收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 [12.8凌晨]-{网马更新}---- 27X
12下一页
返回列表 发新帖
查看: 2857|回复: 14
收起左侧

[病毒样本] [12.8凌晨]-{网马更新}---- 27X

[复制链接]
will
发表于 2008-12-7 23:57:35 | 显示全部楼层 |阅读模式
我们的宗旨是:查漏补缺
不能查杀的样本请及时上报
网马更新日期:12.07.2008
总数:27

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

su-tt
发表于 2008-12-8 00:00:50 | 显示全部楼层
NIS解压干掉20个

剩余的上报

[ 本帖最后由 su-tt 于 2008-12-8 00:04 编辑 ]
回复

举报

wangjay1980
发表于 2008-12-8 00:06:34 | 显示全部楼层
TO KL
回复

举报

leonfg
发表于 2008-12-8 00:07:19 | 显示全部楼层
ESET 清空
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\16a62551a7815f9a458bd79ac7ccfead.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\2b6e1766851482e2583a45614d8a360b.exe - a variant of Win32/PSW.OnLineGames.NRD trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\2f4a14464f930fd611f1ca4e30d11c3a.exe - a variant of Win32/TrojanDropper.Agent.NPO trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\3766f0c2722731b2063b9634638a0916.exe - probably a variant of Win32/TrojanDownloader.Agent.OMQ trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\4bb8c07a98a4b184cf60c96890304696.exe - probably a variant of Win32/TrojanDownloader.Agent.ONB trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\52219754282daeb1924a0cfce7840bc6.exe - a variant of Win32/PSW.OnLineGames.NRD trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\524fbbcbf8a5380c5d2d970590c8e687.exe - a variant of Win32/PSW.OnLineGames.NSG trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\57a01a5e8bb94c0afed91ea3243d6a3e.exe - probably a variant of Win32/PSW.OnLineGames.NRF trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\68ba9483a3676db0afbb64ed765de77d.exe - a variant of Win32/PSW.OnLineGames.NRD trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\6a26ffb17ea7da18c767e7c6499e04f0.exe - a variant of Win32/Rootkit.Agent.NGW trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\6f9fb96fc637759658b69a8de9fa4091.exe - probably a variant of Win32/PSW.OnLineGames.NRF trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\741aadaf8d6f1c74d30a9a9b06d84f87.exe - a variant of Win32/TrojanDropper.Agent.NPO trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\82ea04f7ecf1a9df94df95996f0831f6.exe - a variant of Win32/PSW.WOW.NGF trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\978072a0a0ca5b0cde72d24991b57089.exe - a variant of Win32/PSW.OnLineGames.NRD trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\9e055db239b609e07073baa36eb08988.exe - probably a variant of Win32/PSW.OnLineGames.NSV trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\a0e5f2974574ae52675e09421f880f03.exe - probably a variant of Win32/PSW.Delf.NLZ trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\a414a4d94b7e4e3815cbcfa90080abfb.exe - Win32/Exploit.MS08-067.A trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\aab50af3149d7331379a0db884b1d491.exe - a variant of Win32/PSW.OnLineGames.NST trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\b1aa0ba4b44251af0f7895fd8c533afb.exe - a variant of Win32/TrojanDropper.Agent.NPO trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\bd4f09884aa072d04767e6ceb1c3e0b3.exe - probably a variant of Win32/PSW.OnLineGames.NRF trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\c1096dd91e26c1c9fd157ccfb6318cd2.exe - a variant of Win32/PSW.Legendmir.NFY trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\c2bba4459114e17d20ab6f3f93e4340b.exe - probably a variant of Win32/PSW.OnLineGames.NRF trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\c3fd810ae7d82a0058f4ca6f5b92d74b.exe - a variant of Win32/TrojanDropper.Agent.NPO trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\ccba4f1c64ddcd3837961aa98b2e620b.exe - a variant of Win32/PSW.OnLineGames.NSG trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\e273421c9adac48e86429e28a105663a.exe - a variant of Win32/PSW.OnLineGames.NSG trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\ecca1c8f2910cb856b502fe58ea90728.exe - a variant of Win32/TrojanDropper.Agent.NPO trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\MCLS\MCLS\f10939da89988bdc64920758879644c7.exe - a variant of Win32/PSW.Legendmir.NFY trojan - cleaned by deleting - quarantined
回复

举报

wangjay1980
发表于 2008-12-8 00:29:39 | 显示全部楼层
Hello.

