天龙八部又被挂上马儿。。。。。

显示全部楼层 · 发表于 2008-9-30 16:10:01

费尔说：
\样本\002.rar>>002\14[1].htm Script.HttpDownloader.u 病毒还未处理
样本\001.rar>>001\as[1].htm Script.SoftExploit.e 病毒还未处理

VirSCAN.org Scanned Report :
Scanned time : 2008/09/30 15:43:26 (CST)
Scanner results: 16%的杀软(6/37)报告发现病毒
File Name    : 001.rar
File Size    : 1634 byte
File Type    : RAR archive data, v1d, os
MD5          : e78259854682cd95e8df397ae22fd961
SHA1          : 4412d40eddd73587a2478726877ade650703be0f
Online report  : ht tp://virscan.org/report/1e6343c63596f4e937344fdd97f23be5.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    4.0.0.14       2008.09.29       2008-09-29  1.45 -
安博士V3    2008.09.30.02 2008.09.30       2008-09-30  0.92 -
AntiVir       7.8.1.34       7.0.6.225       2008-09-29  2.32 -
Arcavir       1.0.5          200809291247    2008-09-29  1.19 -
Authentium    5.1.1          200809241708    2008-09-24  1.02 -
AVAST!       3.0.1          080929-1       2008-09-29  0.68 VBS:SnapshotView-A [Expl]
AVG          7.5.52.442    270.7.5/1698    2008-09-29  1.62 -
BitDefender 7.60825.1822271 7.21107          2008-09-30  3.11 -
CA (VET)    9.0.0.143    31.6.6117       2008-09-29  3.88 -
ClamAV       0.94          8356             2008-09-30  0.00 -
Comodo       2.11          2.0.0.661       2008-09-29  0.40 -
CP Secure    1.1.0.715    2008.09.30       2008-09-30  5.91 Troj.Downloader.JS.Agent.ckc
Dr.Web       4.44.0.9170    2008.09.29       2008-09-29  3.23 -
ewido       4.0.0.2       2008.09.29       2008-09-29  2.74 -
F-Prot       4.4.4.56       20080929       2008-09-29  1.01 -
F-Secure    5.51.6100    2008.09.30.02    2008-09-30  0.04 -
飞塔          2.81-3.113    9.604          2008-09-29  0.14 -
ViRobot       20080929       2008.09.29       2008-09-29  0.39 -
Ikarus       T3.1.01.34    2008.09.29.71552  2008-09-29  3.39 Virus.VBS.SnapshotView.A
江民杀毒    11.0.706       2008.09.30       2008-09-30  1.22 -
卡巴斯基    5.5.10       2008.09.30       2008-09-30  0.02 -
金山毒霸    2008.9.8.18    2008.9.30.14    2008-09-30  0.88 JS.Downloader.fc.907
迈克菲       5.3.00       5394             2008-09-29  1.97 Exploit-CVE2008-2463
Microsoft    1.4005       2008.09.29       2008-09-29  3.93 Exploit:JS/Objsnapt.F
mks_vir       2.01          2008.09.29       2008-09-29  2.72 -
Norman       5.93.01       5.93.00          2008-09-18  5.35 -
熊猫卫士    9.05.01       2008.09.29       2008-09-29  2.21 -
趋势科技    8.700-1004    5.572.02       2008-09-29  0.02 -
Quick Heal    9.50          2008.09.30       2008-09-30  1.90 -
瑞星          20.0          20.63.62.00    2008-09-28  0.25 -
Sophos       2.79.0       4.34             2008-09-30  1.68 -
Sunbelt       3.1.1675.1    2261             2008-09-26  0.42 -
赛门铁克    1.3.0.24       20080929.003    2008-09-29  0.22 -
nProtect    2008-09-30.01 2186999          2008-09-30  4.27 -
The Hacker    6.3.0.9       v00096          2008-09-28  0.39 -
VBA32       3.12.8.6       20080929.0843    2008-09-29  1.22 -
VirusBuster 4.5.11.10    10.89.2/633609 2008-09-29  0.81 -

文件 001.rar 接收于 2008.09.30 09:46:08 (CET)

结果: 6/36 (16.67%)

