[病毒样本] X40

显示全部楼层 · 发表于 2009-1-18 21:54:48

[:27:]

网盘下载地址1

网盘下载地址2

password:kafan

显示全部楼层 · 发表于 2009-1-18 22:24:24

囧 35.

25235419    index.dat    8.2 MB    UNDER ANALYSIS
25235420    item.gif    116 KB    UNDER ANALYSIS
25235237    WowInitcode.dat    24.06 KB    UNDER ANALYSIS
4215528    jxonline.dat    21.5 KB    KNOWN CLEAN
4218658    r05024.exe    32 KB    KNOWN CLEAN

Start of the scan: 2009年1月18日  22:21

Starting the file scan:

Begin scan in 'G:\40'
G:\40\0[1].exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
G:\40\1.EXE
[DETECTION] Is the TR/Dldr.Delf.acc.40 Trojan
[NOTE]    The file was deleted!
G:\40\10000.exe
   [DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
G:\40\11.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
G:\40\11[1].exe
   [DETECTION] Is the TR/PSW.Online.apya Trojan
[NOTE]    The file was deleted!
G:\40\1215111
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
G:\40\1227565
   [DETECTION] Is the TR/PSW.Online.apyk Trojan
[NOTE]    The file was deleted!
G:\40\1239675
   [DETECTION] Is the TR/PSW.Online.apyn Trojan
[NOTE]    The file was deleted!
G:\40\124e47.dll
[DETECTION] Is the TR/Dldr.3072.A Trojan
[NOTE]    The file was deleted!
G:\40\1252005
   [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
G:\40\1262241
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
G:\40\1282523
   [DETECTION] Is the TR/PSW.Online.apyb Trojan
[NOTE]    The file was deleted!
G:\40\1294493
   [DETECTION] Is the TR/PSW.Online.apyf Trojan
[NOTE]    The file was deleted!
G:\40\12[1].exe
   [DETECTION] Is the TR/PSW.Online.apyf Trojan
[NOTE]    The file was deleted!
G:\40\1306510
   [DETECTION] Is the TR/PSW.Online.apyi Trojan
[NOTE]    The file was deleted!
G:\40\1346139
   [DETECTION] Is the TR/PSW.Online.apyj Trojan
[NOTE]    The file was deleted!
G:\40\1368548
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
G:\40\1378736
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE]    The file was deleted!
G:\40\1402863
   [DETECTION] Is the TR/PSW.Wow.nhn Trojan
[NOTE]    The file was deleted!
G:\40\1414927
   [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
G:\40\14[1].exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
G:\40\18[1].exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
G:\40\3.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
G:\40\30.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE]    The file was deleted!
G:\40\4.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
G:\40\5.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
G:\40\CPWGameRecord.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
G:\40\css.exe
   [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE]    The file was deleted!
G:\40\jjxzajcj32dl.dll
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
G:\40\jjxzwzjy090118.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
G:\40\loadoff.dat
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE]    The file was deleted!
G:\40\rpcss.dll
[0] Archive type: RSRC
--> Object
   [DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE]    The file was deleted!
G:\40\sh05024.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE]    The file was deleted!
G:\40\sysdlwd2.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
G:\40\wooolinit.dat
[DETECTION] Is the TR/Dldr.Agent.bczt Trojan
[NOTE]    The file was deleted!

[ 本帖最后由 hj5abc 于 2009-1-18 22:28 编辑 ]

显示全部楼层 · 发表于 2009-1-18 22:31:55

COMODO Internet Security 21个

显示全部楼层 · 发表于 2009-1-18 22:32:59

25235419  index.dat  8.2 MB  UNDER ANALYSIS
25235420  item.gif  116 KB  UNDER ANALYSIS
25235237  WowInitcode.dat  24.06 KB  UNDER ANALYSIS
4215528  jxonline.dat  21.5 KB  KNOWN CLEAN
4218658  r05024.exe  32 KB  KNOWN CLEAN

