2008年11月15日早上收集的14个可疑样本

显示全部楼层 · 发表于 2008-11-15 08:16:25

2008年11月15日早上收集的14个可疑样本
如果您的安全软件无法查杀,
请及时上报. 谢谢

点击下载2008年11月15日早上收集的14个可疑样本

显示全部楼层 · 发表于 2008-11-15 08:34:44

卡巴6个
红伞10个

显示全部楼层 · 发表于 2008-11-15 10:06:38

金山毒霸可信认证技术查询结果如下

2.exe    -----------    分析中
4.exe    -----------    分析中
47.exe    -----------    病毒
48.exe    -----------    分析中
5.exe    -----------    分析中
7.exe    -----------    可疑的
cookiepop.js    -----------    可疑的
dzh_2008v5.exe    -----------    分析中
Index.htm    -----------    未知
keixj.exe    -----------    安全(*)
setup_1621.exe    -----------    分析中
setup_UUSEE5004853.exe    -----------    分析中
tc.js    -----------    可疑的
UUSEE_myiee_Setup_407.exe    -----------    安全(*)

信息 2008-11-15  10:00:26 您此次查毒隔离了6个文件
信息 2008-11-15  10:00:26 您此次查毒共查出6个病毒以及危险代码
信息 2008-11-15  10:00:26 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件384个
信息 2008-11-15  10:00:26 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-11-15  10:00:26 D:\Desktop\2008.11.15_1_\dzh_2008v5.exe\$TEMP\dl1host.exe Win32.Hack.Huigezi.825344 隔离成功
病毒 2008-11-15  10:00:26 D:\Desktop\2008.11.15_1_\dzh_2008v5.exe\$TEMP\qq02.exe Win32.PSWTroj.QQPass.1519616 隔离成功
病毒 2008-11-15  10:00:26 D:\Desktop\2008.11.15_1_\dzh_2008v5.exe\$TEMP\setup1487.exe Win32.Troj.Unknown.167975 隔离成功
病毒 2008-11-15  10:00:24 D:\Desktop\2008.11.15_1_\cookiepop.js JS.CodeBaseExec.va.1950 隔离成功
病毒 2008-11-15  10:00:22 D:\Desktop\2008.11.15_1_\7.exe Win32.Troj.Agent.114688 隔离成功
病毒 2008-11-15  10:00:20 D:\Desktop\2008.11.15_1_\47.exe Win32.Troj.BhoT.ma.147456 隔离成功

显示全部楼层 · 发表于 2008-11-15 11:45:56

Scan Stats:
  Scan Time: 3 seconds
  Scan Options:
  Scan Targets: D:\Virus\2008.11.15_1_.zip
  Counts:
Total items scanned: 15
- Files & Directories: 15
- Registry Entries: 0
- Processes & Start-up Items: 0
- Network & Browser Items: 0
- Other: 0
- Trusted Files: 0
- Skipped Files: 0

Total security risks detected: 6
Total items resolved: 6
Total items that require attention: 0

Resolved Threats:
Suspicious.AH.7
Type: Compressed
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
[2.exe] inside of [d:\virus\2008.11.15_1_.zip] - Deleted

Suspicious.AH.1
Type: Compressed
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
[4.exe] inside of [d:\virus\2008.11.15_1_.zip] - Deleted

Suspicious.AH.35
Type: Compressed
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
[48.exe] inside of [d:\virus\2008.11.15_1_.zip] - Deleted

Hacktool
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[cookiepop.js] inside of [d:\virus\2008.11.15_1_.zip] - Deleted

Downloader
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[dzh_2008v5.exe] inside of [d:\virus\2008.11.15_1_.zip] - Deleted

Adware.Istbar
Type: Compressed
Risk: Medium (High Stealth, Low Removal, High Performance, Low Privacy)
Categories: Adware
Status: Fully Resolved
-----------
1 File
[tc.js] inside of [d:\virus\2008.11.15_1_.zip] - Deleted

显示全部楼层 · 发表于 2008-11-15 12:18:07

Sandbox 4

Scanning Engines:
F-Secure AVP: 7.00.171, 2008-11-14
F-Secure Hydra: 2.08.8110, 2008-11-14

Result: 5 malware found
AdWare.Win32.AdMedia.ed (Adware)
C:\Documents and Settings\sk\桌面\virusrun\081115\14\47.exe
Trojan-Spy.Win32.Agent.ccb (virus)
C:\Documents and Settings\sk\桌面\virusrun\081115\14\48.exe Action: deleted
Exploit.HTML.CodeBaseExec (virus)
C:\Documents and Settings\sk\桌面\virusrun\081115\14\cookiepop.js Action: deleted
Trojan-Downloader.Win32.Small.agei (virus)
C:\Documents and Settings\sk\桌面\virusrun\081115\14\dzh_2008v5.exe Action: deleted
Trojan-Downloader.JS.IstBar.aw (virus)
C:\Documents and Settings\sk\桌面\virusrun\081115\14\tc.js Action: deleted

