Maganias病毒更新帖（去除重复和无毒文件）（03.13第三十九次更新）

sbbdms

0109样本：
0109生成：
0111样本：
0111生成：
0112样本：
0112生成：
0114样本：
0114生成：
0115样本：
0115生成：
0116样本：
0116生成：
0116第二次样本：
0116第二次生成：
0117样本：
0117生成：
0117第二次样本：
0117第二次生成：
0118样本：
0118生成：
0120样本：
0120生成：
0121样本：
0121生成：
0122样本：
0122生成：
0123样本：
0123生成：
0125样本（感谢qianwenxiang帮忙下载）：
0125生成（感谢qianwenxiang帮忙下载）：
0125第二次样本（感谢qianwenxiang帮忙下载）：
0125第二次生成（感谢qianwenxiang帮忙下载）：
0130样本：
0130生成：
0201样本：
0201生成：
0203样本：
0203生成：
0204样本：
0204生成：
0205样本：
0205生成：
0206样本：
0206生成：
0207样本：
0207生成：
0208样本：
0208生成：
0210样本：
0210生成：
0211样本：
0211生成：
0213样本：
0213生成：
0214样本：
0214生成：
0215样本：
0215生成：
0216样本：
0216生成：
0217样本：
0217生成：
0218样本：
0218生成：
0219样本：
0219生成：
0220样本：
0220生成：
0221样本：
0221生成：
0224样本：
0224生成：
0228样本：
0228生成：
0308样本：
0308生成：
0313样本：
0313生成：
不报的都已TO KL

[ 本帖最后由 sbbdms 于 2009-3-14 17:48 编辑 ]

Kitman

Begin scan in 'C:\Users\Kitman\Desktop\0109maganias'
C:\Users\Kitman\Desktop\0109maganias\help.exe
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '49d4895d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109maganias\ll.exe
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '49968964.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109maganias\uu.exe
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '4996896d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!

[ 本帖最后由 Kitman 于 2009-1-10 19:40 编辑 ]

Kitman

Begin scan in 'C:\Users\Kitman\Desktop\0109created'
C:\Users\Kitman\Desktop\0109created\amvo.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '49de8a52.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\cvnmhg0.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '49d68a5b.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\dse235rgd0.dll
    [DETECTION] Is the TR/Vundo Trojan
    [NOTE]      A backup was created as '49cd8a58.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\hg.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '49968a4c.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\kxvo.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '49de8a5d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\mg.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '4d97b755.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\mmvo.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '4ddfb74b.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\mmvo0.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '49de8a54.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\nod172.tmp
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '49cc8a54.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\nod173.tmp
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '4dcdb74d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\nod174.tmp
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '49cc8a56.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\rb.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '49968a47.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\Kitman\Desktop\0109created\wedasgads0.dll
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '49cc8a4a.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2009年1月10日  19:43
Used time: 00:02 Minute(s)

The scan has been done completely.

      1 Scanning directories
     14 Files were scanned
     11 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
     13 files were deleted
      0 files were repaired
     13 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      0 Archives were scanned
      0 Warnings
     13 Notes

Sherry.ai

星星To KL A lot of Packer

sbbdms

0111第二次更新

luxiao200888

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Owner\桌面\新建文件夹'
C:\Documents and Settings\Owner\桌面\新建文件夹\amvo.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49df7e9a.qua'!
C:\Documents and Settings\Owner\桌面\新建文件夹\cvnmhg0.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49d77ea7.qua'!
C:\Documents and Settings\Owner\桌面\新建文件夹\dse235rgd0.dll
    [DETECTION] Is the TR/Vundo Trojan
    [NOTE]      The file was moved to '49ce7ea8.qua'!
C:\Documents and Settings\Owner\桌面\新建文件夹\mg.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49977e9e.qua'!
C:\Documents and Settings\Owner\桌面\新建文件夹\mmvo.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49df7ea7.qua'!
C:\Documents and Settings\Owner\桌面\新建文件夹\nod1D5.tmp
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      The file was moved to '49cd7eac.qua'!
C:\Documents and Settings\Owner\桌面\新建文件夹\nod1D6.tmp
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '49cd7eb0.qua'!
C:\Documents and Settings\Owner\桌面\新建文件夹\nod1D7.tmp
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      The file was moved to '49cd7eb3.qua'!
C:\Documents and Settings\Owner\桌面\新建文件夹\rb.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49977ea8.qua'!


End of the scan: 2009年1月11日  13:06
Used time: 00:36 Minute(s)

The scan has been done completely.

      1 Scanning directories
     14 Files were scanned
      8 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      9 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      5 Files not concerned
      0 Archives were scanned
      0 Warnings
      9 Notes

killloop

KV 0

su-tt

上报ESET

sbbdms

0112第三次更新

su-tt

C:\Documents and Settings\Administrator\桌面\0112maganias.rar > RAR > uu.exe - Win32/TrojanDropper.Agent.NJV 特洛伊木马 的变种
C:\Documents and Settings\Administrator\桌面\0112maganias.rar > RAR > help(1).exe - Win32/TrojanDropper.Agent.NJV 特洛伊木马 的变种
C:\Documents and Settings\Administrator\桌面\0112maganias.rar > RAR > ll.exe - Win32/TrojanDropper.Agent.NJV 特洛伊木马 的变种

生成物之查出3个tmp
C:\Documents and Settings\Administrator\桌面\0112created[1]\nod155.tmp - Win32/TrojanDropper.Agent.NJV 特洛伊木马 的变种 - 通过删除清除 - 已隔离 [1]
C:\Documents and Settings\Administrator\桌面\0112created[1]\nod156.tmp - Win32/TrojanDropper.Agent.NJV 特洛伊木马 的变种 - 通过删除清除 - 已隔离 [1]
C:\Documents and Settings\Administrator\桌面\0112created[1]\nod157.tmp - Win32/TrojanDropper.Agent.NJV 特洛伊木马 的变种 - 通过删除清除 - 已隔离 [1]

[ 本帖最后由 su-tt 于 2009-1-12 23:05 编辑 ]