[病毒样本] 22x

显示全部楼层 · 发表于 2009-1-7 13:04:58

显示全部楼层 · 发表于 2009-1-7 13:21:11

http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf 多个威胁连接中断 - 已隔离通过应用程序访问 web 时检测到威胁: D:\Maxthon2\Maxthon.exe.
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 1eb40158ddee938b5e40af9e66c3e1b7.EXE Win32/VB.NHZ 蠕虫
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 02f0cb706db18047ec2d5d322c0486a8.exe Win32/Qhost 特洛伊木马
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 02f0cb706db18047ec2d5d322c0486a8.exe > RAR > hosts Win32/Qhost 特洛伊木马
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 4acdd124f3ce45ce16ebe17e888551e0.exe Win32/Adware.Cinmus 应用程序的变种
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 4acdd124f3ce45ce16ebe17e888551e0.exe > NSIS > 126.exe Win32/Adware.Cinmus 应用程序的变种
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 4cf529548980819239582ad0d5ebd36a.css 可能是 Win32/TrojanDownloader.Agent.ONB 特洛伊木马的变种
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 5c4785dad152da6e1dd6a8b5055ce894.exe Win32/FlyStudio.NDK 特洛伊木马
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 8d9754519bae79bbae5a976da9bd81a0.exe Win32/AutoRun.Delf.I 蠕虫的变种
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 24a3f381e6b4e3c984e58bdd04ef1197.exe Win32/Agent.OCX 特洛伊木马的变种
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 54ef1fbef5f5f54a17be7ae35d65be60.exe 可能是 Win32/TrojanDownloader.Agent.ONB 特洛伊木马的变种
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 183adbae92c4a84ff608bb29939b68e5.exe 可能是 Win32/Adware.Cinmus 应用程序的变种
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 183adbae92c4a84ff608bb29939b68e5.exe > NSIS > 85.exe 可能是 Win32/Adware.Cinmus 应用程序的变种
http://www.ziddu.com/downloadfil ... wOS0wMS0wNw==/p3pjf > RAR > 183adbae92c4a84ff608bb29939b68e5.exe > NSIS > 85.exe > NSIS > 龏

显示全部楼层 · 发表于 2009-1-7 16:19:15

上报2个到卡巴

显示全部楼层 · 发表于 2009-1-7 17:10:46

MFCS 剩余4个

显示全部楼层 · 发表于 2009-1-7 18:56:59

我一直访问不了ziddu.com。。

显示全部楼层 · 发表于 2009-1-8 00:45:21

Start of the scan: 2009年1月8日  00:43
Starting the file scan:

Begin scan in 'C:\Documents and Settings\***\桌面\样本'
C:\Documents and Settings\***\桌面\样本\02f0cb706db18047ec2d5d322c0486a8.exe
[0] Archive type: RAR SFX (self extracting)
--> hosts
   [DETECTION] Is the TR/Qhost.kfi Trojan
[DETECTION] Is the TR/Qhost.EG Trojan
[NOTE]    A backup was created as '49cadbcc.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\0dc4b440e5f3b68f28d08cd4ead72337.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
[NOTE]    A backup was created as '49c7dbff.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\183adbae92c4a84ff608bb29939b68e5.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdMedia.ED.190 adware or spyware
[NOTE]    A backup was created as '4997dbd3.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\1eb40158ddee938b5e40af9e66c3e1b7.EXE
[DETECTION] Contains recognition pattern of the W32/VB.BU Windows virus
[NOTE]    A backup was created as '49c6dc00.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\24a3f381e6b4e3c984e58bdd04ef1197.exe
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE]    A backup was created as '49c5dbd0.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\4acdd124f3ce45ce16ebe17e888551e0.exe
[0] Archive type: NSIS
--> ProgramFilesDir/126.exe
   [DETECTION] Contains recognition pattern of the ADSPY/Cin.FBT.53248 adware or spyware
[DETECTION] Is the TR/Cinmus.K.76 Trojan
[NOTE]    A backup was created as '49c7dbfd.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\4cf529548980819239582ad0d5ebd36a.css
   [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE]    A backup was created as '49cadbff.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\54ef1fbef5f5f54a17be7ae35d65be60.exe
   [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE]    A backup was created as '49c9dbd1.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\5c4785dad152da6e1dd6a8b5055ce894.exe
[DETECTION] Is the TR/Dldr.Au.15515591 Trojan
[NOTE]    A backup was created as '4998dc00.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\6632df49c4bea72cd2bc9f5d6f86bf8e.exe
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE]    A backup was created as '48ff3e74.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\6694516a96e7ed4ebc7adc834a54b9c1.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '499ddbd4.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\747c0dda2e4f252cde7d4368ee400f86.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '499bdbd2.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\773deb311ed59f6d48ccd2ec29241f77.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE]    A backup was created as '4997dbd5.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\8bfc2732f86a063c63a3ff3b07006424.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '49cadc01.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\8d9754519bae79bbae5a976da9bd81a0.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE]    A backup was created as '499ddc03.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\a5afdcda7cd029074a913cf08b927ce5.exe
[DETECTION] Is the TR/Hijack.Explor.265 Trojan
[NOTE]    A backup was created as '49c5dbd4.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\cbda3ff9296af6c17d866c5ca8f36d22.exe
[DETECTION] Is the TR/Dldr.Agent.atzz Trojan
[NOTE]    A backup was created as '49c8dc01.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\d7fe29eb96c44518db00666c9e07d4f0.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE]    A backup was created as '49cadbd7.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\f4984e1a6ad6f17e9b2bbf44eee82af7.exe
   [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    A backup was created as '48f53e75.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\f8249d66b5e6833152db59c15e2eed7b.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '4996dbd9.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\f8b7da6737ab693dc75f74da0f674816.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    A backup was created as '49c6dbd9.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\样本\fac080ebb373be533d93c2025aa4e796.pdf
[0] Archive type: PDF Stream
--> Object
   [DETECTION] Contains recognition pattern of the EXP/Pidief.RC.2 exploit
[NOTE]    A backup was created as '49c7dc02.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2009年1月8日  00:43
Used time: 00:11 Minute(s)

