[病毒样本] x17

显示全部楼层 · 发表于 2008-8-27 16:20:46

UG [With KPS] = 13
UG [Without KPS] = 8
KIS7 = 12

[ 本帖最后由 promised 于 2008-8-27 18:42 编辑 ]

显示全部楼层 · 发表于 2008-8-27 16:26:33

to kl

[ 本帖最后由 promised 于 2008-8-27 18:42 编辑 ]

显示全部楼层 · 发表于 2008-8-27 16:27:28

发这么多表情

显示全部楼层 · 发表于 2008-8-27 16:28:14

Begin scan in 'E:\pic\_PICtemp\x17'
E:\pic\_PICtemp\x17\000002.exe
[0] Archive type: RSRC
--> Object
   [DETECTION] Is the TR/Click.BHO.BC Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\001.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\002.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\003.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\004.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\alt.exe.exe
   [DETECTION] Is the TR/Proxy.Gen Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\back.exe.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\dnlsvc.exe
[DETECTION] Is the TR/Dldr.Barrako Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\lphc1swj0e3a7.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\neos.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\sevlod.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
E:\pic\_PICtemp\x17\1.dll
[DETECTION] Is the TR/Click.BHO.BC Trojan
[WARNING] The file was ignored!

End of the scan: 2008年8月27日  16:31
Used time: 00:17 Minute(s)

The scan has been done completely.

   1 Scanning directories
   17 Files were scanned
   12 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   0 Archives were scanned
   12 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-8-27 16:28:57

Starting the file scan:

Begin scan in 'C:\Users\TOSHIBA\Desktop\x17'
C:\Users\TOSHIBA\Desktop\x17\000002.exe
[0] Archive type: RSRC
--> Object
   [DETECTION] Is the TR/Click.BHO.BC Trojan
[NOTE]    A backup was created as '48e51066.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\001.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE]    A backup was created as '48e61066.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\002.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE]    A backup was created as '48e71066.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\003.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE]    A backup was created as '48e81066.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\004.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE]    A backup was created as '48e91066.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\1.dll
[DETECTION] Is the TR/Click.BHO.BC Trojan
[NOTE]    A backup was created as '49191064.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\alt.exe.exe
   [DETECTION] Is the TR/Proxy.Gen Trojan
[NOTE]    A backup was created as '492910a2.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\back.exe.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    A backup was created as '49181097.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\dnlsvc.exe
[DETECTION] Is the TR/Dldr.Barrako Trojan
[NOTE]    A backup was created as '492110a4.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\lphc1swj0e3a7.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '491d10a7.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\neos.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    A backup was created as '4924109c.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Desktop\x17\sevlod.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    A backup was created as '492b109c.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2008年8月27日  16:28
Used time: 00:03 Minute(s)

The scan has been done completely.

   1 Scanning directories
   17 Files were scanned
   12 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   12 files were deleted
   0 files were repaired
   12 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   0 Archives were scanned
   0 Warnings
   12 Notes

显示全部楼层 · 发表于 2008-8-27 16:34:50

卡巴8.0.0.454 报木马程序！

显示全部楼层 · 发表于 2008-8-27 17:26:36

C:\test\x17[1]\000002.exe - Win32/TrojanClicker.BHO.BC 木马
C:\test\x17[1]\001.exe - Win32/TrojanDownloader.Tiny.NDQ 木马
C:\test\x17[1]\002.exe - Win32/TrojanDownloader.Tiny.NDQ 木马
C:\test\x17[1]\003.exe - Win32/TrojanDownloader.Tiny.NDQ 木马
C:\test\x17[1]\alt.exe.exe - 未查明的 NewHeur_PE 病毒 [7]
C:\test\x17[1]\back.exe.exe - Win32/Nuwar.DH 蠕虫的变种
C:\test\x17[1]\dnlsvc.exe - Win32/TrojanProxy.Agent.JL 木马
C:\test\x17[1]\lphc1swj0e3a7.exe - Win32/TrojanDownloader.FakeAlert.DR 木马
C:\test\x17[1]\neos.exe - Win32/Nuwar.DH 蠕虫的变种
C:\test\x17[1]\sevlod.exe - Win32/Nuwar.DH 蠕虫的变种
C:\test\x17[1]\1.dll - Win32/TrojanClicker.BHO.BC 木马
C:\test\x17[1]\.ttE0.tmp >>NSIS >>euladlg.dll - Win32/Adware.XPAntivirus 应用程序
C:\test\x17[1]\.ttE0.tmp >>NSIS >>database.dat >>ZIP >>compress.dat - 错误- 此文件是受密码保护的.
已扫描的文件数目：44
已发现的病毒数目：12

