之前发在janmeng，总是在变，或多或少！

qigang

janmeng地址：http://bbs.janmeng.com/viewthread.php?tid=798505&extra=page%3D1

下载地址：

http://www.zyzhuiku.cn/1.exe
http://www.zyzhuiku.cn/000/124/svchwstjj.exe
http://www.zyzhuiku.cn/000/124/sachwqqp.exe
http://www.zyzhuiku.cn/000/124/qq05.exe
http://www.zyzhuiku.cn/000/124/sychwqot.exe
http://www.zyzhuiku.cn/000/124/7003.exe
http://www.zyzhuiku.cn/000/124/33554373.exe
http://www.zyzhuiku.cn/000/124/33554353.exe
http://www.zyzhuiku.cn/000/124/shishi.exe
http://www.zyzhuiku.cn/000/124/msn080.exe

Kitman

可惜...沒劍盟帳戶...
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\下載\10'
C:\Documents and Settings\Administrator\My Documents\下載\10\1.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '49338195.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\My Documents\下載\10\7003.exe
    [DETECTION] Contains recognition pattern of the DR/Webdoc dropper
    [NOTE]      A backup was created as '48fe8197.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\My Documents\下載\10\sachwqqp.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '493181c8.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\My Documents\下載\10\shishi.exe
      --> Object
        [1] Archive type: RSRC
        --> Object
          [DETECTION] Is the TR/PSW.42564.5 Trojan
    [NOTE]      A backup was created as '493781cf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\My Documents\下載\10\sychwqot.exe
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      A backup was created as '493181e0.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2008年9月15日  23:38
Used time: 00:03 Minute(s)

The scan has been done completely.

      1 Scanning directories
     10 Files were scanned
      5 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      5 files were deleted
      0 files were repaired
      5 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      5 Files not concerned
      0 Archives were scanned
      0 Warnings
      5 Notes

浪滔天

卡8高启发 干掉7个

2008-09-16 00:44:46        扫描        已被删除: not-a-virus:AdWare.Win32.Cinmus.sqo        F:\病毒样本\10.rar/msn080.exe               
2008-09-16 00:44:49        扫描        已被删除: Trojan.Win32.VB.fej        F:\病毒样本\10.rar/svchwstjj.exe               
2008-09-16 00:44:49        扫描        已被删除: Trojan-GameThief.Win32.WOW.bye        F:\病毒样本\10.rar/shishi.exe               
2008-09-16 00:44:46        扫描        已被删除: Trojan-Dropper.Win32.Small.bxe        F:\病毒样本\10.rar/qq05.exe               
2008-09-16 00:44:43        扫描        已被删除: Trojan.Win32.Agent.abpb        F:\病毒样本\10.rar/33554353.exe               
2008-09-16 00:44:40        扫描        已被删除: Heur.AntiAV        F:\病毒样本\10.rar/1.exe               
2008-09-16 00:44:49        扫描        已被删除: Worm.Win32.AutoRun.nhh        F:\病毒样本\10.rar/sachwqqp.exe

v_ww

ess3.0
E:\Sandbox\wei\virus\user\current\桌面\10.rar > RAR > shishi.exe - Win32/PSW.WOW.NEC 特洛伊木马
E:\Sandbox\wei\virus\user\current\桌面\10.rar > RAR > 1.exe - 可能是 Win32/Genetik 特洛伊木马 的变种
E:\Sandbox\wei\virus\user\current\桌面\10.rar > RAR > 33554353.exe > NSIS > ToolBand.dll - Win32/Adware.Zhongsou 应用程序
E:\Sandbox\wei\virus\user\current\桌面\10.rar > RAR > 33554353.exe > NSIS > Toolbar_bho.dll - Win32/Adware.Zhongsou 应用程序
E:\Sandbox\wei\virus\user\current\桌面\10.rar > RAR > msn080.exe > NSIS > 2.exe > NSIS > 龏

Nerazzurri

2008/9/16        10:10:28        1221531028        Silhouette        3132        Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Users\Silhouette\Desktop\10.rar\shishi.exe" file.  
2008/9/16        10:10:35        1221531035        Silhouette        3132        Sign of "Win32:Agent-SIM [Trj]" has been found in "C:\Users\Silhouette\Desktop\10.rar\1.exe\[Upack]\[Embedded#DEDLL]" file.  
2008/9/16        10:10:35        1221531035        Silhouette        3132        Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Users\Silhouette\Desktop\10.rar\msn080.exe" file.  
2008/9/16        10:10:35        1221531035        Silhouette        3132        Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Users\Silhouette\Desktop\10.rar\7003.exe\$INSTDIR\mgrmain.dat" file.  
2008/9/16        10:10:35        1221531035        Silhouette        3132        Sign of "Win32:Small-KAZ [Trj]" has been found in "C:\Users\Silhouette\Desktop\10.rar\qq05.exe\[UPX]" file.  
2008/9/16        10:10:35        1221531035        Silhouette        3132        Sign of "Win32:AutoRun-ANG [Wrm]" has been found in "C:\Users\Silhouette\Desktop\10.rar\sachwqqp.exe\[Upack]\[Embedded#DEDLL]" file.  
2008/9/16        10:10:35        1221531035        Silhouette        3132        Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Users\Silhouette\Desktop\10.rar\sychwqot.exe" file.

kuqing_ren

will

Multi Command-Line Scanner Report
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\1.exe   
MD5 Hash: EFE596165E6529AB10B896A0B8B4948A   
Type: DOS Executable Generic / Extension: .EXE   

A-squared ----- Virus.Win32.Agent.SIM   
Avast ----- Win32:Agent-SIM [Trj]   
Antivir ----- TR/Dropper.Gen   
BitDefender ----- Generic.Malware.SP!dldg.B44842E1   
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
NOD32 ----- probably a variant of Win32/Genetik trojan   
F-prot ----- W32/Agent.L.gen!Eldorado    
Ikarus ----- Virus.Win32.Agent.SIM   
Jiangmin ----- TrojanDownloader.Agent.acqq   
Kaspersky ----- Heur.AntiAV   
Kingsoft ----- Win32.Troj.StringT.jw.192512   
Mcafee ----- New Malware.aj   
Microsoft ----- TrojanSpy:Win32/Hitpop.gen!C   
Norman ----- Trojan W32/Packed_Upack.A   
Panda ----- Suspicious file   
Sophos ----- Sus/Dropper-R   
Trend Micro ----- TROJ_PACKED.BY   
Vba32 ----- Nothing   
VirusBuster ----- Packed/Upack   

*** 17/20 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\33554353.exe   
MD5 Hash: 030A9B3B6B7A949271FB07BDAD511CEC   
Type: Win32 Executable MS Visual C / Extension: .EXE   

A-squared ----- Virus.Trojan.Win32.Agent.abpb   
Avast ----- Nothing   
Antivir ----- DR/Agent.abpb.9   
BitDefender ----- Nothing   
ClamWin ----- Trojan.Agent-46632   
Dr.Web ----- Nothing   
NOD32 ----- Win32/Adware.Zhongsou application   
F-prot ----- Nothing   
Ikarus ----- Virus.Trojan.Win32.Agent.abpb   
Jiangmin ----- Nothing   
Kaspersky ----- Trojan.Win32.Agent.abpb   
Kingsoft ----- Nothing   
Mcafee ----- Generic PUP.z.   
Microsoft ----- Nothing   
Norman ----- Nothing   
Panda ----- Nothing   
Sophos ----- Nothing   
Trend Micro ----- ADW_ZZTOOLBAR   
Vba32 ----- Nothing   
VirusBuster ----- Nothing   

*** 8/20 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\33554373.exe   
MD5 Hash: F65947C0693996F979DF4F17DA418294   
Type: Win32 Executable MS Visual C / Extension: .EXE   

A-squared ----- Virus.Trojan.Win32.Agent.abpb   
Avast ----- Nothing   
Antivir ----- Nothing   
BitDefender ----- Nothing   
ClamWin ----- Trojan.Agent-46632   
Dr.Web ----- Nothing   
NOD32 ----- Win32/Adware.Zhongsou application   
F-prot ----- Nothing   
Ikarus ----- Virus.Trojan.Win32.Agent.abpb   
Jiangmin ----- Nothing   
Kaspersky ----- Nothing   
Kingsoft ----- Nothing   
Mcafee ----- Generic PUP.x.   
Microsoft ----- Nothing   
Norman ----- Nothing   
Panda ----- Nothing   
Sophos ----- Nothing   
Trend Micro ----- Nothing   
Vba32 ----- Nothing   
VirusBuster ----- Nothing   

*** 5/20 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\7003.exe   
MD5 Hash: 753059CBE9C8F64864318B36C511ACDE   
Type: Win32 Executable MS Visual C / Extension: .EXE   

