2009年样本区第一个样本帖

sam.to

7d78bdbba175e74a76376a74ce23e56d  FTP081201-1008.dll5
5afbadb23264fe824ebb393d37833bc4  FTP081201-1367.exe277
7ae0fc49a0afeca611a20b0405e39806  FTP081201-1385.exe277
b94a1a55f3bc89fed93272352eee37b0  FTP081201-1917.exe277
ba50a5723d5cb0bdb375e600d886131b  FTP081201-1923.exe277
c17084cf989de95f484a76964aa9de50  FTP081201-1969.exe277
c22e1f747a4f3a5d2172a6a3ff526fcf  FTP081201-2081.exe277
e8df1c78661c680971ed00fedda6887e  FTP081201-2145.dll5
16dbfdb6cf5ff153f5436555506d54b5  FTP081201-2297.swf3
24726c8dfc449176550ab2712d448c7f  FTP081201-2448.dll5
28452a179fae6f7d5ce2736c43a65cce  FTP081201-2489.dll5
42e4a00a0cb83055867fd74769b8e02e  FTP081201-2520.exe277
4475cefecb49524f9937551300f0751a  FTP081201-2813.dll5
53d3898d99464a0cdf3b85c17e67b26a  FTP081201-2950.dll5
61ac782ed8af3a93360945327a984b89  FTP081201-3090.exe277
0b0bfc6787f0982a90d3962da3aa4899  FTP081201-3701.vbs3
f861e90276c4c3f35a9fabc041ad2fe1  FTP081201-3823.ex_
ccc9bdaa42adca3338a14a7c79ef5657  FTP081201-3829.ex


1/1/2009 0:26:44        已偵測: Trojan-GameThief.Win32.OnLineGames.ubpm        C:\Documents and Settings\kato9096\桌面\158255\FTP081201-3829.ex               
卡巴只报一个,不报的已上报

Palkia

C:\Documents and Settings\Administrator\桌面\158255.rar>>158255\FTP081201-1008.dll5        Adware.gen.oeo.dll        广告程序        还未处理
C:\Documents and Settings\Administrator\桌面\158255.rar>>158255\FTP081201-1923.exe277        Constructor.TSCMK.11.ef        病毒        还未处理
C:\Documents and Settings\Administrator\桌面\158255.rar>>158255\FTP081201-2145.dll5        Adware.gen.oeo.dll        广告程序        还未处理
C:\Documents and Settings\Administrator\桌面\158255.rar>>158255\FTP081201-2448.dll5        Adware.Webbrowser.t.uthk.dll        广告程序        还未处理
C:\Documents and Settings\Administrator\桌面\158255.rar>>158255\FTP081201-2489.dll5        Trojan.Undef.tek.capk.dll        木马        还未处理
C:\Documents and Settings\Administrator\桌面\158255.rar>>158255\FTP081201-2813.dll5        Trojan.Undef.tek.capk.dll        木马        还未处理
C:\Documents and Settings\Administrator\桌面\158255.rar>>158255\FTP081201-2950.dll5        Trojan.Undef.tek.capk.dll        木马        还未处理
C:\Documents and Settings\Administrator\桌面\158255.rar>>158255\FTP081201-3701.vbs3        VBS.Decoder.u        病毒        还未处理
C:\Documents and Settings\Administrator\桌面\158255.rar>>158255\FTP081201-3823.ex_        Adware.Clicker.fwp.hviu        广告程序        还未处理
C:\Documents and Settings\Administrator\桌面\158255.rar>>158255\FTP081201-3829.ex        TrojanSpy.OnLineGames.ewh.tlyf        木马        还未处理

gomu887

a-squared Anti-Malware - 版本 4.0
上次更新: 2008-12-31 22:33:49

扫描设置:

对象: C:\Documents and Settings\Administrator\桌面\158255.rar
扫描文件: 开
启发式扫描: 开
ADS 扫描: 开

扫描开始于:        2009-1-1 0:34:01

C:\Documents and Settings\Administrator\桌面\158255.rar/FTP081201-1008.dll5         已检测: Virus.Win32.AdWare!IK
C:\Documents and Settings\Administrator\桌面\158255.rar/FTP081201-1917.exe277         已检测: Backdoor.Rbot!IK
C:\Documents and Settings\Administrator\桌面\158255.rar/FTP081201-1969.exe277         已检测: Trojan.Patched.AQ!IK
C:\Documents and Settings\Administrator\桌面\158255.rar/FTP081201-2145.dll5         已检测: Virus.Win32.AdWare!IK
C:\Documents and Settings\Administrator\桌面\158255.rar/FTP081201-2448.dll5         已检测: Trojan.Win32.Cinmus!IK
C:\Documents and Settings\Administrator\桌面\158255.rar/FTP081201-2950.dll5         已检测: Trojan.Generic!IK
C:\Documents and Settings\Administrator\桌面\158255.rar/FTP081201-3090.exe277         已检测: BHO.Win32.Baigoo!IK
C:\Documents and Settings\Administrator\桌面\158255.rar/FTP081201-3823.ex_         已检测: Trojan-Downloader.JJDV!IK
C:\Documents and Settings\Administrator\桌面\158255.rar/FTP081201-3829.ex         已检测: Backdoor.Hupigon!IK