显示全部楼层 · 发表于 2008-11-15 18:20:44

已删除：广告程序 not-a-virus:AdWare.Win32.AdMedia.ed 文件: C:\Documents and Settings\Administrator\桌面\2008.11.15_1_\47.exe
已删除：木马程序 Trojan-Spy.Win32.Agent.ccb 文件: C:\Documents and Settings\Administrator\桌面\2008.11.15_1_\48.exe//PE_Patch.UPX//UPX
已删除：木马程序 Exploit.HTML.CodeBaseExec 文件: C:\Documents and Settings\Administrator\桌面\2008.11.15_1_\cookiepop.js
已删除：木马程序 Trojan-Downloader.Win32.Small.agei 文件: C:\Documents and Settings\Administrator\桌面\2008.11.15_1_\dzh_2008v5.exe//stream//data0001
已删除：广告程序 not-a-virus:AdWare.Win32.Zhongsou.bb 文件: C:\Documents and Settings\Administrator\桌面\2008.11.15_1_\dzh_2008v5.exe//stream//data0004//data0006
已删除：木马程序 Trojan.Win32.KillAV.avc 文件: C:\Documents and Settings\Administrator\桌面\2008.11.15_1_\dzh_2008v5.exe//stream//data0006
已删除：木马程序 Backdoor.Win32.Hupigon.ertv 文件: C:\Documents and Settings\Administrator\桌面\2008.11.15_1_\dzh_2008v5.exe//stream//data0007
已隔离：病毒 Heur.Downloader (修改) 文件: C:\Documents and Settings\Administrator\桌面\2008.11.15_1_\setup_1621.exe
已删除：木马程序 Trojan-Downloader.JS.IstBar.aw 文件: C:\Documents and Settings\Administrator\桌面\2008.11.15_1_\tc.js

显示全部楼层 · 发表于 2008-11-15 18:31:13

正在扫描日志
病毒库版本: 3613 (20081114)
日期: 2008-11-15 时间: 18:28:53
已扫描的磁盘、文件夹和文件: C:\Documents and Settings\Owner\桌面\UUSEE_myiee_Setup_407.exe;C:\Documents and Settings\Owner\桌面\tc.js;C:\Documents and Settings\Owner\桌面\setup_UUSEE5004853.exe;C:\Documents and Settings\Owner\桌面\setup_1621.exe;C:\Documents and Settings\Owner\桌面\keixj.exe;C:\Documents and Settings\Owner\桌面\Index.htm;C:\Documents and Settings\Owner\桌面\dzh_2008v5.exe;C:\Documents and Settings\Owner\桌面\cookiepop.js;C:\Documents and Settings\Owner\桌面\7.exe;C:\Documents and Settings\Owner\桌面\5.exe;C:\Documents and Settings\Owner\桌面\48.exe;C:\Documents and Settings\Owner\桌面\47.exe;C:\Documents and Settings\Owner\桌面\4.exe;C:\Documents and Settings\Owner\桌面\2.exe
C:\Documents and Settings\Owner\桌面\tc.js - JS/TrojanDownloader.IstBar.AI 特洛伊木马 - 通过删除清除 - 已隔离 [1]
C:\Documents and Settings\Owner\桌面\dzh_2008v5.exe > NSIS > t04_8888.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
C:\Documents and Settings\Owner\桌面\dzh_2008v5.exe > NSIS > setup1487.exe - Win32/TrojanDownloader.Flux.AE 特洛伊木马 - 是已删除对象的一部分
C:\Documents and Settings\Owner\桌面\dzh_2008v5.exe > NSIS > TBSetup(-33554357).exe > NSIS > ToolBand.dll - Win32/Adware.Zhongsou 应用程序 - 是已删除对象的一部分
C:\Documents and Settings\Owner\桌面\dzh_2008v5.exe > NSIS > TBSetup(-33554357).exe > NSIS > Toolbar_bho.dll - Win32/Adware.Zhongsou 应用程序 - 是已删除对象的一部分
C:\Documents and Settings\Owner\桌面\dzh_2008v5.exe > NSIS > setup_102725.exe - Win32/Agent.OCX 特洛伊木马的变种 - 是已删除对象的一部分
C:\Documents and Settings\Owner\桌面\dzh_2008v5.exe > NSIS > qq02.exe - 可能是 Win32/TrojanClicker.Agent.NEQ 特洛伊木马的变种 - 是已删除对象的一部分
C:\Documents and Settings\Owner\桌面\cookiepop.js - HTML/Exploit.CodeBaseExec 特洛伊木马 - 通过删除清除 - 已隔离 [1]
C:\Documents and Settings\Owner\桌面\7.exe - Win32/Agent.OCX 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
C:\Documents and Settings\Owner\桌面\47.exe > NSIS > 156.exe > NSIS > 龏? - 可能是 Win32/Adware.Cinmus 应用程序的变种 - 是已删除对象的一部分
已扫描的对象数: 367
发现的威胁数: 10
已清除对象数:10
完成时间: 18:29:10 总扫描时间: 17 秒 (00:00:17)

备注:
[1] 由于对象中仅包含病毒主体，因此已被删除。

显示全部楼层 · 发表于 2008-11-15 23:17:19

文件名称 : 47 (23%的杀软(9/39)报告发现病毒 )
         dzh_2008v5 (51%的杀软(20/39)报告发现病毒)
         Index (全部的杀毒软件报告没有发现病毒)
         UUSEE_myiee_Setup_407 (3%的杀软(1/39)报告发现病毒)
---------------------------------------------------------------------------------------------
红伞上报3个.

[病毒样本] 2008年11月15日早上收集的14个可疑样本

to kl