Adware Virus DownLoader(释放并下载大量病毒-第290次更新）

ledled

Name: Trojan.Agent2.IQ
Type: Trojan

Description:


Files:
c:\users\administrator\desktop\fc4412ef809fee601e9b29b0d399948c.exe

Name: Packed/FSG
Type: Sequence

Description:


Files:
c:\users\administrator\desktop\fc4412ef809fee601e9b29b0d399948c.exe

Name: Packed/FSG
Type: Sequence

Description:


Files:
c:\users\administrator\desktop\e95b1d92980d569f247854e1b72cf9b1.exe

尤金卡巴斯基

Kaspersky Kill All

2009/3/14 22:21:47        已清除        病毒 Rootkit.Win32.Agent.hxr        G:\Temp\Virus\dzh_2009v5.rar/dzh_2009v5\FC4412EF809FEE601E9B29B0D399948C.exe//stream//data0002               
2009/3/14 22:21:47        已清除        病毒 Rootkit.Win32.Agent.hxr        G:\Temp\Virus\dzh_2009v5.rar/dzh_2009v5\E95B1D92980D569F247854E1B72CF9B1.exe//stream//data0002               
2009/3/14 22:21:47        已清除        木马程序 Backdoor.Win32.Hupigon.gimi        G:\Temp\Virus\dzh_2009v5.rar/dzh_2009v5\E95B1D92980D569F247854E1B72CF9B1.exe//stream//data0006//Petite               
2009/3/14 22:21:47        已清除        木马程序 Backdoor.Win32.VB.hyl        G:\Temp\Virus\dzh_2009v5.rar/dzh_2009v5\E95B1D92980D569F247854E1B72CF9B1.exe//stream//data0007//FSG               
2009/3/14 22:21:47        已清除        木马程序 Trojan-Downloader.Win32.Small.ajna        G:\Temp\Virus\dzh_2009v5.rar/dzh_2009v5\FC4412EF809FEE601E9B29B0D399948C.exe//stream//data0005               
2009/3/14 22:21:47        已清除        木马程序 Trojan-Downloader.Win32.Small.ajna        G:\Temp\Virus\dzh_2009v5.rar/dzh_2009v5\E95B1D92980D569F247854E1B72CF9B1.exe//stream//data0005               
2009/3/14 22:21:47        已清除        木马程序 Trojan.Win32.Agent.bumi        G:\Temp\Virus\dzh_2009v5.rar/dzh_2009v5\FC4412EF809FEE601E9B29B0D399948C.exe//stream//data0007//FSG               
2009/3/14 22:21:47        已清除        木马程序 Trojan.Win32.Agent2.fcn        G:\Temp\Virus\dzh_2009v5.rar/dzh_2009v5\E95B1D92980D569F247854E1B72CF9B1.exe//stream//data0003

Sebastian

Starting the file scan:

Begin scan in 'D:\new\dzh_2008v5.exe'
D:\new\dzh_2008v5.exe
    [0] Archive type: NSIS
      --> [TempDir]/small66.exe
        --> Object
          [2] Archive type: RSRC
          --> Object
            [DETECTION] Contains recognition pattern of the ADSPY/Agent.XA adware or spyware
    [DETECTION] Contains recognition pattern of the DR/Zhongsou.BB.78 dropper
    --> [TempDir]/TBSetup(-33554373).exe
      [DETECTION] Contains recognition pattern of the DR/Zhongsou.BB.63 dropper
      --> [TempDir]/TBSetup(-33554373).exe
        [1] Archive type: NSIS
        --> [ProgramFilesDir]/zzToolBar/ToolBand.dll
          [DETECTION] Contains recognition pattern of the ADSPY/ZzToolbar.B adware or spyware
        --> [ProgramFilesDir]/zzToolBar/Toolbar_bho.dll
          [DETECTION] Contains recognition pattern of the ADSPY/ZzToolbar.C adware or spyware
    --> [TempDir]/gc81.exe
      [DETECTION] Is the TR/Agent2.dou Trojan
    --> [TempDir]/4005.exe
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    --> [TempDir]/llly666.exe
      [DETECTION] Contains recognition pattern of the DR/Agent.bqev.1 dropper
      --> [TempDir]/llly666.exe
        [1] Archive type: NSIS
        --> [UnknownDir]/install.exe
          [DETECTION] Is the TR/Agent.FWQ Trojan
        --> [UnknownDir]/nlpsa.txt
          [DETECTION] Is the TR/Downloader.Gen Trojan
        --> [UnknownDir]/setup.exe
          [DETECTION] Is the TR/Agent.fwq.1 Trojan
        --> [UnknownDir]/sysmain.dat
          [DETECTION] Is the TR/Agent.bqev Trojan
        --> [UnknownDir]/sysvc.dat
          [DETECTION] Is the TR/Spy.Agent.aajb Trojan
    --> [TempDir]/1.exe
      [DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.hqo.2 back-door program
    [NOTE]      A backup was created as '4a23bf6f.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
Begin scan in 'D:\new\E95B1D92980D569F247854E1B72CF9B1.exe'
D:\new\E95B1D92980D569F247854E1B72CF9B1.exe
    [0] Archive type: NSIS
    --> [TempDir]/IETimber(-33554373).exe
      [DETECTION] Contains recognition pattern of the DR/Timber.GRT dropper
      --> [TempDir]/IETimber(-33554373).exe
        [1] Archive type: NSIS
        --> [ProgramFilesDir]/Internet Explorer/IETimber/IETimber.dll
          [DETECTION] Contains recognition pattern of the ADSPY/Timber.BHO adware or spyware
    --> [TempDir]/lqbz81.exe
      [DETECTION] Is the TR/Agent2.fcn Trojan
      --> [TempDir]/small66.exe
          [DETECTION] Contains recognition pattern of the ADSPY/PlugOne adware or spyware
    --> [TempDir]/4005.exe
      [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
      --> [TempDir]/service.exe
          [DETECTION] Is the TR/ATRAPS.Gen Trojan
    --> [TempDir]/6.exe
      [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '49f0bf2f.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
Begin scan in 'D:\new\FC4412EF809FEE601E9B29B0D399948C.exe'
D:\new\FC4412EF809FEE601E9B29B0D399948C.exe
    [0] Archive type: NSIS
    --> [TempDir]/IETimber(-33554373).exe
      [DETECTION] Contains recognition pattern of the DR/Timber.GRT dropper
      --> [TempDir]/IETimber(-33554373).exe
        [1] Archive type: NSIS
        --> [ProgramFilesDir]/Internet Explorer/IETimber/IETimber.dll
          [DETECTION] Contains recognition pattern of the ADSPY/Timber.BHO adware or spyware
      --> [TempDir]/small66.exe
          [DETECTION] Contains recognition pattern of the ADSPY/Agent.XA adware or spyware
    --> [TempDir]/4005.exe
      [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
      --> [TempDir]/service.exe
          [DETECTION] Is the TR/ATRAPS.Gen Trojan
    --> [TempDir]/7.exe
      [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '49efbf3b.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2009年3月14日  22:28
Used time: 00:13 Minute(s)