反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.9.25.0 2008.09.30 -
AntiVir 7.8.1.34 2008.09.30 -
Authentium 5.1.0.4 2008.09.29 -
Avast 4.8.1195.0 2008.09.29 VBS:SnapshotView-A
AVG 8.0.0.161 2008.09.29 Exploit
BitDefender 7.2 2008.09.30 -
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.09.30 -
DrWeb 4.44.0.09170 2008.09.30 -
eSafe 7.0.17.0 2008.09.29 -
eTrust-Vet 31.6.6117 2008.09.30 -
Ewido 4.0 2008.09.29 -
F-Prot 4.4.4.56 2008.09.29 -
F-Secure 8.0.14332.0 2008.09.30 -
Fortinet 3.113.0.0 2008.09.30 -
GData 19 2008.09.30 VBS:SnapshotView-A
Ikarus T3.1.1.34.0 2008.09.30 Virus.VBS.SnapshotView.A
K7AntiVirus 7.10.476 2008.09.27 -
Kaspersky 7.0.0.125 2008.09.30 -
McAfee 5394 2008.09.30 Exploit-CVE2008-2463
Microsoft 1.4005 2008.09.30 Exploit:JS/Objsnapt.F
NOD32 3481 2008.09.29 -
Norman 5.80.02 2008.09.29 -
Panda 9.0.0.4 2008.09.29 -
PCTools 4.4.2.0 2008.09.29 -
Prevx1 V2 2008.09.30 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.09.30 -
Sophos 4.34.0 2008.09.30 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.09.30 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 3.12.8.6 2008.09.29 -
ViRobot 2008.9.30.1397 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.29 -
附加信息
File size: 1634 bytes
MD5...: e78259854682cd95e8df397ae22fd961
SHA1..: 4412d40eddd73587a2478726877ade650703be0f
SHA256: 8a6bb4452a6bfcbc796a235897ff7d270093bb2c89e061d00586e28549f54e7d
SHA512: c456750c0acb9cf493add6c40d4c85912e134b87c90c2ac23a64c938dbd8cbf1
3f1b390ada49cc9bd321e2f3106801b05caf8d7f837da509d63e67822b342dd1
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -

VirSCAN.org Scanned Report :
Scanned time : 2008/09/30 15:46:41 (CST)
Scanner results: 24%的杀软(9/37)报告发现病毒
File Name    : 002.rar
File Size    : 2124 byte
File Type    : RAR archive data, v1d, os
MD5          : 26dc73048f2d7574367b00ed40272ead
SHA1          : b5c2c05ee89c6f6adeaed2a057d7c315777c8013
Online report  : ht tp://virscan.org/report/f106aed2a8f86bceb21b8b726ccd8630.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    4.0.0.14       2008.09.29       2008-09-29  1.44 -
安博士V3    2008.09.30.02 2008.09.30       2008-09-30  0.92 -
AntiVir       7.8.1.34       7.0.6.225       2008-09-29  2.32 HTML/Rce.Gen
Arcavir       1.0.5          200809291247    2008-09-29  1.19 -
Authentium    5.1.1          200809241708    2008-09-24  1.02 -
AVAST!       3.0.1          080929-1       2008-09-29  0.00 VBS:Obfuscated-gen [Trj]
AVG          7.5.52.442    270.7.5/1698    2008-09-29  1.61 -
BitDefender 7.60825.1822271 7.21107          2008-09-30  3.11 -
CA (VET)    9.0.0.143    31.6.6117       2008-09-29  3.18 -
ClamAV       0.94          8356             2008-09-30  0.00 JS.Psyme-36
Comodo       2.11          2.0.0.661       2008-09-29  0.59 -
CP Secure    1.1.0.715    2008.09.30       2008-09-30  5.90 Troj.Downloader.JS.Psyme.aw
Dr.Web       4.44.0.9170    2008.09.29       2008-09-29  3.27 -
ewido       4.0.0.2       2008.09.29       2008-09-29  4.13 Downloader.AniLoad.nae
F-Prot       4.4.4.56       20080929       2008-09-29  1.02 -
F-Secure    5.51.6100    2008.09.30.02    2008-09-30  3.47 -
飞塔          2.81-3.113    9.604          2008-09-29  0.14 VBS/Psyme.ES!tr
ViRobot       20080929       2008.09.29       2008-09-29  0.45 -
Ikarus       T3.1.01.34    2008.09.29.71552  2008-09-29  3.37 -
江民杀毒    11.0.706       2008.09.30       2008-09-30  1.25 -
卡巴斯基    5.5.10       2008.09.30       2008-09-30  0.02 -
金山毒霸    2008.9.8.18    2008.9.30.14    2008-09-30  0.65 -
迈克菲       5.3.00       5394             2008-09-29  2.00 -
Microsoft    1.4005       2008.09.29       2008-09-29  4.19 TrojanDownloader:VBS/Psyme.gen!D
mks_vir       2.01          2008.09.29       2008-09-29  2.54 -
Norman       5.93.01       5.93.00          2008-09-18  5.44 VBS/Psyme.BF
熊猫卫士    9.05.01       2008.09.29       2008-09-29  2.83 -
趋势科技    8.700-1004    5.572.02       2008-09-29  0.03 -
Quick Heal    9.50          2008.09.30       2008-09-30  1.89 -
瑞星          20.0          20.63.62.00    2008-09-28  0.25 -
Sophos       2.79.0       4.34             2008-09-30  1.69 -
Sunbelt       3.1.1675.1    2261             2008-09-26  0.43 -
赛门铁克    1.3.0.24       20080929.003    2008-09-29  0.05 -
nProtect    2008-09-30.01 2186999          2008-09-30  4.42 -
The Hacker    6.3.0.9       v00096          2008-09-28  0.40 -
VBA32       3.12.8.6       20080929.0843    2008-09-29  1.22 -
VirusBuster 4.5.11.10    10.89.2/633609 2008-09-29  0.81 HTML.Psyme.Gen

