加密脚本一包

显示全部楼层 · 发表于 2008-11-2 13:03:31

2008-11-02上午发现的,全部在C盘根目录,有加密脚本,有EXE程序,大家自己解闷吧,有哪位XD解密后发上来看看

我是没时间弄了

http://xianexs.mail.qq.com/cgi-bin/downloadfilepart/svrid256/onriqsh.rar?svrid=256&fid=00b0bf02682b8f53f07b9ce4148300b59d29718c4b74377b&&txf_fid=ca80002124824234e04f4debbc7f4145a0b12ff2&&txf_sid=
(提取码 e7e6d443)

显示全部楼层 · 发表于 2008-11-2 13:15:12

丢卡巴了. 还想筛选下的解压后30M

.

显示全部楼层 · 发表于 2008-11-2 13:26:00

丢avira了

显示全部楼层 · 发表于 2008-11-2 13:37:01

C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>12.exe TrojanDownloader.Mnless.bkq.kmuc 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>ARP.BAT TrojanDownloader.BAT.Ftp.dg.wbwa 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>czwbowu.exe Trojan.VB.fkv.njpl 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>fgeulva.exe Trojan.VB.fkv.njpl 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>fwcmyye.exe Trojan.VB.fkv.njpl 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>lqoqf.exe Trojan.VB.fkv.njpl 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>nzapyypp.exe Trojan.VB.fkv.njpl 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>profhfn.exe Trojan.VB.fkv.njpl 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>rspsfe.exe Trojan.VB.fzq.vcmr 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>startrun.vbs TrojanDownloader.BAT.Ftp.dg.nftn 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>uqunqih.exe Trojan.VB.fkv.njpl 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>uulajg.exe Trojan.VB.fkv.njpl 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>xzngtyl.exe Trojan.VB.fkv.njpl 木马还未处理
C:\Documents and Settings\Administrator\桌面\onriqsh.rar>>zjtwsvh.exe Trojan.VB.fkv.njpl 木马还未处理

显示全部楼层 · 发表于 2008-11-2 13:40:28

全部上报微点！

显示全部楼层 · 发表于 2008-11-2 14:06:53

嘿嘿，加密的东西，会搞得人疯掉的。

显示全部楼层 · 发表于 2008-11-3 09:41:27

Hello,

adzmom.vbs_, aiwvd.vbs_, ajqzk.vbs_, apjk.vbs_, bafln.vbs_, bojgl.vbs_, bzpkg.vbs_, ccsatxe.vbs_, ckfci.vbs_, crffai.vbs_, dnnsj.vbs_, dnyepa.vbs_, dslwjkq.vbs_, efizc.vbs_, ewhzv.vbs_, incvkvw.vbs_, kityctc.vbs_, lhee.vbs_, nizmr.vbs_, nlwmuj.vbs_, nzlbz.vbs_, onriqsh.vbs_, pmsuyl.vbs_, pnqn.vbs_, qpvjtk.vbs_, qwegcut.vbs_, rieud.vbs_, trqgt.vbs_, umzsw.vbs_, uyjh.vbs_, wbfwe.vbs_, winpy.vbs_, zegfzbm.vbs_, zpvivg.vbs_ - Trojan-Downloader.VBS.Small.hq,
aihkdy.vbs_, alwb.vbs_, cthxe.vbs_, fwhqq.vbs_, gadckfvl.vbs_, hwwkdxz.vbs_, jllmih.vbs_, lgcn.vbs_, lytfgzs.vbs_, mbvucyl.vbs_, nueflx.vbs_, nvavf.vbs_, opwnf.vbs_, pieagmow.vbs_, rtyr.vbs_, sgrwbiga.vbs_, snghmc.vbs_, suoagv.vbs_, vbvtdu.vbs_, xajrtw.vbs_, xipr.vbs_, xpvu.vbs_, xpzxwat.vbs_, xqpy.vbs_, yho.vbs_, yie.vbs_, zmstkeez.vbs_, zzzpxoh.vbs_ - Trojan.VBS.Agent.cv,
anh.vbs_, jxwxcxs.vbs_, yrbqsgxt.vbs_ - Trojan.VBS.Agent.cu,
cmd.exe_ - Trojan.Win32.Agent.alpt,
fx.htm_ - Trojan.HTML.Agent.y,
hearv.vbs_ - Trojan.VBS.Agent.cw,
xakqvqp.vbs_ - Trojan.VBS.Agent.cx,
ydgpiwn.vbs_ - Trojan.VBS.Agent.cy

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

bat.bat_, explorer

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Davidov Dmitriy
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2008-11-3 10:00:46

End of the scan: 2008年11月3日  10:00
Used time: 00:07 Minute(s)

The scan has been done completely.

   0 Scanning directories
   92 Files were scanned
   55 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   37 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-11-3 13:15:08

被NOD32阻止下载。。。

显示全部楼层 · 发表于 2008-11-3 13:16:59

AVG kill 17
miss 74

to lab

[病毒样本] 加密脚本一包

评分

14~扫描好慢

浏览过的版块