收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 沙盘收来的样本一堆
12下一页
返回列表 发新帖
查看: 3822|回复: 10
收起左侧

[病毒样本] 沙盘收来的样本一堆

[复制链接]
小飞侠.net
发表于 2008-9-14 18:33:15 | 显示全部楼层 |阅读模式
沙盘收来的样本一堆

在线沙盘网站没运行结果,只好用Sandboxie收样本了。。。

费尔查杀结果:

C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\user\current\Local Settings\Temp\1344.exe        Adware.Cinmus.pny.pghr.arc        广告程序        还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\user\current\Local Settings\Temp\e11.exe        Adware.BHO.csq.xuqh.arc        广告程序        还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\user\current\Local Settings\Temp\msn099.exe        Adware.BHO.bzd.xrmc.arc        广告程序        还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\user\current\Local Settings\Temp\msn139.exe        Adware.Cinmus.Gen.hzoq.arc        广告程序        还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\user\current\Local Settings\Temp\TBSetup(-33554372).exe        Trojan.Agent.abpb.iucg.arc        木马        还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\drive\C\WINDOWS\system32\config\samg.log        TrojanSpy.Gen.rtdc.dll        木马        还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\drive\C\WINDOWS\system32\config\msce111.exe        Adware.BHO.csq.sriu        广告程序        还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\drive\C\WINDOWS\system32\CTFMON.EXE        TrojanDownloader.Fbgadh.prpo        木马        还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\drive\C\WINDOWS\system32\inf\msce111.exe        Adware.BHO.csq.sriu        广告程序        还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\drive\C\WINDOWS\sebs\pbhealth.dll        Adware.Cinmus.Gen.jkjz.dll        广告程序        还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\DefaultBox.part01.rar>>DefaultBox\drive\C\Program Files\zzToolBar\Toolbar_bho.dll        Trojan.Agent.abpb.mqll.dll        木马        还未处理

[ 本帖最后由 小飞侠.net 于 2008-9-14 18:39 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

qigang
发表于 2008-9-14 18:40:14 | 显示全部楼层

188/12

瑞星病毒查杀结果报告

清除病毒种类列表:

病毒: Win32.Agent.cd           
病毒: Trojan.DL.Win32.Mnless.bcl
病毒: RootKit.Win32.Hooker.a   
病毒: AdWare.Win32.Undef.dic   

MAC 地址:00:11:5B:F3:6D:69

用户来源:互联网

软件版本:20.61.60
回复

举报

sbbdms
发表于 2008-9-14 19:57:40 | 显示全部楼层
已经把可疑的TO KL
回复

举报

wangjay1980
发表于 2008-9-14 19:57:51 | 显示全部楼层
TO KL

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

hj5abc
发表于 2008-9-14 22:18:35 | 显示全部楼层
原封不懂吧沙盘目录发上来 便可知实机运行时报了那些 漏了那些.

antivir.

Begin scan in 'G:\DefaultBox'
G:\DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\shangyuren_com_cn[1].htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\yingtenet_com_cn[1].htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XQZT8DYT\pertamina_net_cn[1].htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YEU36USB\wotama_cn[1].htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\Program Files\zzToolBar\ToolBand.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/ZzToolbar.B
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\Program Files\zzToolBar\Toolbar_bho.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/ZzToolbar.C
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\WINDOWS\quyeh.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Weboc
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\WINDOWS\sebs\pbhealth.dll
      [DETECTION] Is the Trojan horse TR/Cinmus.167936.6
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\WINDOWS\system32\CTFMON.EXE
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\WINDOWS\system32\config\msce111.exe
  [0] Archive type: RSRC
  --> Object
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\WINDOWS\system32\config\samg.log
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\WINDOWS\system32\drivers\foaqk.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\drive\C\WINDOWS\system32\inf\msce111.exe
  [0] Archive type: RSRC
  --> Object
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\user\current\Local Settings\Temp\1344.exe
      [DETECTION] Contains detection pattern of the dropper DR/Agent.abpc
      [WARNING]   The file was ignored!
G:\DefaultBox\user\current\Local Settings\Temp\6001.exe
      [DETECTION] Contains detection pattern of the dropper DR/Webdoc
      [WARNING]   The file was ignored!
G:\DefaultBox\user\current\Local Settings\Temp\adv670.exe
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\user\current\Local Settings\Temp\e11.exe
      [DETECTION] Contains detection pattern of the dropper DR/Agent.abpd
      [WARNING]   The file was ignored!
G:\DefaultBox\user\current\Local Settings\Temp\load.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\user\current\Local Settings\Temp\msn099.exe
      [DETECTION] Contains detection pattern of the dropper DR/Cinmus.ofh
      [WARNING]   The file was ignored!
G:\DefaultBox\user\current\Local Settings\Temp\msn139.exe
      [DETECTION] Contains detection pattern of the dropper DR/Cinmus.rrn
      [WARNING]   The file was ignored!
G:\DefaultBox\user\current\Local Settings\Temp\Oct2008.exe
      [DETECTION] Is the Trojan horse TR/Dldr.A.jkp.49152
      [WARNING]   The file was ignored!
G:\DefaultBox\user\current\Local Settings\Temp\oy8.exe
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [WARNING]   The file was ignored!
G:\DefaultBox\user\current\Local Settings\Temp\TBSetup(-33554372).exe
      [DETECTION] Contains detection pattern of the dropper DR/Agent.abpb.8
      [WARNING]   The file was ignored!

[ 本帖最后由 hj5abc 于 2008-9-14 22:20 编辑 ]
回复

举报

28654621
头像被屏蔽
发表于 2008-9-14 22:34:13 | 显示全部楼层
Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL:         http://bbs.kafan.cn/attachment.p ... a9&t=1221402826
Information:         Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus


Generated by AntiVir WebGuard 8.0.15.0, AVE 8.1.1.28, VDF 7.0.6.154
回复

举报

Palkia
发表于 2008-9-14 23:22:36 | 显示全部楼层
上报可疑
回复

举报

sam.to
发表于 2008-9-15 01:16:45 | 显示全部楼层
3楼,4楼,卡巴有回嗎?
回复

举报

a751520242
发表于 2008-9-15 11:16:08 | 显示全部楼层
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\user\current\Local Settings\Temp\Oct2008.txt - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Cookies\system@alimama[1].txt - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Cookies\system@google[2].txt - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Cookies\system@mmstat[2].txt - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Cookies\system@tom[1].txt - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Cookies\system@z.alimama[1].txt - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XQZT8DYT\alimama[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YEU36USB\alimama[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XQZT8DYT\alimama[2].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YEU36USB\alimama[2].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\alimamal[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XQZT8DYT\alimamal[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\alimamal[2].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\alimamal[3].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TXKJY9GH\ap[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XQZT8DYT\ap[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YEU36USB\ap[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YEU36USB\ap[2].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TXKJY9GH\gt[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\ifap[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TXKJY9GH\ifap[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YEU36USB\ifap[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TXKJY9GH\ifap[2].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TXKJY9GH\ifcl[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XQZT8DYT\pertamina_net_cn[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YEU36USB\search[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\search[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\search[2].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\search[3].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\shangyuren_com_cn[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XQZT8DYT\update[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YEU36USB\wotama_cn[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P628PBQN\yingtenet_com_cn[1].htm - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\RegHive.LOG - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\WINDOWS\system32\config\samg.log - 可能是 Win32/TrojanDownloader.QQHelper.ANP 特洛伊木马 的变种
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\WINDOWS\system32\WBEM\Logs\wbemprox.log - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\WINDOWS\TEMP\adorder.ini - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\WINDOWS\memtk.ini - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\WINDOWS\mssrcid.ini - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\WINDOWS\system32\rwcim.ini - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\drive\C\WINDOWS\TEMP\syfmr.ini - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\user\current\Local Settings\Temp\1344.exe > NSIS > Entries.bin - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\user\current\Local Settings\Temp\1344.exe > NSIS > Strings.txt - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\user\current\Local Settings\Temp\1344.exe > NSIS > msn099.exe > NSIS > Entries.bin - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\user\current\Local Settings\Temp\1344.exe > NSIS > msn099.exe > NSIS > Strings.txt - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\user\current\Local Settings\Temp\1344.exe > NSIS > msn099.exe > NSIS > System.dll - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\user\current\Local Settings\Temp\1344.exe > NSIS > msn099.exe > NSIS > 3.exe > NSIS > Entries.bin - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\user\current\Local Settings\Temp\1344.exe > NSIS > msn099.exe > NSIS > 3.exe > NSIS > Strings.txt - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\user\current\Local Settings\Temp\1344.exe > NSIS > msn099.exe > NSIS > 3.exe > NSIS > System.dll - 正常
C:\Documents and Settings\Administrator\桌面\DefaultBox[1].part01.rar > RAR > DefaultBox\user\current\Local Settings\Temp\1344.exe > NSIS > msn099.exe > NSIS > 3.exe > NSIS > 龏
回复

举报

小飞侠.net
 楼主| 发表于 2008-9-15 13:17:36 | 显示全部楼层
找不到下一个压缩文件的卷标


是什么杀毒软件不支持扫完?
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-2 09:22 , Processed in 0.145347 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表