文件 002.rar 接收于 2008.09.30 09:49:30 (CET)
结果: 12/36 (33.34%)

反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.9.25.0 2008.09.30 -
AntiVir 7.8.1.34 2008.09.30 HTML/Rce.Gen
Authentium 5.1.0.4 2008.09.29 -
Avast 4.8.1195.0 2008.09.29 VBS:Obfuscated-gen
AVG 8.0.0.161 2008.09.29 JS/Downloader.Agent
BitDefender 7.2 2008.09.30 -
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.09.30 JS.Psyme-36
DrWeb 4.44.0.09170 2008.09.30 -
eSafe 7.0.17.0 2008.09.29 -
eTrust-Vet 31.6.6117 2008.09.30 -
Ewido 4.0 2008.09.29 Downloader.AniLoad.nae
F-Prot 4.4.4.56 2008.09.29 -
F-Secure 8.0.14332.0 2008.09.30 VBS/Psyme.BF
Fortinet 3.113.0.0 2008.09.30 VBS/Psyme.ES!tr
GData 19 2008.09.30 VBS:Obfuscated-gen
Ikarus T3.1.1.34.0 2008.09.30 -
K7AntiVirus 7.10.476 2008.09.27 -
Kaspersky 7.0.0.125 2008.09.30 -
McAfee 5394 2008.09.30 -
Microsoft 1.4005 2008.09.30 TrojanDownloader:VBS/Psyme.gen!D
NOD32 3481 2008.09.29 -
Norman 5.80.02 2008.09.29 -
Panda 9.0.0.4 2008.09.29 -
PCTools 4.4.2.0 2008.09.29 HTML.Psyme.Gen
Prevx1 V2 2008.09.30 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.09.30 Heuristic.Script.Rce
Sophos 4.34.0 2008.09.30 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.09.30 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 3.12.8.6 2008.09.29 -
ViRobot 2008.9.30.1397 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.29 HTML.Psyme.Gen
附加信息
File size: 2124 bytes
MD5...: 26dc73048f2d7574367b00ed40272ead
SHA1..: b5c2c05ee89c6f6adeaed2a057d7c315777c8013
SHA256: fe0813880c1823c8bc7cf3bc2cb1ba48262567d73ac63826c703f02941b686ea
SHA512: a85c2afa49d86719f5f1fb65887ba96854cac639e0065254eb2323e2eebfd3a6
d50d28b9ea4a47545fe2d54d875b4270822dd6cc8f34ef7637e2c5ad38af6dff
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -

显示全部楼层 · 发表于 2008-9-30 16:25:06

kaspersky signature database miss
TO KL

显示全部楼层 · 发表于 2008-9-30 16:54:51

费尔说：
D:\Downloads\bt\8\8ddd.rar>>as.css TrojanDownloader.Agent.rqj.kwvf 木马还未处理
D:\Downloads\bt\8\8ddd.rar>>ms.css TrojanDownloader.Small.ybw.tjka 木马还未处理
借隔壁网友“jun0717”说
ht tp://user999.78-10.net/as.css
ht tp://user999.78-10.net/ms.css
...

