新病毒“超级AV终结者”能力极强！致十万余用户感染（附样本）

youba

超级AV终结者病毒的庞大的黑名单：

进程列表
pccguide.exe ZONEALARM.exe zonealarm.exe wink.exe
windows优化大师.exe WFINDV32.exe webtrap.exe WEBSCANX.exe
WEBSCAN.exe vsstat.exe VSSCAN40 VSHWIN32.exe vshwin32.exe
VSECOMR.exe VPC32.exe vir.exe VETTRAY.exe VET95.exe
vavrunr.exe UlibCfg.exe TSC.exe tmupdito.exe tmproxy.exe
TMOAgent.exe Tmntsrv.exe TDS2-NT.exe TDS2-98.exe TCA.exe
TBSCAN.exe symproxysvc.exe SWEEP95.exe spy.exe
SPHINX.exe smtpsvc.exe SMC.exe sirc32.exe SERV95.exe
secu.exe SCRSCAN.exe scon.exe SCANPM.exe SCAN32.exe scan.exe
scam32.exe safeweb.exe safeboxTray.exe rn.exe Rfw.exe
rescue32.exe regedit.exe RavTask.exe RavStub.exe
RavMonD.exe RavMon.exe rav7win.exe RAV7.exe ras.exe
pview95.exe prot.exe program.exe PpPpWallRun.exe
pop3trap.exe PERSFW.exe PCFWALLICON.exe pccwin98.exe
pccmain.exe pcciomon.exe PCCClient.exe pcc.exe PAVCL.exe
PADMIN.exe OUTPOST.exe office.exe NVC95.exe NUPGRADE.exe
norton.exe NORMIST.exe NMAIN.exe nisum.exe nisserv.exe
NAVWNT.exe navwnt.exe NAVW32.exe NAVW.exe NAVSCHED.exe navrunr.exe NAVNT.exe NAVLU32.exe navapw32.exe navapsvc.exe
N32ACAN.exe ms.exe MPFTRAY.exe MOOLIVE.exe moniker.exe
mon.exe microsoft.exe mcafee.exe LUCOMSERVER.exe luall.exe
LOOKOUT.exe lockdown2000.exe lamapp.exe kwatch.exe
KVPreScan.exe KVMonXP.exe KRF.exe KPPMain.exe kpfwsvc.exe
kpfw32.exe KPFW32.exe kissvc.exe kavstart.exe kav32.exe
Kasmain.exe Kabackreport.exe JED.exe iomon98.exe iom.exe
ICSSUPPNT.exe ICMOON.exe ICLOADNT.exe ICLOAD95.exe
IceSword.exe ice.exe IBMAVSP.exe IBMASN.exe IAMSERV.exe
IAMAPP.exe F-STOPW.exe f-stopw.exe FRW.exe FP-WIN.exe fp-win.exe
f-prot95.exe F-PROT.exe fir.exe FINDVIRU.exe F-AGNT95.exe
explorewclass.exe ESPWATCH.exe ESAFE.exe EFINET32.exe ECENGINE.exe
DVP95.exe DV95_O.exe DV95.exe debu.exe dbg.exe DAVPFW.exe
CLEANER3.exe CLEANER.exe CLAW95CT.exe CLAW95.exe cfinet32.exe
cfinet.exe CFIND.exe CFIAUDIT.exe CFIADMIN.exe CCenter.exe
BLACKICE.exe BLACKD.exe avxonsol.exe AVWIN95.exe avsynmgr.exe
AVSCHED32.exe AVPUPD.exe AVPTC32.exe AVPNT.exe AVPMON.exe
AVPM.exe avpdos32.exe AVPCC.exe avp32.exe avp.exe AVKSERV.exe avk.exe
AVGCTRL.exe AVE32.exe AVCONSOL.exe AUTODOWN.exe ATRACK.exe atrack.exe APVXDWIN.exe antivir.exe ANTI-TROJAN.exe anti.exe
ACKWIN32.exe 360tray.exe 360safe.exe _AVPM.exe _AVPCC.exe
_AVP32.exe

病毒扫描当前进程只要发现以上的一个进程，就调用驱动中的ZwTerminateProcess将它强行关闭

IllusionWing

反正用山寨..

hover421

是结束杀毒软件的进程么，还是只是不让扫描？
如果是前者，呵呵，那病毒估计是半年前就完成啦

qianwenxiang

所以几乎所有的测试平台均以破坏，包括还原类、虚拟类、影子类全部可以穿透！

lz测试过了？

rfcc1001

网吧测试..

lmsa613

很强悍啊，可是被江民一刀斩于马下

allinwonderi

[Scanning : C:\TMP]


C:\TMP\c盘根目录下的autorun.rar<RAR>:system.dll <- Heur.RoundKick : No action
C:\TMP\internet explorer里面多出来的文件.rar<RAR>:Sys_NtMe.Zys <- Trojan.Psw.Qqpass.Pf : No action
C:\TMP\system32及temp文件.rar<RAR>:cenvta.dll <- Trojan.Gamethief.Onlinegames.Tvbz : No action
C:\TMP\system32及temp文件.rar<RAR>:docyanx.dll <- Trojan.Gamethief.Onlinegames.Tvit : No action
C:\TMP\system32及temp文件.rar<RAR>:hsexer.dll <- Trojan.Gamethief.Onlinegames.Tviy : No action
C:\TMP\system32及temp文件.rar<RAR>:kandoftt.dll <- Trojan.Gamethief.Onlinegames.Tviv : No action
C:\TMP\system32及temp文件.rar<RAR>:lenyuns.dll <- Adware.Cinmus.Ulx : No action
C:\TMP\system32及temp文件.rar<RAR>:sysmxd3.dll <- Trojan.Psw.Agent.Lek : No action
C:\TMP\system32及temp文件.rar<RAR>:system.dll <- Heur.RoundKick : No action
C:\TMP\system32及temp文件.rar<RAR>:Sys_NtMe.Zys <- Trojan.Psw.Qqpass.Pf : No action
C:\TMP\system32及temp文件.rar<RAR>:xsisco.dll <- Trojan.Gamethief.Magania.Alji : No action
C:\TMP\system32及temp文件.rar<RAR>:zesttns.dll <- Trojan.Gamethief.Onlinegames.Tvby : No action
C:\TMP\temp里多出来的文件.rar<RAR>:315824.txt<UPX>:315824.txt <- Variant:Worm.Delf.G : No action
C:\TMP\temp里多出来的文件.rar<RAR>:315824.txt<UPX>:315824.txt<DLLRES>:FILE0.exe <- Trojan.Psw.Qqpass.Pf : No action
C:\TMP\temp里多出来的文件.rar<RAR>:309815.txt<UPX>:309815.txt<DLLRES>:res0.exe <- Trojan.Rootkit.Agent.Ffi : No action
C:\TMP\temp里多出来的文件.rar<RAR>:303806.txt <- Trojan.Psw.Qqpass.Eft : No action
C:\TMP\temp里多出来的文件.rar<RAR>:231703.txt <- Adware.Polybrow.H : No action
C:\TMP\temp里多出来的文件.rar<RAR>:231703.txt<UPack>:231703.txt<DLLRES>:DLL10.exe <- Trojan.Psw.Agent.Lek : No action

enao

有病毒主体不？这些貌似都是下载下来的马

lmam

Avira 8.0 是全殺!!
到看不出有啥厲害的地方??

qigang

这个新闻有点火的说。江民上昨天看了。