The scan has been done completely.

      0 Scanning directories
     49 Files were scanned
     30 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      3 files were deleted
      0 files were repaired
      3 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     19 Files not concerned
      7 Archives were scanned
      0 Warnings
      3 Notes

Sherry.ai

释放的越来越多了

Sebastian

Starting the file scan:

Begin scan in 'D:\new\3E1E29DAF5EB9E5CCB4FDE5A5ED892C5.exe'
D:\new\3E1E29DAF5EB9E5CCB4FDE5A5ED892C5.exe
    [0] Archive type: NSIS
    --> [TempDir]/IETimber(-33554373).exe
      [DETECTION] Contains recognition pattern of the DR/Timber.GRT dropper
      --> [TempDir]/IETimber(-33554373).exe
        [1] Archive type: NSIS
        --> [ProgramFilesDir]/Internet Explorer/IETimber/IETimber.dll
          [DETECTION] Contains recognition pattern of the ADSPY/Timber.BHO adware or spyware
      --> [TempDir]/llly66.exe
        [1] Archive type: NSIS
        --> [UnknownDir]/install.exe
          [DETECTION] Is the TR/Agent.FWQ Trojan
        --> [UnknownDir]/nlpsa.txt
          [DETECTION] Is the TR/Downloader.Gen Trojan
        --> [UnknownDir]/setup.exe
          [DETECTION] Is the TR/Agent.fwq.1 Trojan
        --> [UnknownDir]/sysvc.dat
          [DETECTION] Is the TR/Spy.Agent.abzr Trojan
      --> [TempDir]/small66.exe
          [DETECTION] Contains recognition pattern of the ADSPY/Agent.XA adware or spyware
    --> [TempDir]/4005.exe
      [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
    --> [TempDir]/3.exe
      [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    --> [TempDir]/lqbz81.exe
      [DETECTION] Is the TR/Agent2.flz Trojan
    [NOTE]      A backup was created as '49ef2ad7.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2009年3月16日  18:31
Used time: 00:11 Minute(s)

The scan has been done completely.

      0 Scanning directories
     21 Files were scanned
     11 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     10 Files not concerned
      3 Archives were scanned
      0 Warnings
      1 Notes

kingmuro

已解决问题：文件或对象名称 病毒名称 最终处理状态
E:\My Documents\桌面\test\dzh_2008v5\dzh_2008v5.exe Trojan.Generic.909324 已移动至隔离区
E:\My Documents\桌面\test\dzh_2009v5\E95B1D92980D569F247854E1B72CF9B1.exe Trojan.Generic.909324 已移动至隔离区
E:\My Documents\桌面\test\dzh_2009v5\FC4412EF809FEE601E9B29B0D399948C.exe Trojan.Generic.909324 已移动至隔离区
E:\My Documents\桌面\test\dzh_2009v5(4)\3E1E29DAF5EB9E5CCB4FDE5A5ED892C5.exe Trojan.Generic.909324 已移动至隔离区