The scan has been done completely.

   1 Scanning directories
   25 Files were scanned
   24 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   22 files were deleted
   0 files were repaired
   22 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   2 Archives were scanned
   0 Warnings
   22 Notes
------------------------------------------------------------红伞S版（库V7.01.01.79）杀。

显示全部楼层 · 发表于 2009-1-8 00:51:20

BitDefender
捉19個
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\0dc4b440e5f3b68f28d08cd4ead72337.exe Backdoor.Hupigon.AAFC Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\6694516a96e7ed4ebc7adc834a54b9c1.exe BehavesLike:Win32.ExplorerHijack Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\183adbae92c4a84ff608bb29939b68e5.exe DeepScan:Generic.Adw.Cinmus.2.E8144529 Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\a5afdcda7cd029074a913cf08b927ce5.exe Dropped:Trojan.Generic.1255393 Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\fac080ebb373be533d93c2025aa4e796.pdf=](JAVASCRIPT) Exploit.PDF-JS.Gen Moved to Quarantine
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\6632df49c4bea72cd2bc9f5d6f86bf8e.exe Generic.FWB.B09A02FE Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\8bfc2732f86a063c63a3ff3b07006424.exe Generic.Malware.P!BTk.D3F26613 Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\d7fe29eb96c44518db00666c9e07d4f0.exe Generic.Malware.SP!dldspg.78EC8672 Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\8d9754519bae79bbae5a976da9bd81a0.exe Generic.Malware.SP!dldspg.E611B0FC Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\f8249d66b5e6833152db59c15e2eed7b.exe MemScan:Trojan.Spy.Pcapbased.A Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\4cf529548980819239582ad0d5ebd36a.css Rootkit.Agent.AIWN Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\54ef1fbef5f5f54a17be7ae35d65be60.exe Rootkit.Agent.AIWN Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\5c4785dad152da6e1dd6a8b5055ce894.exe Trojan.Agent.AJZE Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\773deb311ed59f6d48ccd2ec29241f77.exe Trojan.Autorun.AAY Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\cbda3ff9296af6c17d866c5ca8f36d22.exe Trojan.Generic.1245268 Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\f4984e1a6ad6f17e9b2bbf44eee82af7.exe Trojan.Generic.1252638 Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\24a3f381e6b4e3c984e58bdd04ef1197.exe Trojan.Obfuscated.MQ Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\747c0dda2e4f252cde7d4368ee400f86.exe Trojan.PWS.OnlineGames.AAGG Deleted
C:\Documents and Settings\Justice\My Documents\virus\KAFAN\新資料夾\1eb40158ddee938b5e40af9e66c3e1b7.EXE Trojan.PWS.OnlineGames.WJP Deleted

上報3個

显示全部楼层 · 发表于 2009-1-8 02:43:51

显示全部楼层 · 发表于 2009-1-8 23:52:54

Hello.

New malicious software was found in the attached file. Its detection will be included in the next update.
Thank you for your help.

4a54b9c1.exe_ detected Backdoor.Win32.Small.hes

显示全部楼层 · 发表于 2009-1-28 20:02:59

访问不了ziddu.com

[病毒样本] 22x

本帖子中包含更多资源