9.0.0.143    31.6.5997       2008-07-31  0.76 -
ClamAV       0.93.3       7897             2008-07-31  0.00 Exploit.Iframe-1
Comodo       2.11          2.0.0.602       2008-07-31  0.40 -
CP Secure    1.1.0.715    2008.07.31       2008-07-31  5.60 -
Dr.Web       4.44.0.9170    2008.07.31       2008-07-31  3.02 -
ewido       4.0.0.2       2008.07.30       2008-07-30  2.30 -
F-Prot       4.4.4.56       20080730       2008-07-30  0.96 -
F-Secure    5.51.6100    2008.07.31.03    2008-07-31  2.85 -
飞塔          2.81-3.11    0.0             2008-07-31  0.14 -
ViRobot       20080730       2008.07.30       2008-07-30  0.41 -
Ikarus       T3.1.01.34    2008.07.31.71194  2008-07-31  3.04 -
江民杀毒    11.0.706       2008.07.30       2008-07-30  1.13 -
卡巴斯基    5.5.10       2008.07.31       2008-07-31  0.02 -
金山毒霸    2008.1.14.15 2008.7.31.15    2008-07-31  0.54 -
迈克菲       5.2.00       5350             2008-07-30  2.25 -
Microsoft    1.3806       2008.07.31       2008-07-31  3.99 -
mks_vir       2.01          2008.07.31       2008-07-31  2.47 -
Norman       5.93.01       5.93.00          2008-07-30  4.66 HTML/Exploit!IFrame.G
熊猫卫士    9.05.01       2008.07.30       2008-07-30  2.27 -
趋势科技    8.700-1004    5.448.01       2008-07-30  0.02 -
Quick Heal    9.50          2008.07.30       2008-07-30  1.59 -
瑞星          20.0          20.55.31.00    2008-07-31  0.23 -
Sophos       2.75.4       4.31             2008-07-31  1.92 -
Sunbelt       3.1.1537.1    2169             2008-07-28  0.39 -
赛门铁克    1.3.0.24       20080730.003    2008-07-30  0.20 -
nProtect    2008-07-30.00 1720883          2008-07-30  3.25 -
The Hacker    6.2.96       v00389          2008-07-24  0.38 -
VBA32       3.12.8.1       20080729.0746    2008-07-29  1.12 -
VirusBuster 4.5.11.10    4.5.11/          0010-00-00  0.78 -

文件 bbb.rar 接收于 2008.07.31 10:15:47 (CET)
反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.7.29.1 2008.07.31 -
AntiVir 7.8.1.12 2008.07.31 HTML/Infected.WebPage.Gen
Authentium 5.1.0.4 2008.07.30 HTML/Iframe.A!Camelot
Avast 4.8.1195.0 2008.07.30 -
AVG 8.0.0.156 2008.07.30 -
BitDefender 7.2 2008.07.31 -
CAT-QuickHeal 9.50 2008.07.30 -
ClamAV 0.93.1 2008.07.31 Exploit.Iframe-1
DrWeb 4.44.0.09170 2008.07.31 -
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5997 2008.07.31 -
Ewido 4.0 2008.07.30 -
F-Prot 4.4.4.56 2008.07.30 -
F-Secure 7.60.13501.0 2008.07.31 HTML/Exploit!IFrame.G
Fortinet 3.14.0.0 2008.07.31 -
GData 2.0.7306.1023 2008.07.31 -
Ikarus T3.1.1.34.0 2008.07.31 -
Kaspersky 7.0.0.125 2008.07.31 -
McAfee 5350 2008.07.30 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3312 2008.07.31 -
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.30 -
PCTools 4.4.2.0 2008.07.30 -
Prevx1 V2 2008.07.31 -
Rising 20.55.31.00 2008.07.31 -
Sophos 4.31.0 2008.07.31 -
Sunbelt 3.1.1537.1 2008.07.29 -
Symantec 10 2008.07.31 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.31 -
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.30.1317 2008.07.30 -
VirusBuster 4.5.11.0 2008.07.30 -
Webwasher-Gateway 6.6.2 2008.07.31 Script.Infected.WebPage.Gen
附加信息
File size: 770 bytes
MD5...: 84f47502c15fd8e9312700aefa850d42
SHA1..: 98752186de4fdb81b7710abd1a1f3f91fb8b9706
SHA256: 1742c4f4af495801da442bc427fbcf90f74bc35c4eb82a9da41966228bcd3cd5
SHA512: 8fb9266a13d30ea40d4687cd273332b95683248d29a8ad64cbc0609afa7d0a93
e230d3228f30709553badcda549d13fc9d3e326b5a84bdb72cb0560b34828eab
PEiD..: -
PEInfo: -