已扫描

文件:         15
跟踪记录:         0
Cookies:         0
进程:         0

已发现

文件:         9
跟踪记录:         0
Cookies:         0
进程:         0
注册表键:         0

扫描结束于:        2009-1-1 0:34:03
扫描用时:        0:00:02

byx0210

第一个板凳

ESS好强。。几乎全启发

Mr.Z

McAfee測出三個..好像

change_018

样本快乐

woai_jolin

Scan Log
Version of virus signature database: 3726 (20081231)
Date: 2009/1/1  Time: 0:47:27
Scanned disks, folders and files: G:\v\158255
G:\v\158255\FTP081201-1008.dll5 - is OK
G:\v\158255\FTP081201-1367.exe277 - is OK
G:\v\158255\FTP081201-1385.exe277 - is OK
G:\v\158255\FTP081201-1917.exe277 - Win32/Spy.Delf.NMD trojan - cleaned by deleting - quarantined [1]
G:\v\158255\FTP081201-1923.exe277 » UPX v12_m5 - is OK
G:\v\158255\FTP081201-1969.exe277 - is OK
G:\v\158255\FTP081201-2081.exe277 - is OK
G:\v\158255\FTP081201-2145.dll5 - is OK
G:\v\158255\FTP081201-2297.swf3 - is OK
G:\v\158255\FTP081201-2448.dll5 - a variant of Win32/Adware.Cinmus application - cleaned by deleting - quarantined [1]
G:\v\158255\FTP081201-2489.dll5 - Win32/BHO.NIZ trojan - cleaned by deleting - quarantined [1]
G:\v\158255\FTP081201-2520.exe277 - is OK
G:\v\158255\FTP081201-2813.dll5 - Win32/BHO.NIZ trojan - cleaned by deleting - quarantined [1]
G:\v\158255\FTP081201-2950.dll5 - Win32/BHO.NIZ trojan - cleaned by deleting - quarantined [1]
G:\v\158255\FTP081201-3090.exe277 - is OK
G:\v\158255\FTP081201-3701.vbs3 - VBS/AutoRun.AV worm - cleaned by deleting - quarantined [1]
G:\v\158255\FTP081201-3823.ex_ - probably a variant of Win32/Adware.Agent application - cleaned by deleting - quarantined [1]
G:\v\158255\FTP081201-3829.ex - a variant of Win32/PSW.OnLineGames.NRN trojan - cleaned by deleting - quarantined [1]
Number of scanned objects: 18
Number of threats found: 8
Number of cleaned objects: 8
Time of completion: 0:47:43  Total scanning time: 16 sec (00:00:16)

Notes:
[1] Object has been deleted as it only contained the virus body.

dreams521

特来祝贺,新年快乐~~~~~~~~~~~~

Kitman

Begin scan in 'C:\Users\Kitman\Desktop\158255'
C:\Users\Kitman\Desktop\158255\158255\FTP081201-1008.dll5
    [DETECTION] Contains recognition pattern of the ADSPY/Cdnup.A.5 adware or spyware
    [NOTE]      A backup was created as '49aba654.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\158255\158255\FTP081201-1917.exe277
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '4a7035ed.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\158255\158255\FTP081201-1969.exe277
    [DETECTION] Contains recognition pattern of the W32/Noia.B Windows virus
    [NOTE]      A backup was created as '4a700bbd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\158255\158255\FTP081201-2145.dll5
    [DETECTION] Contains recognition pattern of the ADSPY/Cdnup.A.5 adware or spyware
    [NOTE]      A backup was created as '49aba656.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\158255\158255\FTP081201-2448.dll5
    [DETECTION] Is the TR/BHO.Gen Trojan
    [NOTE]      A backup was created as '4a700bbf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\158255\158255\FTP081201-2489.dll5
      [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      A backup was created as '49aba628.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\158255\158255\FTP081201-2813.dll5
      [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      A backup was created as '4a700bc1.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\158255\158255\FTP081201-2950.dll5
      [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      A backup was created as '4a68a31d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\158255\158255\FTP081201-3701.vbs3
    [DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
    [NOTE]      A backup was created as '4a68a31f.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\158255\158255\FTP081201-3823.ex_
    [0] Archive type: RSRC
      --> Object
        --> Object
          [2] Archive type: RSRC
          --> Object
            [3] Archive type: NSIS
            --> ProgramFilesDir/iesuper.dll
              [DETECTION] Contains recognition pattern of the ADSPY/Boran.X adware or spyware
      --> Object
        --> Object
          [2] Archive type: RSRC
          --> Object
            [DETECTION] Is the TR/Click.MClick.B.1 Trojan
    [NOTE]      A backup was created as '49aba668.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\158255\158255\FTP081201-3829.ex
    [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
    [NOTE]      A backup was created as '4a703b65.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2009年1月1日  01:04
Used time: 00:02 Minute(s)

The scan has been done completely.

      2 Scanning directories
     19 Files were scanned
     12 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     11 files were deleted
      0 files were repaired
     11 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      7 Files not concerned
      1 Archives were scanned
      0 Warnings
     11 Notes

syfwxmh

TO KL AG