PCSL 可疑恶意网站每日分析 20080922

lanvin

1. http://dd6.tesekl.info/net.exe
   
2. http://danielblaskieviz.xpg.com.br/upload/imglog.jpg
   
3. http://download.sav2008.com/dload.php?actually=1&advid=5251
   
4. http://www.rotarymilanosudest.com/site_access/bollettini/2007-2008/agosto.exe
   
5. http://knut.kumoh.ac.kr/~kopress/board//skin/f2plus_gallery_2_0/.tmp/FrWall2.exe
   
6. http://www.1ive.net/count/Install.asp
   
7. http://cel33264578.xpg.com.br/imglog.xml
   
8. http://www.sabaozinhox.net/Source.exe
   
9. http://www.aera.gr/files/.slide/win32.exe
   
10. http://www.oflogao.com/tim/download/picture.exe
    
11. http://vivoonline.hpg.com.br/nosso.jpg
    

复制代码

维生素B2

install.asp大小为0
全部打包

卡巴miss 4，上报。

http://www.namipan.com/d/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9.rar/00a16efa1ca70d17c5436b4101594eafe386282a494bb700

[ 本帖最后由 维生素B2 于 2008-9-22 16:53 编辑 ]

Palkia

风险程序        2008-09-22  18:56:15        C:\Documents and Settings\Administrator\桌面\新建文件夹.rar\新建文件夹\SAV2008Setup.exe\BindFile\sav.cpl        Win32.RiskWare.UltimateAnti.bf.168448        跳过，未处理       
病毒        2008-09-22  18:56:09        C:\Documents and Settings\Administrator\桌面\新建文件夹.rar\新建文件夹\picture.exe        JS.DownloaderT.a.31604        清除成功       
病毒        2008-09-22  18:56:05        C:\Documents and Settings\Administrator\桌面\新建文件夹.rar\新建文件夹\FrWall2.exe        Win32.Hack.UpackT.a.15981        清除成功

电影结束了

我汗啊。。。
学校网络奇慢啊

Kitman

4  files left
Begin scan in 'C:\Users\TOSHIBA\Downloads\新建文件夹'
C:\Users\TOSHIBA\Downloads\新建文件夹\新建文件夹\agosto.exe
    [DETECTION] Is the TR/Spy.Banker.Gen Trojan
    [NOTE]      A backup was created as '49468816.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\新建文件夹\新建文件夹\FrWall2.exe
    [DETECTION] Contains recognition pattern of the WORM/Rokut.BP worm
    [NOTE]      A backup was created as '492e8821.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\新建文件夹\新建文件夹\imglog.jpg
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '493e881c.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\新建文件夹\新建文件夹\imglog.xml
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '4bc76cbd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\新建文件夹\新建文件夹\net.exe
      [DETECTION] Is the TR/Dldr.Agent.dfq Trojan
    [NOTE]      A backup was created as '494b8814.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\新建文件夹\新建文件夹\nosso.jpg
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '494a881e.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\新建文件夹\新建文件夹\SAV2008Setup.exe
    [0] Archive type: RAR SFX (self extracting)
    --> sav.cpl
      [DETECTION] Is the TR/FakeAV.AR Trojan
    --> sav.exe
      [DETECTION] Is the TR/FakeAV.AD.16 Trojan
    [DETECTION] Contains recognition pattern of the DR/FraudToo.1075794 dropper
    [NOTE]      A backup was created as '492d87f0.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2008年9月22日  19:55
Used time: 00:02 Minute(s)

The scan has been done completely.

      2 Scanning directories
     16 Files were scanned
      9 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      7 files were deleted
      0 files were repaired
      7 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      7 Files not concerned
      1 Archives were scanned
      0 Warnings
      7 Notes

Kitman

File ID         Filename         Size (Byte)        Result
25140491         picture.exe         31.04 KB         UNDER ANALYSIS
25140371         Source.exe         4.39 KB         UNDER ANALYSIS
25140369         win32.exe         35.41 KB         UNDER ANALYSIS
4039214         Install.asp         0 Byte         KNOWN CLEAN