最新木马~今天抓的~！

修罗珈

症状 ，只要打开IE浏览就会出现 应用程序出错的预警，然后自动关闭IE ,IE就不能使用。

File WSOCK32.rar received on 08.21.2008 13:45:21 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 4/36 (11.12%)

Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___
.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.

Compact
Print results

Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position:
) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.  

Email:

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.8.21.0	2008.08.21	-
AntiVir	7.8.1.23	2008.08.21	-
Authentium	5.1.0.4	2008.08.21	-
Avast	4.8.1195.0	2008.08.20	-
AVG	8.0.0.161	2008.08.21	PSW.Generic6.XZW
BitDefender	7.2	2008.08.21	-
CAT-QuickHeal	9.50	2008.08.20	-
ClamAV	0.93.1	2008.08.21	-
DrWeb	4.44.0.09170	2008.08.21	-
eSafe	7.0.17.0	2008.08.21	-
eTrust-Vet	31.6.6039	2008.08.21	-
Ewido	4.0	2008.08.21	-
F-Prot	4.4.4.56	2008.08.20	-
F-Secure	7.60.13501.0	2008.08.21	-
Fortinet	3.14.0.0	2008.08.21	-
GData	2.0.7306.1023	2008.08.20	-
Ikarus	T3.1.1.34.0	2008.08.21	-
K7AntiVirus	7.10.422	2008.08.20	-
Kaspersky	7.0.0.125	2008.08.21	-
McAfee	5366	2008.08.21	PWS-QQPass.dll
Microsoft	1.3807	2008.08.21	-
NOD32v2	3374	2008.08.21	-
Norman	5.80.02	2008.08.20	-
Panda	9.0.0.4	2008.08.21	Suspicious file
PCTools	4.4.2.0	2008.08.20	-
Prevx1	V2	2008.08.21	-
Rising	20.58.32.00	2008.08.21	-
Sophos	4.32.0	2008.08.21	-
Sunbelt	3.1.1564.1	2008.08.21	-
Symantec	10	2008.08.21	-
TheHacker	6.3.0.6.056	2008.08.21	-
TrendMicro	8.700.0.1004	2008.08.21	-
VBA32	3.12.8.3	2008.08.20	suspected of Win32 Shadow Socket Open
ViRobot	2008.8.21.1344	2008.08.21	-
VirusBuster	4.5.11.0	2008.08.20	-
Webwasher-Gateway	6.6.2	2008.08.21	-

Additional information

File size: 102533 bytes

MD5...: d495ae435e36b847533529a23f54e392

SHA1..: f1bdc90518e941ea07a3cd6993ee5b52e5a5518a

SHA256: af1ee0b0828f7abe65d9115e98d636db3998f69959a1599b288de784526ad6cc

SHA512: 359bfa8cf4d5d693375817c7a31a10f7172b96298c05639564ee99c687e685af 0c3053f90e69cd450759819b3f7a454a5bbc905c35690c6a7bbb299cecc3322a

PEiD..: -

PEInfo: -

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

BING126

McAfee   PWS-QQPass.dll  

Kitman

The file 'WSOCK32.DLL' has been determined to be 'UNDER ANALYSIS'.

郭襄

这个东西有什么用？又不会自动运行，一个DLL，有什么问题？

尤金卡巴斯基

MISS,上报

qigang

wsock32 - wsock32.dll - DLL文件信息

DLL 文件： wsock32 或者 wsock32.dll
DLL 名称： WinSock API Library
  
描述：
wsock32.dll是Windows Sockets应用程序接口，用于支持很多Internet和网络应用程序。


属于： Windows Sockets
系统 DLL文件： 是

常见错误： File Not Found, Missing File, Exception Errors

安全等级 (0-5): 0
间谍软件： 否
广告软件： 否

Kitman

The file 'WSOCK32.DLL' has been determined to be 'MALWARE'. Our analysts named the threat TR/PSW.QQpass.czc. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

allinwonderi

to lab