A-squared ----- Virus.Win32.AdWare   
Avast ----- Win32:Adware-gen [Adw]   
Antivir ----- DR/Webdoc   
BitDefender ----- Nothing   
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
NOD32 ----- Nothing   
F-prot ----- Nothing   
Ikarus ----- Virus.Win32.AdWare   
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Agent.ehm   
Kingsoft ----- Nothing   
Mcafee ----- Nothing   
Microsoft ----- Nothing   
Norman ----- Nothing   
Panda ----- Nothing   
Sophos ----- Nothing   
Trend Micro ----- Nothing   
Vba32 ----- Nothing   
VirusBuster ----- Nothing   

*** 5/20 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\msn080.exe   
MD5 Hash: 350A1FC746F7EE5C83F807533131ED8A   
Type: Win32 Executable MS Visual C / Extension: .EXE   

A-squared ----- Virus.Win32.AdWare   
Avast ----- Win32:Adware-gen [Adw]   
Antivir ----- DR/Cinmus.sqo   
BitDefender ----- DeepScan:Generic.Adw.Cinmus.2.5757C38A   
ClamWin ----- Trojan.Dropper-1805   
Dr.Web ----- Nothing   
NOD32 ----- probably a variant of Win32/Adware.Cinmus application   
F-prot ----- Nothing   
Ikarus ----- Virus.Win32.AdWare   
Jiangmin ----- AdWare/Cinmus.Gen   
Kaspersky ----- not-a-virus:AdWare.Win32.Cinmus.sqo   
Kingsoft ----- Nothing   
Mcafee ----- Adware-Cinmus.   
Microsoft ----- Trojan:Win32/Cinmeng   
Norman ----- Nothing   
Panda ----- Nothing   
Sophos ----- Nothing   
Trend Micro ----- Nothing   
Vba32 ----- Nothing   
VirusBuster ----- Nothing   

*** 11/20 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\qq05.exe   
MD5 Hash: 257F2D15E54827A660188A744E6F1E96   
Type: UPX compressed Win32 Executable / Extension: .EXE   

A-squared ----- Trojan.Click.Small.SN   
Avast ----- Win32:Small-KAZ [Trj]   
Antivir ----- TR/Drop.Small.bxe   
BitDefender ----- Nothing   
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
NOD32 ----- probably a variant of Win32/Genetik trojan   
F-prot ----- Nothing   
Ikarus ----- Trojan.Click.Small.SN   
Jiangmin ----- TrojanDropper.Small.chr   
Kaspersky ----- Trojan-Dropper.Win32.Small.bxe   
Kingsoft ----- Win32.Troj.Agent.qq.348160   
Mcafee ----- Generic Dropper   
Microsoft ----- Nothing   
Norman ----- Nothing   
Panda ----- Nothing   
Sophos ----- Nothing   
Trend Micro ----- Nothing   
Vba32 ----- Nothing   
VirusBuster ----- Nothing   

*** 9/20 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\sachwqqp.exe   
MD5 Hash: FF82F052AE7378E74A39E3C4A9DE2578   
Type: DOS Executable Generic / Extension: .EXE   

A-squared ----- Backdoor.Win32.Rbot.aeu   
Avast ----- Win32:AutoRun-ANG [Wrm]   
Antivir ----- TR/Dropper.Gen   
BitDefender ----- Generic.Malware.Sdldspg.7007DC99   
ClamWin ----- Nothing   
Dr.Web ----- Trojan.PWS.Gamania.origin   
NOD32 ----- a variant of Win32/AutoRun.YE worm   
F-prot ----- W32/Nilage.gen!GSA    
Ikarus ----- Backdoor.Win32.Rbot.aeu   
Jiangmin ----- Nothing   
Kaspersky ----- Worm.Win32.AutoRun.nhh   
Kingsoft ----- Win32.Troj.PopHotT.xd.163840   
Mcafee ----- W32/Autorun.worm.gen   
Microsoft ----- TrojanSpy:Win32/Hitpop.gen!C   
Norman ----- Trojan W32/Packed_Upack.A   
Panda ----- Suspicious file   
Sophos ----- Sus/Dropper-R   
Trend Micro ----- TSPY_HITPOP.BD   
Vba32 ----- Nothing   
VirusBuster ----- Packed/Upack   

*** 17/20 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\shishi.exe   
MD5 Hash: 2B6176FC2F993B99BF027F8BBF9C7FCE   
Type: UPX compressed Win32 Executable / Extension: .EXE   