New malicious software was found in the attached file. Its detection will be included in the next update.
Thank you for your help.
回复

举报

啊弥陀佛
发表于 2008-12-8 09:31:02 | 显示全部楼层
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\A414A4D94B7E4E3815CBCFA90080ABFB.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\DRIVERS\SYSTEMA.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\A0E5F2974574AE52675E09421F880F03.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\JVTNNT64.987
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\AAB50AF3149D7331379A0DB884B1D491.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\94CE0DAB.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\52219754282DAEB1924A0CFCE7840BC6.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\F65BDEC7.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\3766F0C2722731B2063B9634638A0916.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DLL390.DLL
2) C:\WINDOWS\SYSTEM32\NSKHELPER2.SYS
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\978072A0A0CA5B0CDE72D24991B57089.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\F10939DA89988BDC64920758879644C7.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SMX3DFF18.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\4BB8C07A98A4B184CF60C96890304696.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\9E055DB239B609E07073BAA36EB08988.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\XYWGAMERECORD.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\68BA9483A3676DB0AFBB64ED765DE77D.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MCLS\MCLS\C1096DD91E26C1C9FD157CCFB6318CD2.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SMX3F6A02.DLL
是否删除木马程序及其衍生物?

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

小邪邪
发表于 2008-12-8 11:14:04 | 显示全部楼层
mcafee清空
回复

举报

挪威的冬天
发表于 2008-12-8 12:04:47 | 显示全部楼层
信息        2008-12-08  12:04:22        您此次查毒共查出6个病毒以及危险代码                       
信息        2008-12-08  12:04:22        您此次查毒共查了内存模块0个,磁盘引导扇区0个,文件55个                       
信息        2008-12-08  12:04:22        金山毒霸主程序查毒过程结束,查毒方式:命令行查毒                       
病毒        2008-12-08  12:04:22        D:\Desktop\MCLS\MCLS\a0e5f2974574ae52675e09421f880f03.exe        Win32.Troj.QQPswT.bs.116858        跳过,未处理       
病毒        2008-12-08  12:04:22        D:\Desktop\MCLS\MCLS\978072a0a0ca5b0cde72d24991b57089.exe        Win32.Troj.OnlineGamesT.nr.73728        跳过,未处理       
病毒        2008-12-08  12:04:22        D:\Desktop\MCLS\MCLS\68ba9483a3676db0afbb64ed765de77d.exe        Win32.Troj.OnlineGamesT.nr.73728        跳过,未处理       
病毒        2008-12-08  12:04:22        D:\Desktop\MCLS\MCLS\52219754282daeb1924a0cfce7840bc6.exe        Win32.Troj.OnlineGamesT.nr.73728        跳过,未处理       
病毒        2008-12-08  12:04:22        D:\Desktop\MCLS\MCLS\3766f0c2722731b2063b9634638a0916.exe        Win32.Troj.KillAVT.pk.73728        跳过,未处理       
病毒        2008-12-08  12:04:22        D:\Desktop\MCLS\MCLS\2b6e1766851482e2583a45614d8a360b.exe        Win32.Troj.OnlineGamesT.nr.73728        跳过,未处理       


金山毒霸可信认证查询结果如下:

报告生成于:   2008/12/8 12:3

4bb8c07a98a4b184cf60c96890304696.exe      --------      Suspect
6a26ffb17ea7da18c767e7c6499e04f0.exe      --------      Suspect
82ea04f7ecf1a9df94df95996f0831f6.exe      --------      Suspect
9e055db239b609e07073baa36eb08988.exe      --------      Suspect
aab50af3149d7331379a0db884b1d491.exe      --------      Suspect
e273421c9adac48e86429e28a105663a.exe      --------      Suspect
ecca1c8f2910cb856b502fe58ea90728.exe      --------      Suspect