PS：挂得很失败，下载的马儿，60%可以报。。。
文件 as.css 接收于 2008.09.30 10:40:18 (CET)
结果: 23/36 (63.89%)
反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.9.25.0 2008.09.30 Win-Trojan/Agent.13840.B
AntiVir 7.8.1.34 2008.09.30 -
Authentium 5.1.0.4 2008.09.29 -
Avast 4.8.1195.0 2008.09.29 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.29 Downloader.Generic7.QRM
BitDefender 7.2 2008.09.30 Trojan.Downloader.Small.AAPP
CAT-QuickHeal 9.50 2008.09.30 TrojanDownloader.Agent.rqj
ClamAV 0.93.1 2008.09.30 Trojan.Downloader-41951
DrWeb 4.44.0.09170 2008.09.30 Trojan.DownLoader.63104
eSafe 7.0.17.0 2008.09.29 -
eTrust-Vet 31.6.6118 2008.09.30 Win32/SillyDl.EVD
Ewido 4.0 2008.09.29 Downloader.Small.xpd
F-Prot 4.4.4.56 2008.09.29 -
F-Secure 8.0.14332.0 2008.09.30 Trojan-Downloader.Win32.Small.ybw
Fortinet 3.113.0.0 2008.09.30 -
GData 19 2008.09.30 Trojan.Downloader.Small.AAPP
Ikarus T3.1.1.34.0 2008.09.30 Trojan-Downloader.Win32.Agent.rqj
K7AntiVirus 7.10.473 2008.09.25 Trojan-Downloader.Win32.Agent.rqj
Kaspersky 7.0.0.125 2008.09.30 Trojan-Downloader.Win32.Small.ybw
McAfee 5394 2008.09.30 -
Microsoft 1.4005 2008.09.30 TrojanDownloader:Win32/Mickdo.A
NOD32 3481 2008.09.29 probably a variant of Win32/TrojanDownloader.Small.WGA
Norman 5.80.02 2008.09.29 -
Panda 9.0.0.4 2008.09.29 Trj/Downloader.TYL
PCTools 4.4.2.0 2008.09.29 -
Prevx1 V2 2008.09.30 Malicious Software
Rising 20.63.62.00 2008.09.28 Trojan.DL.Win32.Small.vtg
SecureWeb-Gateway 6.7.6 2008.09.30 -
Sophos 4.34.0 2008.09.30 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.09.30 Downloader
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 Possible_DLDER
VBA32 3.12.8.6 2008.09.29 Trojan.DownLoader.63104
ViRobot 2008.9.30.1397 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.29 Trojan.DL.Agent.ETBH
附加信息
File size: 13840 bytes
MD5...: 1037f5b38b4764eb15aa67ffccf94830
SHA1..: ca10ae0b7fb4d0bae9ea9c172b9b77184efac3f1
SHA256: 0f5bd44184a0e77d6ddd4a20521bdaa158938ce984c836285a54f497ca9e61d4
SHA512: 4399078582c7df2aad83c91da7e4ca8ff54aedf62353d9ae41281eeb6c97bbef
a576a7188e6e663f2990beadc9e90c674a0c136c6365dbc9eabc173ae65e2254
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4015dc
timedatestamp.....: 0x3937bca7 (Fri Jun 02 13:54:47 2000)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x762 0x800 5.59 633538d30d7f82efd0da4be658b304e1
.rdata 0x2000 0x4ec 0x600 4.23 912eab2284e705c5794a7d5c582857d3
.data 0x3000 0xe8 0x200 2.28 bf5cd4b8e024f0983d6446dafa23df06
( 5 imports )
> KERNEL32.dll: CloseHandle, CreateProcessA, GetStartupInfoA, Sleep, GetTickCount, GetWindowsDirectoryA, SetEvent, WaitForMultipleObjects, WaitForSingleObject, CreateEventA, DeleteFileA, ExpandEnvironmentStringsA, SetFileAttributesA, CreateDirectoryA, GetLastError, CreateMutexA, GetModuleHandleA
> USER32.dll: LoadCursorA, SetSystemCursor, CopyIcon
> urlmon.dll: URLDownloadToFileA
> WININET.dll: DeleteUrlCacheEntry
> MSVCRT.dll: _XcptFilter, __set_app_type, __p__fmode, _controlfp, __p__commode, sprintf, _except_handler3, fprintf, _beginthreadex, fclose, fscanf, fopen, _exit, _adjust_fdiv, exit, _acmdln, __getmainargs, _initterm, __setusermatherr
( 0 exports )

