[病毒样本] 12

显示全部楼层 · 发表于 2008-8-8 18:43:07

a16f373845afb9e31d42bfddd0d201aa  autorun.inf2
66eb92d77878dbc951676decdacea381  daemon.exe3
5936a9e9789274cdcea1e03ed3438c89  IsUn0804.exe2
515e4684008e955de0c81e6a7aea1c2a  IsUninst.exe2
e0251e0dd377b9f5dfa8eeac9a3f6004  konnt.dll2
e79ed8ff9168e204b174bea19ada1ac0  ms.exe2
df20877cd98782dd7f15fa926606ab79  MSDD.EXE2
3fc0313211ed448d119387919767f96c  ntuser.com2
438830d67e16433647b5ae34da2e4c5e  unin0804.exe2
75ce5524378fd0cd8fc3dd9cfd3b5d89  vbscript.dll3
4ff6a89f7a2bd95157bdfbf861a4f689  www.exe3
38ca55c7c695e14bc80cfa46c80d64b3  做好准备,不要激动哦!.EXE2

已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.zfu 檔案: C:\Documents and Settings\kato9096\桌面\jrflkrtrt\不明文件\daemon.exe3
已刪除: 病毒 Worm.Win32.AutoRun.lmd 檔案: C:\Documents and Settings\kato9096\桌面\jrflkrtrt\不明文件\MSDD.EXE2

卡巴只报2个,上报到卡巴,pcsl

显示全部楼层 · 发表于 2008-8-8 18:53:35

Begin scan in 'C:\Users\TOSHIBA\Downloads\不明文件'
C:\Users\TOSHIBA\Downloads\不明文件\MSDD.EXE2
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE]    A backup was created as '48e025aa.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\不明文件\www.exe3
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    A backup was created as '491325ce.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2008年8月8日  18:52
Used time: 00:02 Minute(s)

The scan has been done completely.

   1 Scanning directories
   12 Files were scanned
   2 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   2 files were deleted
   0 files were repaired
   2 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   10 Files not concerned
   0 Archives were scanned
   0 Warnings
   2 Notes

显示全部楼层 · 发表于 2008-8-8 18:53:38

daemon.exe3 Win32:Trojan-gen {Other}
暗??塣,ぃ璶縀塚瓳!.EXE2 Win32:Agent-RZV [Trj]
www.exe3 Win32:Delf-KXL [Trj]
MSDD.EXE2 Win32:Trojan-gen {Other}

显示全部楼层 · 发表于 2008-8-8 18:53:58

费尔小a都报了。

显示全部楼层 · 发表于 2008-8-8 18:54:12

Begin scan in 'C:\Documents and Settings\Nerazzurri\桌面\不明文件.rar'
C:\Documents and Settings\Nerazzurri\桌面\不明文件.rar
[0] Archive type: RAR
--> www.exe3
   [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> MSDD.EXE2
   [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-8-8 18:55:17

25107915    autorun.inf2    151 Byte    UNDER ANALYSIS
25107916    daemon.exe3    32 KB    UNDER ANALYSIS
25107917    IsUn0804.exe2    299.5 KB    UNDER ANALYSIS
25107918    konnt.dll2    30 KB    UNDER ANALYSIS
25107919    ms.exe2    36 KB    UNDER ANALYSIS
25107920    ntuser.com2    320 Byte    UNDER ANALYSIS
25107921    unin0804.exe2    299 KB    UNDER ANALYSIS
25107922    vbscript.dll3    169.5 KB    UNDER ANALYSIS
206323    ###n###,###n#E##@!.EXE2    895 KB    FALSE POSITIVE
429281    IsUninst.exe2    299.5 KB    KNOWN CLEAN

显示全部楼层 · 发表于 2008-8-8 19:07:05

2008/8/8 19:06:24 已清除病毒 Worm.Win32.AutoRun.lmd G:\Temp\Virus\不明文件.rar
2008/8/8 19:06:24 已清除病毒 Worm.Win32.AutoRun.lmd G:\Temp\Virus\不明文件.rar/MSDD.EXE2
2008/8/8 19:06:24 已隔离木马程序 Heur.AntiAV G:\Temp\Virus\不明文件.rar/www.exe3
2008/8/8 19:06:24 已隔离木马程序 Heur.AntiAV G:\Temp\Virus\不明文件.rar/www.exe3//VPacker
2008/8/8 19:06:24 已清除木马程序 Trojan-Downloader.Win32.Agent.zfu G:\Temp\Virus\不明文件.rar/daemon.exe3

显示全部楼层 · 发表于 2008-8-8 19:22:40

修改system.ini，创建rundll32.exe，因为不在虚拟机里测试，所以PS我就真接阻止了

显示全部楼层 · 发表于 2008-8-8 21:45:14

-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.4.4
Virus signature file from: 2008-8-8, 2:16

Scan name: [Custom Scan]
Path to scan: F:\VIRUS\不明文件.rar

Normal scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2008-8-8, 21:44:29
---------------------------------------------------------------------

[Found security risk] <W32/Agent.P.gen!Eldorado (not disinfectable, generic)> F:\VIRUS\不明文件.rar->daemon.exe3
[Clean] F:\VIRUS\不明文件.rar->ms.exe2
[Clean] F:\VIRUS\不明文件.rar->vbscript.dll3
[Clean] F:\VIRUS\不明文件.rar->ntuser.com2
[Found joke] <W32/Joke.OA (exact, not disinfectable)> F:\VIRUS\不明文件.rar->暗塣,ぃ璶縀塚瓳!.EXE2
[Clean] F:\VIRUS\不明文件.rar->konnt.dll2
[Clean] F:\VIRUS\不明文件.rar->www.exe3->(VPacker)
[Clean] F:\VIRUS\不明文件.rar->IsUn0804.exe2
[Clean] F:\VIRUS\不明文件.rar->IsUninst.exe2
[Clean] F:\VIRUS\不明文件.rar->unin0804.exe2
[Clean] F:\VIRUS\不明文件.rar->autorun.inf2
[Found security risk] <W32/OnlineGames.A.gen!GSA (not disinfectable, generic)> F:\VIRUS\不明文件.rar->MSDD.EXE2->(NSPack)->(PE_Patch)
[Contains infected objects] F:\VIRUS\不明文件.rar
[Quarantined] F:\VIRUS\不明文件.rar->MSDD.EXE2->(NSPack)->(PE_Patch)

---------------------------------------------------------------------
Scan ended: 2008-8-8, 21:44:34
Duration: 0:00:04

Scan result:

Scanned files:    1
Infected objects:    3
Disinfected objects:    0
Quarantined files:    1
----------------------------------------------------

显示全部楼层 · 发表于 2008-8-9 10:39:36

Start of the scan: 2008年8月9日  10:38

Starting the file scan:

Begin scan in 'H:\样本'
H:\样本\不明文件.rar
[0] Archive type: RAR
--> www.exe3
   [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> MSDD.EXE2
   [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE]    The file was deleted!

End of the scan: 2008年8月9日  10:38
Used time: 00:10 Minute(s)

The scan has been done completely.

   1 Scanning directories
   13 Files were scanned
   2 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   11 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes