今天的搜集到样本打包

tiancai2nd

朋友本本种毒了，清毒顺便留了样本。
我用江民试了一下，基本都没入库。能用KV09的启发查出两三个，大部分不识别为病毒。
有两个较小文件因名称与创建和病毒接近，所以也放了进来，可能是配置文件。识不识别无所谓。
我存在mofile了，想要去下吧，32个文件，2.2M

匿名提取文件连接 http://pickup.mofile.com/6903124121328093

或登录Mofile，使用提取码 6903124121328093 提取文件

解压密码virus

[ 本帖最后由 tiancai2nd 于 2008-8-26 00:05 编辑 ]

醉一生爱妍

病毒        2008-08-25  23:56:04        C:\Documents and Settings\Administrator\桌面\virus\virus\xsbvgzd.exe        Win32.Troj.Unknown.98304        清除成功       
病毒        2008-08-25  23:56:04        C:\Documents and Settings\Administrator\桌面\virus\virus\xsbvgzd.dll        Win32.Troj.Unknown.41104        清除成功       
病毒        2008-08-25  23:56:03        C:\Documents and Settings\Administrator\桌面\virus\virus\WinNt64.Sys        Win32.Troj.QQPass.a.48244        清除成功       
病毒        2008-08-25  23:56:03        C:\Documents and Settings\Administrator\桌面\virus\virus\sgcxcxxaspf080824.exe        Win32.Troj.PopHot.t.540672        清除成功       
病毒        2008-08-25  23:56:03        C:\Documents and Settings\Administrator\桌面\virus\virus\Msxjhxuc.exe        Win32.Hack.Agent.56832        清除成功       
病毒        2008-08-25  23:56:03        C:\Documents and Settings\Administrator\桌面\virus\virus\lweurqhx.dll        Win32.Troj.EncodeGameT.am.1035692        清除成功       
病毒        2008-08-25  23:56:03        C:\Documents and Settings\Administrator\桌面\virus\virus\llzjy080822.exe        Win32.Troj.Pophot.176128        清除成功       
病毒        2008-08-25  23:56:02        C:\Documents and Settings\Administrator\桌面\virus\virus\dljj32a.dll        Win32.TrojDownloader.MyDown.al.44544        清除成功       
病毒        2008-08-25  23:56:02        C:\Documents and Settings\Administrator\桌面\virus\virus\dcbdcatys32_080824a.dll        Win32.Troj.PopHot.t.240640        清除成功       
病毒        2008-08-25  23:56:02        C:\Documents and Settings\Administrator\桌面\virus\virus\cupops.dll        Win32.PSWTroj.GameOL.28672        清除成功       
病毒        2008-08-25  23:56:01        C:\Documents and Settings\Administrator\桌面\virus\virus\auto.exe        Win32.Troj.Pophot.176128        清除成功       
病毒        2008-08-25  23:56:00        C:\Documents and Settings\Administrator\桌面\virus\virus\alga.exe        Worm.AgoBot.c.23552        清除成功       
病毒        2008-08-25  23:55:58        C:\Documents and Settings\Administrator\桌面\virus\virus\3.exe        Worm.AgoBot.c.23552        清除成功

醉一生爱妍

UGuard 完成了在 C:\Documents and Settings\Administrator\桌面\virus 上的扫描。
================
'Basic.Virus' 在 '2.exe' 中被检测到。
'SL.Trojan.Win32.OnlineGame-Tif.des.3106' 在 '3.exe' 中被检测到。
'Generic.nFile' 在 'alga.exe' 中被检测到。
'Generic.nFile' 在 'auto.exe' 中被检测到。
'Generic.nFile' 在 'ax1.exe' 中被检测到。
'Clicker.Hitpop' 在 'dcbdcatys32_080824a.dll' 中被检测到。
'SL.Trojan.8346' 在 'llzjy080822.exe' 中被检测到。
'Generic.nFile' 在 'Msjiyucx.exe' 中被检测到。
'Generic.nFile' 在 'Msxjhxuc.exe' 中被检测到。
'SL.Trojan.8346' 在 'sgcxcxxaspf080824.exe' 中被检测到。
'Generic.nFile' 在 'SiNiu.exe' 中被检测到。
'SL.TR.ogdll.g' 在 'svchoct.exe' 中被检测到。
'SL.Trojan.26902' 在 'VideoCard.exe' 中被检测到。
'SL.Trojan.SL.Trojan.Win32.OnlineGame.ioc.14344.26987' 在 'wftadfi16_080824a.dll' 中被检测到。
'Generic.nFile' 在 'WinNt64.Sys' 中被检测到。
'Binder.HyperDetect' 在 'xsbvgzd.dll' 中被检测到。
'SL.Trojan.21202' 在 'xsbvgzd.exe' 中被检测到。
'SL.Trojan.8346' 在 'zyndle080825.exe' 中被检测到。
================
扫描文件数： 32
本次扫描发现了 18 个已知威胁，请及时处理。
实际文件数： 32
扫描时间： 0-00-00 00:00:07:0766
威胁比率： 56.25%