VirSCAN.org Scanned Report :
Scanned time : 2008/09/30 16:40:27 (CST)
Scanner results: 70%的杀软(26/37)报告发现病毒
File Name    : as.css
File Size    : 13840 byte
File Type    : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5          : 1037f5b38b4764eb15aa67ffccf94830
SHA1          : ca10ae0b7fb4d0bae9ea9c172b9b77184efac3f1
Online report  : ht tp://virscan.org/report/c7d02ac8195f8f40d58608fdebcdf2d2.html
Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    4.0.0.14       2008.09.29       2008-09-29  2.08 Trojan-Downloader.Win32.Agent.rqj!A2
安博士V3    2008.09.30.02 2008.09.30       2008-09-30  1.43 Win-Trojan/Agent.13840.B
AntiVir       7.8.1.34       7.0.6.225       2008-09-29  2.32 -
Arcavir       1.0.5          200809291247    2008-09-29  1.20 Trojan.Agent.Ms
Authentium    5.1.1          200809241708    2008-09-24  1.06 -
AVAST!       3.0.1          080929-1       2008-09-29  0.69 Win32:Trojan-gen {Other}
AVG          7.5.52.442    270.7.5/1698    2008-09-29  1.63 Downloader.Generic7.QRM
BitDefender 7.60825.1822271 7.21107          2008-09-30  3.10 Trojan.Downloader.Small.AAPP
CA (VET)    9.0.0.143    31.6.6117       2008-09-29  5.38 Win32/SillyDl.EVD trojan.
ClamAV       0.94          8356             2008-09-30  0.01 Trojan.Downloader-41951
Comodo       2.11          2.0.0.661       2008-09-29  0.44 -
CP Secure    1.1.0.715    2008.09.30       2008-09-30  5.94 Troj.Downloader.W32.Agent.rqj
Dr.Web       4.44.0.9170    2008.09.29       2008-09-29  3.25 Trojan.DownLoader.63104
ewido       4.0.0.2       2008.09.29       2008-09-29  2.88 Downloader.Small.xpd
F-Prot       4.4.4.56       20080929       2008-09-29  1.04 -
F-Secure    5.51.6100    2008.09.30.02    2008-09-30  3.44 Trojan-Downloader.Win32.Small.ybw [AVP]
飞塔          2.81-3.113    9.604          2008-09-29  0.21 -
ViRobot       20080929       2008.09.29       2008-09-29  0.40 -
Ikarus       T3.1.01.34    2008.09.29.71552  2008-09-29  3.35 Trojan-Downloader.Win32.Agent.rqj
江民杀毒    11.0.706       2008.09.30       2008-09-30  1.22 TrojanDownloader.Small.aejq
卡巴斯基    5.5.10       2008.09.30       2008-09-30  0.02 Trojan-Downloader.Win32.Small.ybw
金山毒霸    2008.9.8.18    2008.9.30.14    2008-09-30  0.62 Win32.TrojDownloader.Agent.9970
迈克菲       5.3.00       5394             2008-09-29  2.01 -
Microsoft    1.4005       2008.09.29       2008-09-29  4.35 TrojanDownloader:Win32/Mickdo.A
mks_vir       2.01          2008.09.29       2008-09-29  2.57 Worm.Korgo
Norman       5.93.01       5.93.00          2008-09-18  5.36 -
熊猫卫士    9.05.01       2008.09.29       2008-09-29  2.31 Trj/Downloader.TYL
趋势科技    8.700-1004    5.572.02       2008-09-29  0.02 Possible_DLDER
Quick Heal    9.50          2008.09.30       2008-09-30  1.99 TrojanDownloader.Agent.rqj
瑞星          20.0          20.63.62.00    2008-09-28  1.00 Trojan.DL.Win32.Small.vtg
Sophos       2.79.0       4.34             2008-09-30  1.70 -
Sunbelt       3.1.1675.1    2261             2008-09-26  0.64 -
赛门铁克    1.3.0.24       20080929.003    2008-09-29  0.06 Downloader
nProtect    2008-09-30.01 2186999          2008-09-30  4.32 Trojan-Downloader/W32.Agent.13840.B
