收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 -{'_'}- 32x =[-_-]= -(12.04 晚间)-
12
返回列表 发新帖
楼主: will
 收起左侧

[病毒样本] -{'_'}- 32x =[-_-]= -(12.04 晚间)-

[复制链接]
lingbo110120
发表于 2008-12-4 19:30:45 | 显示全部楼层

回复 2楼 tanlimo 的帖子

你上报吧...
回复

举报

zhuyu14
发表于 2008-12-4 19:33:37 | 显示全部楼层
NIS2009 29个!
回复

举报

xiaochi12
发表于 2008-12-4 19:44:13 | 显示全部楼层












本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

qianwenxiang
发表于 2008-12-4 20:43:20 | 显示全部楼层

回复 10楼 xiaochi12 的帖子

MalwareByte's AntiMalware
回复

举报

ashe_vaan
发表于 2008-12-4 20:51:17 | 显示全部楼层

没怎么用过诺顿

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

花间酒
发表于 2008-12-4 21:01:41 | 显示全部楼层
驱逐艦 报10个。
回复

举报

深红的雪
发表于 2008-12-4 21:14:24 | 显示全部楼层
MSCL06.exe是onlinegame

它首先会遍历进程查找elementclient.exe,如果找不到就退出了,当然没动作
找到的话会结束elementclient.exe并替换之,释放CPWGameRecord.dll等等

杀软查不出倒是说明这个质量不错

评分

参与人数 1人气 +1 收起 理由
will + 1 感谢解答 嘿嘿

查看全部评分

回复

举报

Kitman
发表于 2008-12-5 22:56:42 | 显示全部楼层
Begin scan in 'C:\Users\Kitman\Downloads\MCLS\MCLS'
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS01.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540b7.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS02.EXE
      [DETECTION] Is the TR/PSW.Online.bir Trojan
    [NOTE]      A backup was created as '4a660490.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS03.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540b9.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS04.EXE
      --> Object
        [1] Archive type: RSRC
        --> Object
          [DETECTION] Is the TR/Agent.arym.2 Trojan
    [NOTE]      A backup was created as '4a660492.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS05.EXE
      [DETECTION] Is the TR/PSW.Wow.ngf Trojan
    [NOTE]      A backup was created as '498540b8.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS06.EXE
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      A backup was created as '4a660491.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS07.EXE
      [DETECTION] Is the TR/PSW.Online.bir Trojan
    [NOTE]      A backup was created as '498540ba.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS08.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a660493.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS09.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540bb.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS10.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a660494.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS11.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540bd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS12.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540bc.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS13.EXE
      [DETECTION] Is the TR/PSW.Online.bin Trojan
    [NOTE]      A backup was created as '4a660495.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS14.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540be.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS15.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a660496.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS16.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540bf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS17.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a6604e8.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS18.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a660497.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS19.EXE
      [DETECTION] Is the TR/PSW.Online.bir Trojan
    [NOTE]      A backup was created as '498540b0.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS20.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a660499.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS21.EXE
      [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540c1.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS22.EXE
      [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a6604ea.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS23.EXE
      [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540c3.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS24.EXE
      [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540b2.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS25.EXE
      [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a66049b.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS26.EXE
      [DETECTION] Is the TR/Dldr.BHOSta Trojan
    [NOTE]      A backup was created as '4a6604ec.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS27.EXE
      [DETECTION] Is the TR/PSW.Online.bir Trojan
    [NOTE]      A backup was created as '498540c5.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS28.EXE
    [DETECTION] Is the TR/Hijacker.Gen Trojan
    [NOTE]      A backup was created as '4a6604ee.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS29.EXE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '498540c7.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS31.DLL
    [DETECTION] Is the TR/Inject.SJ.4 Trojan
    [NOTE]      A backup was created as '498540c0.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Downloads\MCLS\MCLS\MCLS32.SYS
    [DETECTION] Contains recognition pattern of the RKIT/Agent.AIWN.3 root kit
    [NOTE]      A backup was created as '4a6604e9.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2008年12月5日  22:53
Used time: 00:11 Minute(s)

The scan has been done completely.

      1 Scanning directories
     32 Files were scanned
     31 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     31 files were deleted
      0 files were repaired
     31 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      0 Archives were scanned
      0 Warnings
     31 Notes
The file 'MCLS30.DLL' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

[ 本帖最后由 Kitman 于 2008-12-5 23:05 编辑 ]
回复

举报

挪威的冬天
发表于 2008-12-5 23:19:06 | 显示全部楼层
为啥遍历的时候漏掉了最后那个 sys 乜...怪了
金山毒霸可信认证技术查询结果如下

MCLS01.EXE     -----------     分析中
MCLS02.EXE     -----------     分析中
MCLS03.EXE     -----------     分析中
MCLS04.EXE     -----------     未知
MCLS05.EXE     -----------     病毒
MCLS06.EXE     -----------     分析中
MCLS07.EXE     -----------     可疑的
MCLS08.EXE     -----------     分析中
MCLS09.EXE     -----------     分析中
MCLS10.EXE     -----------     分析中
MCLS11.EXE     -----------     分析中
MCLS12.EXE     -----------     分析中
MCLS13.EXE     -----------     分析中
MCLS14.EXE     -----------     可疑的
MCLS15.EXE     -----------     分析中
MCLS16.EXE     -----------     分析中
MCLS17.EXE     -----------     分析中
MCLS18.EXE     -----------     可疑的
MCLS19.EXE     -----------     分析中
MCLS20.EXE     -----------     分析中
MCLS21.EXE     -----------     可疑的
MCLS22.EXE     -----------     分析中
MCLS23.EXE     -----------     分析中
MCLS24.EXE     -----------     分析中
MCLS25.EXE     -----------     分析中
MCLS26.EXE     -----------     可疑的
MCLS27.EXE     -----------     分析中
MCLS28.EXE     -----------     分析中
MCLS29.EXE     -----------     分析中
MCLS30.DLL     -----------     安全(*)
MCLS31.DLL     -----------     分析中
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-11-10 03:26 , Processed in 0.120782 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表