显示全部楼层 · 发表于 2009-1-18 22:34:11

费尔剩下12个

显示全部楼层 · 发表于 2009-1-18 22:57:40

2009/1/18 22:54:53 已清除木马程序 Trojan.Win32.VB.irf G:\Temp\Virus\40.rar/30.exe
2009/1/18 22:54:53 已清除木马程序 Trojan-PSW.Win32.QQPass.fbz G:\Temp\Virus\40.rar/10000.exe
2009/1/18 22:54:53 已清除木马程序 Trojan-GameThief.Win32.WOW.eky G:\Temp\Virus\40.rar/1368548
2009/1/18 22:54:53 已清除木马程序 Trojan-GameThief.Win32.WOW.ekr G:\Temp\Virus\40.rar/WowInitcode.dat
2009/1/18 22:54:53 已清除木马程序 Trojan-GameThief.Win32.OnLineGames.ulut G:\Temp\Virus\40.rar/18[1].exe
2009/1/18 22:54:53 已清除木马程序 Trojan-GameThief.Win32.OnLineGames.tmjg G:\Temp\Virus\40.rar/1378736//#
2009/1/18 22:54:53 已清除木马程序 Trojan-GameThief.Win32.OnLineGames.bkre G:\Temp\Virus\40.rar/1402863//PE_Patch.UPX//UPX
2009/1/18 22:54:53 已清除木马程序 Trojan-GameThief.Win32.OnLineGames.bkpp G:\Temp\Virus\40.rar/1414927//PE_Patch//UPack
2009/1/18 22:54:53 已清除木马程序 Trojan-GameThief.Win32.OnLineGames.bkou G:\Temp\Virus\40.rar/sysdlwd2.dll
2009/1/18 22:54:53 已清除木马程序 Trojan-Dropper.Win32.Agent.aesc G:\Temp\Virus\40.rar/14[1].exe
2009/1/18 22:54:53 已清除木马程序 Trojan-Dropper.Win32.Agent.acxf G:\Temp\Virus\40.rar/1215111//FSG
2009/1/18 22:54:53 已清除木马程序 Trojan-Downloader.Win32.Delf.qet G:\Temp\Virus\40.rar
2009/1/18 22:54:53 已清除木马程序 Trojan-Downloader.Win32.Delf.qet G:\Temp\Virus\40.rar/1.EXE//PCShrink
2009/1/18 22:54:53 已清除木马程序 Trojan-Downloader.Win32.Agent.bczt G:\Temp\Virus\40.rar/wooolinit.dat
2009/1/18 22:51:43 已清除木马程序 Trojan-Downloader.Win32.Agent.aocz G:\Temp\Virus\ac.rar/ac.exe//FSG
2009/1/18 22:54:53 已清除病毒 Worm.Win32.Downloader.zd G:\Temp\Virus\40.rar/1294493//PE_Patch.UPX//UPX
2009/1/18 22:54:53 已清除病毒 Worm.Win32.Downloader.zd G:\Temp\Virus\40.rar/1262241//PE_Patch.UPX//UPX
2009/1/18 22:54:53 已清除病毒 Worm.Win32.Downloader.yw G:\Temp\Virus\40.rar/1346139//PE_Patch.UPX//UPX
2009/1/18 22:54:53 已清除病毒 Worm.Win32.Downloader.yw G:\Temp\Virus\40.rar/1306510//PE_Patch.UPX//UPX
2009/1/18 22:54:53 已清除病毒 Worm.Win32.Downloader.yw G:\Temp\Virus\40.rar/1282523//PE_Patch.UPX//UPX
2009/1/18 22:54:53 已清除病毒 Worm.Win32.Downloader.yw G:\Temp\Virus\40.rar/1239675//PE_Patch.UPX//UPX
2009/1/18 22:54:53 已清除病毒 Worm.Win32.Downloader.yw G:\Temp\Virus\40.rar/1227565//PE_Patch.UPX//UPX
2009/1/18 22:54:53 已清除病毒 Worm.Win32.Downloader.yw G:\Temp\Virus\40.rar/12[1].exe//PE_Patch.UPX//UPX
2009/1/18 22:54:53 已清除病毒 Worm.Win32.Downloader.yw G:\Temp\Virus\40.rar/11[1].exe//PE_Patch.UPX//UPX
2009/1/18 22:54:53 已清除病毒 Worm.Win32.AutoRun.etm G:\Temp\Virus\40.rar/4.exe//UPack
2009/1/18 22:54:53 已清除病毒 Worm.Win32.AutoRun.etm G:\Temp\Virus\40.rar/3.exe//UPack
2009/1/18 22:54:53 已清除病毒 Worm.Win32.AutoRun.etm G:\Temp\Virus\40.rar/11.exe//UPack
2009/1/18 22:54:53 已清除病毒 Worm.Win32.AutoRun.etm G:\Temp\Virus\40.rar/5.exe//UPack
2009/1/18 22:54:53 已清除病毒 Worm.Win32.AutoRun.etm G:\Temp\Virus\40.rar/jjxzwzjy090118.exe//UPack
2009/1/18 22:54:53 已清除病毒 Rootkit.Win32.Small.ov G:\Temp\Virus\40.rar/1252005//PE_Patch//UPack//#
2009/1/18 22:54:53 已清除病毒 Rootkit.Win32.Agent.fvn G:\Temp\Virus\40.rar/css.exe//PE_Patch.UPX//UPX
2009/1/18 22:54:51 已隔离病毒 HEUR:Trojan.Win32.Generic G:\Temp\Virus\40.rar/jjxzajcj32dl.dll
2009/1/18 22:54:53 已清除病毒 HEUR:Trojan.Win32.Generic G:\Temp\Virus\40.rar/1378736
2009/1/18 22:54:49 已隔离病毒 HEUR:Trojan.Win32.Generic G:\Temp\Virus\40.rar/item.gif