The Hacker    6.3.0.9       v00096          2008-09-28  0.44 -
VBA32       3.12.8.6       20080929.0843    2008-09-29  1.25 Trojan.DownLoader.63104
VirusBuster 4.5.11.10    10.89.2/633609 2008-09-29  0.86 Trojan.DL.Agent.ETBH
文件 ms.css 接收于 2008.09.30 10:49:08 (CET)
结果: 32/36 (88.89%)
反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.9.25.0 2008.09.30 Win-Trojan/Agent.13840.B
AntiVir 7.8.1.34 2008.09.30 TR/Crypt.NSPI.Gen
Authentium 5.1.0.4 2008.09.29 W32/Downloader-Sml-based!Maximus
Avast 4.8.1195.0 2008.09.29 -
AVG 8.0.0.161 2008.09.29 Downloader.Generic7.AUQD
BitDefender 7.2 2008.09.30 Trojan.Downloader.Small.AAPP
CAT-QuickHeal 9.50 2008.09.30 TrojanDownloader.Small.ybw
ClamAV 0.93.1 2008.09.30 PUA.Packed.NPack-3
DrWeb 4.44.0.09170 2008.09.30 Trojan.DownLoader.63104
eSafe 7.0.17.0 2008.09.29 Suspicious File
eTrust-Vet 31.6.6118 2008.09.30 -
Ewido 4.0 2008.09.29 Downloader.Small.xpd
F-Prot 4.4.4.56 2008.09.29 W32/Downloader-Sml-based!Maximus
F-Secure 8.0.14332.0 2008.09.30 Trojan-Downloader.Win32.Small.ybw
Fortinet 3.113.0.0 2008.09.30 W32/Heuri.E!tr.dldr
GData 19 2008.09.30 Trojan.Downloader.Small.AAPP
Ikarus T3.1.1.34.0 2008.09.30 Backdoor.Win32.Agent.ahj
K7AntiVirus 7.10.476 2008.09.27 Trojan-Downloader.Win32.Small.ybw
Kaspersky 7.0.0.125 2008.09.30 Trojan-Downloader.Win32.Small.ybw
McAfee 5394 2008.09.30 New Malware.hr
Microsoft 1.4005 2008.09.30 TrojanDownloader:Win32/Mickdo.A
NOD32 3481 2008.09.29 probably a variant of Win32/TrojanDownloader.Small.WGA
Norman 5.80.02 2008.09.29 W32/Packed_NSPack.B
Panda 9.0.0.4 2008.09.29 Trj/Downloader.TYL
PCTools 4.4.2.0 2008.09.29 Packed/NSPack
Prevx1 V2 2008.09.30 -
Rising 20.63.62.00 2008.09.28 Trojan.DL.Win32.Small.vtg
SecureWeb-Gateway 6.7.6 2008.09.30 Trojan.Crypt.NSPI.Gen
Sophos 4.34.0 2008.09.30 Mal/Heuri-E
Sunbelt 3.1.1675.1 2008.09.27 Trojan.Win32.Packed.gen (v)
Symantec 10 2008.09.30 Downloader
TheHacker 6.3.0.9.097 2008.09.29 W32/Behav-Heuristic-067
TrendMicro 8.700.0.1004 2008.09.30 PAK_Generic.001
VBA32 3.12.8.6 2008.09.29 Trojan.DownLoader.63104
ViRobot 2008.9.30.1397 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.29 Trojan.DL.MultiLoad.L
附加信息
File size: 5678 bytes
MD5...: 58aaadbac2753544beebcfb6c0c18c75
SHA1..: 861a7ccd3314df7e88f7bc3540a31f8e35b80c7a
SHA256: d87e666b39c69c53ade29ebeed9a432c1e77fff9035710c1739f5078de3c2c17
SHA512: 55c106a497cf8226f342cd77aba7453616e5f51e79a1c58d785998312577ceea
4f203ebb45967804061cda70ce138c1617bc0f67344ea5abe69fe5a93c9a88b9
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x405250
timedatestamp.....: 0x3937bca7 (Fri Jun 02 13:54:47 2000)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.nsp0 0x1000 0x4000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.nsp1 0x5000 0x2000 0x122e 7.45 f85fcdb26faa6d4b86e21453b01e65c6
.nsp2 0x7000 0x56e 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 5 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> USER32.DLL: LoadCursorA
> URLMON.DLL: URLDownloadToFileA
> WININET.DLL: DeleteUrlCacheEntry
> MSVCRT.DLL: _XcptFilter
( 0 exports )