显示全部楼层 · 发表于 2008-8-27 20:14:24

McAfee 9个。。

显示全部楼层 · 发表于 2008-8-27 20:47:43

卡巴 8.0.0.454 12个

2008-08-27 20:46:42 扫描已被删除: Trojan.Win32.Agent.aawu F:\病毒样本\x17[1]\wowfx.dll
2008-08-27 20:46:42 扫描已被删除: Email-Worm.Win32.Zhelatin.agg F:\病毒样本\x17[1]\sevlod.exe
2008-08-27 20:46:42 扫描已被删除: Email-Worm.Win32.Zhelatin.agg F:\病毒样本\x17[1]\neos.exe
2008-08-27 20:46:42 扫描已被删除: Trojan-Proxy.Win32.Agent.jl F:\病毒样本\x17[1]\dnlsvc.exe
2008-08-27 20:46:42 扫描已被删除: Email-Worm.Win32.Zhelatin.agg F:\病毒样本\x17[1]\back.exe.exe
2008-08-27 20:46:35 扫描已被删除: Trojan.Win32.Agent.yqq F:\病毒样本\x17[1]\alt.exe.exe
2008-08-27 20:46:35 扫描已被删除: Trojan-Clicker.Win32.BHO.bc F:\病毒样本\x17[1]\1.dll
2008-08-27 20:46:35 扫描已被删除: Trojan-Downloader.Win32.Tiny.buw F:\病毒样本\x17[1]\004.exe
2008-08-27 20:46:35 扫描已被删除: Trojan-Downloader.Win32.Tiny.buu F:\病毒样本\x17[1]\003.exe
2008-08-27 20:46:35 扫描已被删除: Trojan-Downloader.Win32.Tiny.buv F:\病毒样本\x17[1]\002.exe
2008-08-27 20:46:35 扫描已被删除: Trojan-Downloader.Win32.Tiny.but F:\病毒样本\x17[1]\001.exe
2008-08-27 20:46:35 扫描已被删除: Trojan-Clicker.Win32.BHO.bc F:\病毒样本\x17[1]\000002.exe

显示全部楼层 · 发表于 2008-8-27 22:51:52

2008-8-27 22:52:16 Real-time file system protection file G:\v\x17\.ttE0.tmp Win32/Adware.XPAntivirus application deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:11 Real-time file system protection file G:\v\x17\wowfx.dll Win32/Agent.OCW trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:10 Real-time file system protection file G:\v\x17\altcmd32.dll Win32/Agent.OCW trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:10 Real-time file system protection file G:\v\x17\1.dll Win32/TrojanClicker.BHO.BC trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:09 Real-time file system protection file G:\v\x17\sevlod.exe Win32/Nuwar.DH worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:09 Real-time file system protection file G:\v\x17\npad.exe Win32/Agent.OCW trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:09 Real-time file system protection file G:\v\x17\neos.exe a variant of Win32/Nuwar.DH worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:08 Real-time file system protection file G:\v\x17\lphc1swj0e3a7.exe Win32/TrojanDownloader.FakeAlert.DR trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:08 Real-time file system protection file G:\v\x17\dnlsvc.exe Win32/TrojanProxy.Agent.JL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:08 Real-time file system protection file G:\v\x17\bloadd.exe Win32/Agent.OCW trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:07 Real-time file system protection file G:\v\x17\back.exe.exe a variant of Win32/Nuwar.DH worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:07 Real-time file system protection file G:\v\x17\alt.exe.exe Win32/Agent.YQQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:06 Real-time file system protection file G:\v\x17\004.exe a variant of Win32/TrojanDownloader.Tiny.BRU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:06 Real-time file system protection file G:\v\x17\003.exe Win32/TrojanDownloader.Tiny.NDQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:06 Real-time file system protection file G:\v\x17\002.exe Win32/TrojanDownloader.Tiny.NDQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:05 Real-time file system protection file G:\v\x17\001.exe Win32/TrojanDownloader.Tiny.NDQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-27 22:52:05 Real-time file system protection file G:\v\x17\000002.exe Win32/TrojanClicker.BHO.BC trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

[病毒样本] x17

kill all