浪滔天

卡巴 8.0.0.454 高启发 16 个  其中启发 8 个

2008-08-26 00:28:43 扫描 已移动到隔离区: Heur.AntiAV F:\病毒样本\virus\virus\zyndle080825.exe  
2008-08-26 00:28:42 扫描 已移动到隔离区: Heur.Trojan.Generic F:\病毒样本\virus\virus\xsbvgzd.exe  
2008-08-26 00:28:42 扫描 已移动到隔离区: Heur.Trojan.Generic F:\病毒样本\virus\virus\VideoCard.exe  
2008-08-26 00:28:28 扫描 已移动到隔离区: Heur.Trojan.Generic F:\病毒样本\virus\virus\alga.exe  
2008-08-26 00:28:28 扫描 已移动到隔离区: Heur.Trojan.Generic F:\病毒样本\virus\virus\3.exe  
2008-08-26 00:28:28 扫描 已移动到隔离区: Heur.Trojan.Generic F:\病毒样本\virus\virus\2.exe  
2008-08-26 00:28:42 扫描 已被删除: Heur.Trojan.Generic F:\病毒样本\virus\virus\xsbvgzd.dll  
2008-08-26 00:28:42 扫描 已被删除: Trojan-PSW.Win32.QQPass.djl F:\病毒样本\virus\virus\WinNt64.Sys  
2008-08-26 00:28:42 扫描 已被删除: Trojan-Spy.Win32.Pophot.ccj F:\病毒样本\virus\virus\wftadfi16_080824a.dll  
2008-08-26 00:28:41 扫描 已被删除: Heur.Trojan.Generic F:\病毒样本\virus\virus\SiNiu.exe  
2008-08-26 00:28:32 扫描 已被删除: Trojan-Spy.Win32.Pophot.cci F:\病毒样本\virus\virus\sgcxcxxaspf080824.exe  
2008-08-26 00:28:32 扫描 已被删除: Trojan-GameThief.Win32.OnLineGames.sxsu F:\病毒样本\virus\virus\lweurqhx.dll  
2008-08-26 00:28:32 扫描 已被删除: Trojan-Spy.Win32.Pophot.cbn F:\病毒样本\virus\virus\llzjy080822.exe  
2008-08-26 00:28:32 扫描 已被删除: Trojan-Spy.Win32.Pophot.cck F:\病毒样本\virus\virus\dcbdcatys32_080824a.dll  
2008-08-26 00:28:32 扫描 已被删除: Backdoor.Win32.Ceckno.csf F:\病毒样本\virus\virus\ax1.exe  
2008-08-26 00:28:31 扫描 已被删除: Trojan-Spy.Win32.Pophot.cbn F:\病毒样本\virus\virus\auto.exe

[ 本帖最后由 浪滔天 于 2008-8-26 00:32 编辑 ]

nod_wang

谢谢分享~嘿嘿。。。收集中华第一病毒库中~

sbbdms

卡巴杀10启发1漏21
TO KL

cnufo

Start of the scan: 2008年8月26日  08:38

Starting the file scan:

Begin scan in 'F:\virus'
F:\virus\2.exe
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\3.exe
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\alga.exe
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\auto.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\ax1.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\ccouit3fz.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\cupops.dll
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\dcbdcatys32_080824a.dll
    [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\dljj32a.dll
    [DETECTION] Is the TR/ATRAPS.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\llzjy080822.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\sgcxcxxaspf080824.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
    [NOTE]      The file was deleted!
F:\virus\SiNiu.exe
    [DETECTION] Is the TR/Hijacker.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\wftadfi16_080824a.dll
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\WinNt64.Sys
    [DETECTION] Is the TR/ATRAPS.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\xsbvgzd.dll
    [0] Archive type: RSRC
    --> Object
      [DETECTION] Is the TR/PSW.OnlineGames.ZFJ.3 Trojan
    --> Object
      [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\xsbvgzd.exe
    [DETECTION] Is the TR/Crypt.FSPM.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\zyndld32080825.dll
    [DETECTION] Is the TR/ATRAPS.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\zyndld32080825jt.dll
    [DETECTION] Is the TR/ATRAPS.Gen Trojan
    [NOTE]      The file was deleted!
F:\virus\zyndle080825.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was deleted!


End of the scan: 2008年8月26日  08:38
Used time: 00:13 Minute(s)

The scan has been done completely.

      1 Scanning directories
     32 Files were scanned
     20 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     19 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     12 Files not concerned
      0 Archives were scanned
      0 Warnings
     19 Notes
其余上报红伞

zhaohk

谢谢楼主提供，下来研究研究。

zqmm100

费尔
        2008-8-26 10:16:59        Trojan.Cap882520.dyrz        木马        user        D:\TDDownload\Software\virus\virus\zyndle080825.exe        Manual scan
        2008-8-26 10:16:59        Trojan.Kilva.cm.bozf        木马        user        D:\TDDownload\Software\virus\virus\xsbvgzd.exe        Manual scan
        2008-8-26 10:16:59        TrojanPSW.GameDLL.Gen.ybwv.dll        木马        user        D:\TDDownload\Software\virus\virus\xsbvgzd.dll        Manual scan
        2008-8-26 10:16:59        TrojanPSW.QQPass.djl.yorw.dll        木马        user        D:\TDDownload\Software\virus\virus\WinNt64.Sys        Manual scan
        2008-8-26 10:16:59        Heuri.Suspicious.ERNM        启发式扫描        user        D:\TDDownload\Software\virus\virus\VideoCard.exe        Manual scan
        2008-8-26 10:16:59        RootKit.RESSDT.cl.xxrm        木马        user        D:\TDDownload\Software\virus\virus\SiNiu.exe>>emb-1.exe        Manual scan
        2008-8-26 10:16:59        Heuri.Suspicious.ERNM        启发式扫描        user        D:\TDDownload\Software\virus\virus\sgcxcxxaspf080824.exe        Manual scan
        2008-8-26 10:16:58        TrojanPSW.Mapdimp.s.leaw.dll        木马        user        D:\TDDownload\Software\virus\virus\lweurqhx.dll        Manual scan
        2008-8-26 10:16:58        Trojan.Cap882218.effe        木马        user        D:\TDDownload\Software\virus\virus\llzjy080822.exe        Manual scan
        2008-8-26 10:16:58        Trojan.Fdmrsa.axqn.dll        木马        user        D:\TDDownload\Software\virus\virus\dljj32a.dll        Manual scan
        2008-8-26 10:16:58        Trojan.Undef.ktz.zuly        木马        user        D:\TDDownload\Software\virus\virus\ax1.exe        Manual scan
        2008-8-26 10:16:58        Trojan.Cap882218.effe        木马        user        D:\TDDownload\Software\virus\virus\auto.exe        Manual scan
        2008-8-26 10:16:58        Trojan.Cap882113.wtez.arc        木马        user        D:\TDDownload\Software\virus\virus\alga.exe        Manual scan
        2008-8-26 10:16:58        Trojan.Cap882113.wtez.arc        木马        user        D:\TDDownload\Software\virus\virus\3.exe        Manual scan
        2008-8-26 10:16:58        Heuri.Suspicious.ERNM        启发式扫描        user        D:\TDDownload\Software\virus\virus\2.exe        Manual scan

will

KV  Protable  

[ 本帖最后由 will 于 2008-8-26 10:29 编辑 ]