packers (F-Prot): NSPack, PE_Patch
packers (Kaspersky): NSPack
packers (Authentium): NSPack, PE_Patch

VirSCAN.org Scanned Report :
Scanned time : 2008/09/30 16:48:57 (CST)
Scanner results: 76%的杀软(28/37)报告发现病毒
File Name    : ms.css
File Size    : 5678 byte
File Type    : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5          : 58aaadbac2753544beebcfb6c0c18c75
SHA1          : 861a7ccd3314df7e88f7bc3540a31f8e35b80c7a
Online report  : ht tp://virscan.org/report/85dd05d86521044b64ba340e34c21481.html
Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    4.0.0.14       2008.09.29       2008-09-29  1.43 -
安博士V3    2008.09.30.02 2008.09.30       2008-09-30  0.93 Win-Trojan/Agent.13840.B
AntiVir       7.8.1.34       7.0.6.225       2008-09-29  2.34 TR/Crypt.NSPI.Gen
Arcavir       1.0.5          200809291247    2008-09-29  1.21 -
Authentium    5.1.1          200809241708    2008-09-24  1.15 W32/Heuristic-DL2!Eldorado (Heuristic)
AVAST!       3.0.1          080929-1       2008-09-29  0.01 -
AVG          7.5.52.442    270.7.5/1698    2008-09-29  1.60 Downloader.Generic7.AUQD
BitDefender 7.60825.1822271 7.21107          2008-09-30  3.11 Trojan.Downloader.Small.AAPP
CA (VET)    9.0.0.143    31.6.6117       2008-09-29  4.74 -
ClamAV       0.94          8356             2008-09-30  0.00 PUA.Packed.NPack-3
Comodo       2.11          2.0.0.661       2008-09-29  0.43 -
CP Secure    1.1.0.715    2008.09.30       2008-09-30  5.94 -
Dr.Web       4.44.0.9170    2008.09.29       2008-09-29  3.29 Trojan.DownLoader.63104
ewido       4.0.0.2       2008.09.29       2008-09-29  4.59 Downloader.Small.xpd
F-Prot       4.4.4.56       20080929       2008-09-29  1.12 Possible W32/Heuristic-DL2!Eldorado (not disinfectable)
F-Secure    5.51.6100    2008.09.30.02    2008-09-30  0.05 Trojan-Downloader.Win32.Small.ybw [AVP]
飞塔          2.81-3.113    9.604          2008-09-29  0.16 W32/Heuri.E!tr.dldr
ViRobot       20080929       2008.09.29       2008-09-29  0.40 -
Ikarus       T3.1.01.34    2008.09.29.71552  2008-09-29  3.37 Backdoor.Win32.Agent.ahj
江民杀毒    11.0.706       2008.09.30       2008-09-30  1.23 TrojanDownloader.Small.aejq
卡巴斯基    5.5.10       2008.09.30       2008-09-30  0.04 Trojan-Downloader.Win32.Small.ybw
金山毒霸    2008.9.8.18    2008.9.30.14    2008-09-30  0.62 Win32.TrojDownloader.Agent.9970
迈克菲       5.3.00       5394             2008-09-29  2.09 New Malware.hr
Microsoft    1.4005       2008.09.29       2008-09-29  7.14 TrojanDownloader:Win32/Mickdo.A
mks_vir       2.01          2008.09.29       2008-09-29  2.67 -
Norman       5.93.01       5.93.00          2008-09-18  5.38 W32/Packed_NSPack.B
熊猫卫士    9.05.01       2008.09.29       2008-09-29  4.43 Trj/Downloader.TYL
趋势科技    8.700-1004    5.572.02       2008-09-29  0.02 -
Quick Heal    9.50          2008.09.30       2008-09-30  3.13 TrojanDownloader.Small.ybw
瑞星          20.0          20.63.62.00    2008-09-28  2.28 Trojan.DL.Win32.Small.vtg
Sophos       2.79.0       4.34             2008-09-30  1.74 Mal/Heuri-E
Sunbelt       3.1.1675.1    2261             2008-09-26  0.43 Trojan.Win32.Packed.gen (v)
赛门铁克    1.3.0.24       20080929.003    2008-09-29  0.05 Downloader
nProtect    2008-09-30.01 2186999          2008-09-30  5.66 Trojan.Downloader.Small.AAPP
The Hacker    6.3.0.9       v00096          2008-09-28  0.68 W32/Behav-Heuristic-067
VBA32       3.12.8.6       20080929.0843    2008-09-29  1.23 Trojan.DownLoader.63104
VirusBuster 4.5.11.10    10.89.2/633609 2008-09-29  0.85 Trojan.DL.MultiLoad.L

