今天提取的样本各位注意

显示全部楼层 · 发表于 2009-1-9 22:01:17

特别注意以下的样本破坏性

删除打印机的服务与替换相关系统进程注意会感染 ARP 病毒 X星网络版本最新版本刚刚才得到解决

大概已经在这家企业中招机子数量 50多台了。
各位测试自己的杀毒软件看看杀不杀。不杀立即上报！此毒在企业网络X星全新病毒库上提取
提取时间为：2009/01/09 18:00

病毒已经全体上报

附上病毒下载TXT文件地址

hxxp://b.wuc7.com/dd/1.exe
hxxp://b.wuc7.com/dd/2.exe
hxxp://b.wuc7.com/dd/6.exe
hxxp://b.wuc7.com/dd/9.exe
hxxp://b.wuc7.com/dd/10.exe

[ 本帖最后由 molicn 于 2009-1-9 22:12 编辑 ]

显示全部楼层 · 发表于 2009-1-9 22:04:56

C:\Documents and Settings\Administrator\桌面\molicn.rar > RAR > 新建文件夹\10[1].exe > NSIS > ToolBand.dll - Win32/Adware.Zhongsou 应用程序
C:\Documents and Settings\Administrator\桌面\molicn.rar > RAR > 新建文件夹\10[1].exe > NSIS > Toolbar_bho.dll - Win32/Adware.Zhongsou 应用程序
C:\Documents and Settings\Administrator\桌面\molicn.rar > RAR > 新建文件夹\2[1].exe > NSIS > 102.exe > NSIS > 龏

显示全部楼层 · 发表于 2009-1-9 22:06:16

这是我昨天抓上传给瑞星的,想不到被你弄来这里了,佩服!!

显示全部楼层 · 发表于 2009-1-9 22:07:07

额我重发了

TO ESET

hxxp://b.wuc7.com/dd/1.exe
hxxp://b.wuc7.com/dd/2.exe
hxxp://b.wuc7.com/dd/6.exe
hxxp://b.wuc7.com/dd/9.exe
hxxp://b.wuc7.com/dd/10.exe

该列表NOD ALL KILL

[ 本帖最后由 lingbo110120 于 2009-1-9 22:18 编辑 ]

显示全部楼层 · 发表于 2009-1-9 22:09:36

2009/1/9 22:07:11 已清除广告软件 not-a-virus:AdWare.Win32.Zhongsou.bb G:\Temp\Virus\molicn.rar/新建文件夹\10[1].exe//data0006
2009/1/9 22:07:11 已清除广告软件 not-a-virus:AdWare.Win32.BHO.exb G:\Temp\Virus\molicn.rar/新建文件夹\6[1].exe//stream//data0001
2009/1/9 22:07:11 已清除广告软件 not-a-virus:AdWare.Win32.AdMedia.ed G:\Temp\Virus\molicn.rar/新建文件夹\2[1].exe
2009/1/9 22:07:11 已清除病毒 Worm.Win32.AutoRun.wxx G:\Temp\Virus\molicn.rar/新建文件夹\spoolsv.exe//NSPack
2009/1/9 22:07:11 已清除病毒 Worm.Win32.AutoRun.wxx G:\Temp\Virus\molicn.rar/新建文件夹\DZ.PIF//NSPack
2009/1/9 22:07:11 已清除病毒 Worm.Win32.AutoRun.wxl G:\Temp\Virus\molicn.rar/新建文件夹\ww[1].exe//NSPack
Miss 4 To KL

显示全部楼层 · 发表于 2009-1-9 22:14:58

Begin scan in 'C:\Users\Kitman\Desktop\molicn'
C:\Users\Kitman\Desktop\molicn\新建文件夹\10[1].exe
[0] Archive type: NSIS
--> [ProgramFilesDir]/zzToolBar/ToolBand.dll
   [DETECTION] Contains recognition pattern of the ADSPY/ZzToolbar.B adware or spyware
--> [ProgramFilesDir]/zzToolBar/Toolbar_bho.dll
   [DETECTION] Contains recognition pattern of the ADSPY/ZzToolbar.C adware or spyware
[DETECTION] Contains recognition pattern of the DR/Zhongsou.BB.31 dropper
[NOTE]    A backup was created as '49c25bfd.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\molicn\新建文件夹\2[1].exe
[DETECTION] Contains recognition pattern of the ADSPY/AdMedia.ED.139 adware or spyware
[NOTE]    A backup was created as '49985c29.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\molicn\新建文件夹\6[1].exe
[0] Archive type: NSIS
--> SOFTWARE/MicroPlugins/Common/cpush.dll
   [DETECTION] Contains recognition pattern of the ADSPY/Bho.exb adware or spyware
--> SOFTWARE/MicroPlugins/Common/cpush.tmp
   [DETECTION] Contains recognition pattern of the ADSPY/Bho.exb adware or spyware
[DETECTION] Contains recognition pattern of the DR/BHO.exb.68 dropper
[NOTE]    A backup was created as '4a4fe9b2.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\molicn\新建文件夹\DZ.PIF
[DETECTION] Is the TR/Agent.22728.2 Trojan
[NOTE]    A backup was created as '49955c28.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\molicn\新建文件夹\spoolsv.exe
[DETECTION] Is the TR/Agent.22728.2 Trojan
[NOTE]    A backup was created as '49d65c3e.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\molicn\新建文件夹\ww[1].exe
[DETECTION] Is the TR/Agent.22728 Trojan
[NOTE]    A backup was created as '49c25c45.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2009年1月9日  22:14
Used time: 00:03 Minute(s)

The scan has been done completely.

   2 Scanning directories
   20 Files were scanned
   10 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   6 files were deleted
   0 files were repaired
   6 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   10 Files not concerned
   2 Archives were scanned
   0 Warnings
   6 Notes

显示全部楼层 · 发表于 2009-1-9 22:33:03

剩四个

显示全部楼层 · 发表于 2009-1-9 22:37:52

好下一个看看、

显示全部楼层 · 发表于 2009-1-9 22:42:25

File ID  Filename Size (Byte) Result
25228457  ASM.PIF  45 KB  CLEAN
1318881  rnmain.exe  20 KB  MALWARE
25218378  setup.exe  865.5 KB  CLEAN
515465  CZ.PIF  45 KB  KNOWN CLEAN
--------------------------------------------------------------------
Filename Result
rnmain.exe  MALWARE

The file 'rnmain.exe' has been determined to be 'MALWARE'. Our analysts named the threat BDS/CNRN.A. The term "BDS/" denotes a Backdoor-Server program. Backdoor-Server programs are used to spy out, modify or delete data.Detection is added to our virus definition file (VDF) starting with version 7.00.00.09.

to Avira

显示全部楼层 · 发表于 2009-1-9 23:17:13

Hello,

ASM.pif_, CZ.pif_, rnmain.exe_, setup.exe_

No malicious code were found in these files.

Please quote all when answering.
-----------------
Regards, Davidow Dmitriy
Virus Analyst, Kaspersky Lab.

[病毒样本] 今天提取的样本各位注意

本帖子中包含更多资源

本帖子中包含更多资源

好下一个看看、

[病毒样本] 今天提取的样本各位注意

本帖子中包含更多资源

本帖子中包含更多资源

好 下一个看看、

好下一个看看、