52219754282daeb1924a0cfce7840bc6.exe      --------      Virus
68ba9483a3676db0afbb64ed765de77d.exe      --------      Virus
a0e5f2974574ae52675e09421f880f03.exe      --------      Virus


2b6e1766851482e2583a45614d8a360b.exe      --------      Unknown
524fbbcbf8a5380c5d2d970590c8e687.exe      --------      Unknown
6f9fb96fc637759658b69a8de9fa4091.exe      --------      Unknown
978072a0a0ca5b0cde72d24991b57089.exe      --------      Unknown
bd4f09884aa072d04767e6ceb1c3e0b3.exe      --------      Unknown
c1096dd91e26c1c9fd157ccfb6318cd2.exe      --------      Unknown


16a62551a7815f9a458bd79ac7ccfead.exe      --------      Under Analysis
2f4a14464f930fd611f1ca4e30d11c3a.exe      --------      Under Analysis
3766f0c2722731b2063b9634638a0916.exe      --------      Under Analysis
57a01a5e8bb94c0afed91ea3243d6a3e.exe      --------      Under Analysis
741aadaf8d6f1c74d30a9a9b06d84f87.exe      --------      Under Analysis
a414a4d94b7e4e3815cbcfa90080abfb.exe      --------      Under Analysis
b1aa0ba4b44251af0f7895fd8c533afb.exe      --------      Under Analysis
c2bba4459114e17d20ab6f3f93e4340b.exe      --------      Under Analysis
c3fd810ae7d82a0058f4ca6f5b92d74b.exe      --------      Under Analysis
ccba4f1c64ddcd3837961aa98b2e620b.exe      --------      Under Analysis
f10939da89988bdc64920758879644c7.exe      --------      Under Analysis


理论文件总数:        27
实际文件总数:        27

其中:

分析中: 11
安全: 0
可疑的: 7
病毒: 3
木马: 0
风险程序: 0
未知: 6
查询失败: 0

识别率为: 77%
回复

举报

bjfhj
发表于 2008-12-8 14:16:03 | 显示全部楼层
病毒        2008-12-08  14:15:26        C:\Documents and Settings\Administrator\桌面\MCLS\MCLS\a0e5f2974574ae52675e09421f880f03.exe        Win32.Troj.QQPswT.bs.116858        清除成功       
病毒        2008-12-08  14:15:26        C:\Documents and Settings\Administrator\桌面\MCLS\MCLS\978072a0a0ca5b0cde72d24991b57089.exe        Win32.Troj.OnlineGamesT.nr.73728        清除成功       
病毒        2008-12-08  14:15:26        C:\Documents and Settings\Administrator\桌面\MCLS\MCLS\68ba9483a3676db0afbb64ed765de77d.exe        Win32.Troj.OnlineGamesT.nr.73728        清除成功       
病毒        2008-12-08  14:15:26        C:\Documents and Settings\Administrator\桌面\MCLS\MCLS\52219754282daeb1924a0cfce7840bc6.exe        Win32.Troj.OnlineGamesT.nr.73728        清除成功       
病毒        2008-12-08  14:15:26        C:\Documents and Settings\Administrator\桌面\MCLS\MCLS\3766f0c2722731b2063b9634638a0916.exe        Win32.Troj.KillAVT.pk.73728        清除成功       
病毒        2008-12-08  14:15:26        C:\Documents and Settings\Administrator\桌面\MCLS\MCLS\2b6e1766851482e2583a45614d8a360b.exe        Win32.Troj.OnlineGamesT.nr.73728        清除成功
回复

举报

250662772
发表于 2008-12-8 16:22:43 | 显示全部楼层
nod322.7全杀

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-7-16 01:00 , Processed in 0.138049 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表