显示全部楼层 · 发表于 2008-9-30 17:12:23

Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Tatarinov Ivan
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

> Attachment: 001.rar
> Attachment: 002.rar

显示全部楼层 · 发表于 2008-9-30 17:13:28

我同学现在还在玩天龙....还在帮我搞装备...

显示全部楼层 · 发表于 2008-9-30 18:56:36

想问下楼主网址？

显示全部楼层 · 发表于 2008-9-30 20:35:23

原帖由 lg560852 于 2008-9-30 18:56 发表
想问下楼主网址？

htt p://tl.sohu.com/content/launcher/fragment/gonggao.inc

是这个吗？右边图片不能用右键看到。。

显示全部楼层 · 发表于 2008-10-1 07:32:02

2008-10-1 7:31:39 检测到威胁: Trojan-Downloader.VBS.Agent.ps C:\Documents and Settings\Administrator\桌面\002.rar/002\14[1].htm
2008-10-1 7:31:39 已删除: Trojan-Downloader.VBS.Agent.ps C:\Documents and Settings\Administrator\桌面\002.rar/002\14[1].htm
其余无法识别..已上传

显示全部楼层 · 发表于 2008-10-1 07:32:47

2008-10-1 7:33:03 检测到威胁: Trojan-Downloader.Win32.Small.ybw C:\Documents and Settings\Administrator\桌面\8ddd.rar/as.css
2008-10-1 7:33:03 已删除: Trojan-Downloader.Win32.Small.ybw C:\Documents and Settings\Administrator\桌面\8ddd.rar/as.css
2008-10-1 7:33:03 检测到威胁: Trojan-Downloader.Win32.Small.ybw C:\Documents and Settings\Administrator\桌面\8ddd.rar/ms.css/NSPack
2008-10-1 7:33:03 已删除: Trojan-Downloader.Win32.Small.ybw C:\Documents and Settings\Administrator\桌面\8ddd.rar/ms.css

显示全部楼层 · 发表于 2008-11-28 12:56:03

To KL

[病毒样本] 天龙八部又被挂上马儿。。。。。

本帖子中包含更多资源

本帖子中包含更多资源

回复 1楼小飞侠.net 的帖子

回复 3楼小飞侠.net 的帖子

浏览过的版块

[病毒样本] 天龙八部又被挂上马儿。。。。。

本帖子中包含更多资源

本帖子中包含更多资源

回复 1楼 小飞侠.net 的帖子

回复 3楼 小飞侠.net 的帖子

浏览过的版块

回复 1楼小飞侠.net 的帖子

回复 3楼小飞侠.net 的帖子