剩9 To KL

显示全部楼层 · 发表于 2009-1-18 23:15:31

囧。。。mcafee找到18个

显示全部楼层 · 发表于 2009-1-18 23:49:02

金山24个
病毒 2009-01-18  23:46:59 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1.EXE中 Win32.TrojDownloader.Agent.45568 处理成功（操作：删除）
病毒 2009-01-18  23:46:59 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\4.exe中 Win32.Troj.PophotE.a.204800 处理成功（操作：删除）
病毒 2009-01-18  23:46:59 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\WowInitcode.dat中 Win32.Troj.Wow.f.24640 处理成功（操作：删除）
病毒 2009-01-18  23:46:59 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\wooolinit.dat中 Win32.TrojDownloader.Agent.15912 处理成功（操作：删除）
病毒 2009-01-18  23:46:59 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\sysdlwd2.dll中 Win32.Troj.OnLineGames.yd.36864 处理成功（操作：删除）
病毒 2009-01-18  23:46:59 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\jjxzajcj32dl.dll中 Win32.Troj.PopHot.c.63488 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\css.exe中 Win32.Troj.Agent.zd.102400 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\CPWGameRecord.dll中 Win32.Troj.WowT.cc.36056 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1414927中 Win32.Troj.OnlineGamesT.ly.90112 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1402863中 Win32.PSWTroj.OnLineGames.102764 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1378736中 Win32.Troj.Agent.fe.65536 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1346139中 Win32.Troj.OnlineGamesT.sb.295241 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1306510中 Win32.Troj.OnlineGamesT.sb.295241 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1294493中 Win32.Troj.OnlineGameT.fd.295241 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1282523中 Win32.Troj.OnlineGamesT.sb.295241 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1262241中 Win32.Troj.OnlineGameT.fd.295241 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1239675中 Win32.Troj.OnlineGamesT.sb.295241 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1227565中 Win32.Troj.OnlineGamesT.sb.295241 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\1215111中 Win32.PSWTroj.Delf.49664 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\10000.exe中 Win32.Troj.PswQQ.cc.512000 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\30.exe中 Win32.Troj.VB.270336 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\18[1].exe中 Win32.Troj.WOW.a.94936 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\12[1].exe中 Win32.Troj.OnlineGamesT.sb.295241 处理成功（操作：删除）
病毒 2009-01-18  23:46:58 病毒在文件C:\Documents and Settings\Administrator.LENOVO-9FEB3424\桌面\40\11[1].exe中 Win32.Troj.OnlineGamesT.sb.295241 处理成功（操作：删除）

显示全部楼层 · 发表于 2009-1-19 00:21:58

显示全部楼层 · 发表于 2009-1-19 00:46:22

Hello,

0[1].exe_ - Trojan.Win32.Inject.nry,
1252005 - Trojan.Win32.Agent.bizy,
1378736 - Trojan.Win32.Agent.bjac,
CPWGameRecord.dll - Trojan-GameThief.Win32.OnLineGames.ulyr,
item.gif_ - Trojan-Dropper.Win32.Agent.afcv,
jjxzajcj32dl.dll - Worm.Win32.AutoRun.xxv,
loadoff.dat - Trojan-GameThief.Win32.OnLineGames.ulys,
rpcss.dll - Trojan-GameThief.Win32.OnLineGames.bkri,
sh05024.dll - Trojan.Win32.Qhost.ars

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

124e47.dll, index.dat, jxonline.dat, r05024.exe_

No malicious code were found in these files.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

Regards, Aseev Evgeny
Virus Analyst

Kaspersky Lab Ltd
Moscow, Russia
Tel/Fax: +7 (095) 797-8700
E-mail: newvirus@kaspersky.com

[病毒样本] X40

评分

本帖子中包含更多资源

浏览过的版块