PCSL 可疑恶意网站每日分析 20081010

lanvin

hxxp://www.zssotke.edu.sk/zdruzenacik/explorer-7.0.exe



hxxp://blacktie-affair.org/Smileys/Zamiana/stick.gif
||
<iframe width=1 height=1 src="hxxp://download.getmirar.com/875455"> </iframe>
||
hxxp://download.getmirar.com/875455/exes/Mirar_Toolbar_Setup.exe


hxxp://ak.imgfarm.com/images/nocache/copilot/1.0.8.0/iWonSetup1.0.8.0.exe

hxxp://www.cliprex.com/files/Cflv.exe

hxxp://www.cliprex.com/files/CliprexLite.exe

zjsxsycj

stick.gif下不了
其它打包




点击下载6ge.rar
virus

[ 本帖最后由 zjsxsycj 于 2008-10-10 15:04 编辑 ]

啊弥陀佛

微点拦截

08红伞威点

[quote]原帖由 zjsxsycj 于 2008-10-10 15:02 发表
stick.gif下不了
其它打包

374186


Start of the scan: 2008年10月10日  15:50
Starting the file scan:
Begin scan in 'C:\Documents and Settings\桌面\病毒样本'
C:\Documents and Settings\桌面\explorer-7.0.exe
    [DETECTION] Is the TR/Small.BQN Trojan
    [NOTE]      A backup was created as '495f09b9.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\桌面\病毒样本\iWonSetup1.0.8.0.exe
    [DETECTION] Contains recognition pattern of the ADSPY/iWon.A adware or spyware
    [NOTE]      A backup was created as '495e0998.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\桌面\病毒样本\Mirar_Toolbar_Setup.exe
    [0] Archive type: RSRC
    --> Object
      [DETECTION] Contains recognition pattern of the ADSPY/Mirar.A adware or spyware
    [NOTE]      A backup was created as '496109ab.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!

End of the scan: 2008年10月10日  15:50
Used time: 00:05 Minute(s)
--------------------------------------------------------------
红伞查杀3个 Pass 3个，上报提交分析。

syfwxmh

kaspersky kill all

欠妳緈諨

Virus check with G DATA AntiVirus
Version 18.7.8155.555
Virus signature dated 10/10/2008
Start time: 10/10/2008 17:21
Engine(s): Engine A (AVK 19.964), Engine B (BD 19.699)
Heuristics: On
Archive: On
System areas: Off

Check the following directories and files:
  S:\6ge\

Object: Mirar_Toolbar_Setup.exe
        Path: S:\6ge
        Status: Virus detected
        Virus: not-a-virus:AdWare.Win32.Mirar.f (Engine A), Adware.Mirar.I (Engine B)
Object: data0013
        In archive: S:\6ge\Cflv.exe
        Status: Virus detected
        Virus: not-a-virus:AdWare.Win32.Shopper.r (Engine A)
Object: Cflv.exe
        Path: S:\6ge
        Status: Virus detected
        Virus: not-a-virus:AdWare.Win32.Shopper.r (Engine A)
Object: data0008
        In archive: S:\6ge\CliprexLite.exe
        Status: Virus detected
        Virus: not-a-virus:WebToolbar.Win32.MyWebSearch.ak (Engine A)
Object: (NSIS o) zlib_nsis0007
        In archive: S:\6ge\CliprexLite.exe
        Status: Virus detected
        Virus: Adware.Mywebsearch.AM (Engine B)
Object: CliprexLite.exe
        Path: S:\6ge
        Status: Virus detected
        Virus: not-a-virus:WebToolbar.Win32.MyWebSearch.ak (Engine A), Adware.Mywebsearch.AM (Engine B)
Object: iWonSetup1.0.8.0.exe
        Path: S:\6ge
        Status: Virus detected
        Virus: not-a-virus:AdWare.Win32.IWon (Engine A), Adware.Iwon.D (Engine B)
Object: explorer-7.0.exe
        Path: S:\6ge
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.Small.aamm (Engine A), Trojan.Fakealert.ZB (Engine B)

Analysis performed in full: 10/10/2008 17:21
    6 files checked
    5 infected files detected
    0 suspicious files found