A-squared ----- Backdoor.Win32.Banito.Plugin.A   
Avast ----- Win32:Spyware-gen [Trj]   
Antivir ----- TR/PSW.42564.5   
BitDefender ----- Generic.PWS.WoW.D024D1E9   
ClamWin ----- Nothing   
Dr.Web ----- Trojan.PWS.Wow.796   
NOD32 ----- Win32/PSW.WOW.NEC trojan   
F-prot ----- Nothing   
Ikarus ----- Backdoor.Win32.Banito.Plugin.A   
Jiangmin ----- TrojanSpy.WOW.bi   
Kaspersky ----- Trojan-GameThief.Win32.WOW.bye   
Kingsoft ----- Win32.PSWTroj.WOW.128068   
Mcafee ----- PWS-OnlineGames.cd   
Microsoft ----- PWS:Win32/Frethog.MM!dll   
Norman ----- Nothing   
Panda ----- Nothing   
Sophos ----- Mal/GamePSW-C   
Trend Micro ----- TSPY_WOW.BZ   
Vba32 ----- MalwareScope.Trojan-PSW.Game.7   
VirusBuster ----- Nothing   

*** 15/20 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\svchwstjj.exe   
MD5 Hash: B081C1F55E10AB7F349C16DB2718619C   
Type: Win32 Executable Generic / Extension: .EXE   

A-squared ----- Win32.SuspectCrc   
Avast ----- Nothing   
Antivir ----- TR/VB.fej   
BitDefender ----- DeepScan:Generic.Malware.YBddldTk.4753ACEE   
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
NOD32 ----- probably a variant of Win32/TrojanDownloader.VB.NPP trojan   
F-prot ----- W32/new-malware!Maximus   
Ikarus ----- Win32.SuspectCrc   
Jiangmin ----- Trojan/VB.end   
Kaspersky ----- Trojan.Win32.VB.fej   
Kingsoft ----- Nothing   
Mcafee ----- Generic.dx   
Microsoft ----- Nothing   
Norman ----- Trojan W32/Packed/FSG_2.A   
Panda ----- Nothing   
Sophos ----- Mal/Emogen-N   
Trend Micro ----- Nothing   
Vba32 ----- Nothing   
VirusBuster ----- Packed/FSG   

*** 12/20 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\sychwqot.exe   
MD5 Hash: 6C67BE1737B841C9F60E2795FA1EF483   
Type: UPX compressed Win32 Executable / Extension: .EXE   

A-squared ----- Nothing   
Avast ----- Win32:Spyware-gen [Trj]   
Antivir ----- TR/Spy.Gen   
BitDefender ----- Nothing   
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
NOD32 ----- a variant of Win32/Agent.OCX trojan   
F-prot ----- Nothing   
Ikarus ----- Nothing   
Jiangmin ----- Nothing   
Kaspersky ----- Nothing   
Kingsoft ----- Win32.TrojDownloader.rc.114688   
Mcafee ----- Generic.dx   
Microsoft ----- Nothing   
Norman ----- Nothing   
Panda ----- Nothing   
Sophos ----- Sus/Dropper-A   
Trend Micro ----- WORM_AUTORUN.MCS   
Vba32 ----- Nothing   
VirusBuster ----- Nothing   

*** 7/20 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   

Task done @ 2008/09/16 二 19:06:57.57   

BING126

McAfee 报了2个。。

1.exe                     new malware.n               
33554353.exe       no
33554373.exe       no
7003.exe               no  
msn080.exe          no
qq05.exe               no
sachwqqp.exe       no
shishi.exe              pws-onlinegames.cd           
svchwstjj.exe         no
sychwqot.exe        no

Palkia

病毒        2008-09-16  20:48:48        C:\Documents and Settings\Administrator\桌面\10.rar\sychwqot.exe        Win32.TrojDownloader.rc.114688        清除成功       
病毒        2008-09-16  20:48:48        C:\Documents and Settings\Administrator\桌面\10.rar\sachwqqp.exe        Win32.Troj.PopHotT.xd.163840        清除成功       
病毒        2008-09-16  20:48:48        C:\Documents and Settings\Administrator\桌面\10.rar\qq05.exe        Win32.Troj.Agent.qq.348160        清除成功       
病毒        2008-09-16  20:48:47        C:\Documents and Settings\Administrator\桌面\10.rar\1.exe        Win32.Troj.StringT.jw.192512        清除成功       
病毒        2008-09-16  20:48:47        C:\Documents and Settings\Administrator\桌面\10.rar\shishi.exe        Win32.PSWTroj.WOW.128068        清除成功