VirSCAN.org Scanned Report :
Scanned time : 2008/07/31 16:15:47 (CST)
Scanner results: 8%的杀软(3/36)报告发现病毒
File Name    : bbb.rar
File Size    : 770 byte
File Type    : RAR archive data, v1d, os
MD5          : 84f47502c15fd8e9312700aefa850d42
SHA1          : 98752186de4fdb81b7710abd1a1f3f91fb8b9706
Online report  : ht　tp://virscan.org/report/b765ec397570a5720ab5f97c69fafe8e.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    3.5.0.22       2008.07.30       2008-07-30  4.02 -
安博士V3    2008.07.31.01 2008.07.31       2008-07-31  1.94 -
AntiVir       7.8.1.12       7.0.5.195       2008-07-31  2.14 HTML/Infected.WebPage.Gen
Arcavir       1.0.5          200807301701    2008-07-30  1.15 -
AVAST!       3.0.1          080730-0       2008-07-30  0.00 -
AVG          7.5.51.442    270.5.8/1582    2008-07-30  1.52 -
BitDefender 7.60825.1410538 7.20274          2008-07-31  2.62 -
CA (VET)    9.0.0.143    31.6.5997       2008-07-31  0.77 -
ClamAV       0.93.3       7897             2008-07-31  0.00 Exploit.Iframe-1
Comodo       2.11          2.0.0.602       2008-07-31  0.44 -
CP Secure    1.1.0.715    2008.07.31       2008-07-31  5.59 -
Dr.Web       4.44.0.9170    2008.07.31       2008-07-31  3.01 -
ewido       4.0.0.2       2008.07.30       2008-07-30  2.48 -
F-Prot       4.4.4.56       20080730       2008-07-30  0.97 -
F-Secure    5.51.6100    2008.07.31.03    2008-07-31  0.03 -
飞塔          2.81-3.11    0.0             2008-07-31  0.14 -
ViRobot       20080730       2008.07.30       2008-07-30  0.40 -
Ikarus       T3.1.01.34    2008.07.31.71194  2008-07-31  3.07 -
江民杀毒    11.0.706       2008.07.30       2008-07-30  1.13 -
卡巴斯基    5.5.10       2008.07.31       2008-07-31  0.02 -
金山毒霸    2008.1.14.15 2008.7.31.15    2008-07-31  0.54 -
迈克菲       5.2.00       5350             2008-07-30  2.28 -
Microsoft    1.3806       2008.07.31       2008-07-31  4.06 -
mks_vir       2.01          2008.07.31       2008-07-31  2.42 -
Norman       5.93.01       5.93.00          2008-07-30  4.66 HTML/Exploit!IFrame.G
熊猫卫士    9.05.01       2008.07.30       2008-07-30  2.06 -
趋势科技    8.700-1004    5.448.01       2008-07-30  0.02 -
Quick Heal    9.50          2008.07.30       2008-07-30  1.60 -
瑞星          20.0          20.55.31.00    2008-07-31  0.23 -
Sophos       2.75.4       4.31             2008-07-31  1.93 -
Sunbelt       3.1.1537.1    2169             2008-07-28  0.38 -
赛门铁克    1.3.0.24       20080730.003    2008-07-30  0.16 -
nProtect    2008-07-30.00 1720883          2008-07-30  3.21 -
The Hacker    6.2.96       v00389          2008-07-24  0.37 -
VBA32       3.12.8.1       20080729.0746    2008-07-29  1.12 -
VirusBuster 4.5.11.10    4.5.11/          0010-00-00  0.78 -

显示全部楼层 · 发表于 2008-7-31 17:00:17

--> aaa.rar
      [1] Archive type: RAR
      --> 1[1].htm
      [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
   --> bbb.rar
      [1] Archive type: RAR
      --> 1CACXW6C0.htm
      [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

显示全部楼层 · 发表于 2008-7-31 17:03:49

http://www.xdownl.cn/mm.exe

http://www.7o7o7o.cn/www/UUS.cab

打包

[ 本帖最后由 granthill 于 2008-7-31 17:17 编辑 ]

显示全部楼层 · 发表于 2008-7-31 17:06:08

Found nothing.

显示全部楼层 · 发表于 2008-7-31 17:17:49

2008-7-31 17:17:49 Kernel File 'G:\v\UUSeeMediaCenter.exe' was sent to ESET for analysis.

显示全部楼层 · 发表于 2008-7-31 17:19:07

mm.exe -->
[DETECTION] Is the TR/Dldr.Small.zff Trojan
UUSeeMediaCenter.exe-->
[DETECTION] Is the TR/Dldr.Small.zff Trojan

显示全部楼层 · 发表于 2008-7-31 17:27:09

两个都报Win32:Trojan-gen {Other}

显示全部楼层 · 发表于 2008-7-31 17:34:32

上报卡巴官方了

显示全部楼层 · 发表于 2008-7-31 17:48:05

对象: mm.exe
在压缩档案里: E:\virus\vir\样本.rar
Status: 已发现病毒
病毒: Trojan.Downloader.JKIZ (BD 引擎)
对象: UUS.cab UUSeeMediaCenter.exe
在压缩档案里: E:\virus\vir\样本.rar
Status: 已发现病毒
病毒: Trojan.Downloader.JKIZ (BD 引擎)

显示全部楼层 · 发表于 2008-7-31 21:53:16

小a报毒，kis2009不报

[病毒样本] 来二只小网马

ESET Smart Security

浏览过的版块