谁可以帮帮忙？

显示全部楼层 · 发表于 2008-11-6 23:04:24

今天卡饭评测区的样本中，有一个样本线上只有四个报

我把他留在桌面上，本想改个名字，不料鼠标点得太快，运行了

我电脑上的NIS miss了，谁有HIPS或虚拟机帮我看看有什么动作啊

显示全部楼层 · 发表于 2008-11-6 23:07:05

C:\Documents and Settings\Administrator\桌面\6.rar > RAR > 6\081106-3-2.exe - Win32/TrojanDownloader.VB.NSB 特洛伊木马

显示全部楼层 · 发表于 2008-11-6 23:07:23

没装HIPS或虚拟机，同情LZ

To KL

显示全部楼层 · 发表于 2008-11-6 23:12:12

局部生成物~

C:\Documents and Settings\Administrator\桌面\system32.rar > RAR > d7b49fa.sys - Win32/PSW.Agent.NIM 特洛伊木马
C:\Documents and Settings\Administrator\桌面\system32.rar > RAR > F2CBFAC4.dll - Win32/PSW.OnLineGames.NRD 特洛伊木马

显示全部楼层 · 发表于 2008-11-6 23:14:58

2008/11/6 23:13:46 已清除木马程序 Trojan-GameThief.Win32.Magania.ajjt G:\Temp\Virus\system32.rar/F2CBFAC4.dll//UPack
2008/11/6 23:13:46 已清除木马程序 Trojan-GameThief.Win32.OnLineGames.trfn G:\Temp\Virus\system32.rar/d7b49fa.sys

漏的To KL

显示全部楼层 · 发表于 2008-11-6 23:17:32

未必都有问题的。。。。。。。。。

显示全部楼层 · 发表于 2008-11-6 23:20:53

自己看一下剩余的文件吧。。。。。不说什么了。。。。。不要动不动就扔给KL。。。。。。。

显示全部楼层 · 发表于 2008-11-6 23:24:39

6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) (events: 79)
2008-11-6 JAY23:21:40 Placed in group Low Restricted
2008-11-6 JAY23:21:41 Process start C:\Documents and Settings\Owner\桌面\6\081106-3-2.exe
2008-11-6 JAY23:21:49 Create C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF5D9C.tmp Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:21:57 Access to critical system objects Denied: KLPrivileges/KLPermissionSystem/KLPermissionSysObjAccess/KLCriticalCOMAccess
2008-11-6 JAY23:21:57 Create C:\WINDOWS\system32\WBEM\Logs\wbemprox.log Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:21:57 Modification C:\WINDOWS\system32\wbem\Logs\wbemprox.log
2008-11-6 JAY23:22:04 Process start c:\windows\system32\cmd.exe Denied: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc
2008-11-6 JAY23:22:05 Create C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:05 Create C:\Documents and Settings\Owner\Cookies\index.dat Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:13 Create C:\Documents and Settings\Owner\Cookies\index.dat Denied: KLPrivateData/KLPrivateUserFiles/Cookies2
2008-11-6 JAY23:22:14 Create C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Create C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\62A3EK28\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Create C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\2D6FWKQX\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Create C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\XH17SP9N\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Create C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\ZWHRH7CS\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\VM2U5ZO5\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\VM2U5ZO5 Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\TBOJ2MXT\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\TBOJ2MXT Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFVY5XAV\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFVY5XAV Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JTUYG57K\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JTUYG57K Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WR2THCYQ\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WR2THCYQ Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\98P83Z4X\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\98P83Z4X Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2D2QKPCT\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2D2QKPCT Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZK0HQZ74\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZK0HQZ74 Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\0KB727VF\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\0KB727VF Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\HIL35YGW\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\HIL35YGW Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\MDILDO7T\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\MDILDO7T Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GVFVFGHH\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GVFVFGHH Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JWCMKG1C\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JWCMKG1C Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GZITZT4W\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GZITZT4W Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W6TZJF65\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W6TZJF65 Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8YX2FA8S\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8YX2FA8S Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\EOIETT3T\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\EOIETT3T Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\VGHKCOM4\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\VGHKCOM4 Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GJ86O5U1\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GJ86O5U1 Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WGTHD5NI\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WGTHD5NI Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CZR8MIRO\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CZR8MIRO Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I8LF415L\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I8LF415L Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ELIFL4BE\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ELIFL4BE Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\MQ58HVOO\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\MQ58HVOO Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\88TFWEMP\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\88TFWEMP Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\67PEER77\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\67PEER77 Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\F45F1RK8\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\F45F1RK8 Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2C6TY1VU\desktop.ini Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Delete C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\2C6TY1VU Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Create C:\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\index.dat Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:14 Create C:\DOCUME~1\Owner\LOCALS~1\Temp\History\History.IE5\index.dat Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:15 Create C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:15 Modification C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Allowed: KLSystemData/FD-C/
2008-11-6 JAY23:22:15 Modification HKEY_USERS\S-1-5-21-1292428093-706699826-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections/SavedLegacySettings
2008-11-6 JAY23:22:29 Create C:\WINDOWS\Help\qqzymm.exe Denied: KLSystemData/KLSystemFiles/SystemExe
2008-11-6 JAY23:22:36 Process start c:\windows\system32\cmd.exe Denied: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc
2008-11-6 JAY23:24:02 Process exit C:\Documents and Settings\Owner\桌面\6\081106-3-2.exe

显示全部楼层 · 发表于 2008-11-6 23:25:01

有1kb的。。。。。

显示全部楼层 · 发表于 2008-11-7 00:03:33

今天这是怎么了

Hello,

081106-3-2.exe_ - Trojan-Downloader.Win32.Agent.aoan

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Ostroverkhov Vladimir
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[病毒样本] 谁可以帮帮忙？

本帖子中包含更多资源

本帖子中包含更多资源

回复 4楼 tvuser2007 的帖子