红心王子

2009-3-16        19:24:19        1237202659        Administrator        3812        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\small66.exe" file.  
2009-3-16        19:24:25        1237202665        Administrator        3812        Sign of "Win32:Adware-gen [Adw]" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\TBSetup(-33554373).exe\$INSTDIR\ToolBand.dll" file.  
2009-3-16        19:24:25        1237202665        Administrator        3812        Sign of "Win32:Adware-gen [Adw]" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\TBSetup(-33554373).exe\$INSTDIR\Toolbar_bho.dll" file.  
2009-3-16        19:24:26        1237202666        Administrator        3812        Sign of "Win32:Koutodoor [Rtk]" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\setup_1027272.exe\[UPX]\[Embedded_I#062e4]" file.  
2009-3-16        19:24:26        1237202666        Administrator        3812        Sign of "Win32:Agent-ADMW [Rtk]" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\gc81.exe\[Embedded_I#1b88]" file.  
2009-3-16        19:24:26        1237202666        Administrator        3812        Sign of "Win32:Agent-ADMW [Rtk]" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\gc81.exe" file.  
2009-3-16        19:24:26        1237202666        Administrator        3812        Sign of "Win32:JunkPoly [Cryp]" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\4005.exe" file.  
2009-3-16        19:24:26        1237202666        Administrator        3812        Sign of "Win32:Adware-gen [Adw]" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\llly666.exe\$INSTDIR\install.exe" file.  
2009-3-16        19:24:26        1237202666        Administrator        3812        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\llly666.exe\$INSTDIR\nlpsa.txt" file.  
2009-3-16        19:24:26        1237202666        Administrator        3812        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\llly666.exe\$INSTDIR\sysmain.dat" file.  
2009-3-16        19:24:26        1237202666        Administrator        3812        Sign of "Win32:Spyware-gen [Trj]" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\llly666.exe\$INSTDIR\sysvc.dat" file.  
2009-3-16        19:24:26        1237202666        Administrator        3812        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\dzh_2008v5.rar\dzh_2008v5.exe\$TEMP\1.exe" file.  
2009-3-16        19:24:54        1237202694        Administrator        3736        Sign of "Win32:Koutodoor [Rtk]" has been found in "d:\我的文档\桌面\新建文件夹\E95B1D92980D569F247854E1B72CF9B1.exe\$TEMP\setup_1027272.exe\[UPX]\[Embedded_I#06014]" file.  
2009-3-16        19:24:56        1237202696        Administrator        3736        Sign of "Win32:Agent-ADMW [Rtk]" has been found in "d:\我的文档\桌面\新建文件夹\E95B1D92980D569F247854E1B72CF9B1.exe\$TEMP\lqbz81.exe\[Embedded_I#1f88]" file.  
2009-3-16        19:24:56        1237202696        Administrator        3736        Sign of "Win32:Agent-ADMW [Rtk]" has been found in "d:\我的文档\桌面\新建文件夹\E95B1D92980D569F247854E1B72CF9B1.exe\$TEMP\lqbz81.exe" file.  
2009-3-16        19:24:57        1237202697        Administrator        3736        Sign of "Win32:Adware-gen [Adw]" has been found in "d:\我的文档\桌面\新建文件夹\E95B1D92980D569F247854E1B72CF9B1.exe\$TEMP\small66.exe\[UPX]\[Embedded_R#75580]" file.  
2009-3-16        19:24:58        1237202698        Administrator        3736        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\新建文件夹\E95B1D92980D569F247854E1B72CF9B1.exe\$TEMP\4005.exe" file.  
2009-3-16        19:24:58        1237202698        Administrator        3736        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\新建文件夹\E95B1D92980D569F247854E1B72CF9B1.exe\$TEMP\service.exe" file.  
2009-3-16        19:24:58        1237202698        Administrator        3736        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\新建文件夹\E95B1D92980D569F247854E1B72CF9B1.exe\$TEMP\6.exe" file.  
2009-3-16        19:24:59        1237202699        Administrator        3736        Sign of "Win32:Koutodoor [Rtk]" has been found in "d:\我的文档\桌面\新建文件夹\FC4412EF809FEE601E9B29B0D399948C.exe\$TEMP\setup_1027272.exe\[UPX]\[Embedded_I#06014]" file.  
2009-3-16        19:24:59        1237202699        Administrator        3736        Sign of "Win32:Agent-ADMW [Rtk]" has been found in "d:\我的文档\桌面\新建文件夹\FC4412EF809FEE601E9B29B0D399948C.exe\$TEMP\lqbz81.exe\[Embedded_I#1f88]" file.  
2009-3-16        19:24:59        1237202699        Administrator        3736        Sign of "Win32:Agent-ADMW [Rtk]" has been found in "d:\我的文档\桌面\新建文件夹\FC4412EF809FEE601E9B29B0D399948C.exe\$TEMP\lqbz81.exe" file.  
2009-3-16        19:24:59        1237202699        Administrator        3736        Sign of "Win32:Adware-gen [Adw]" has been found in "d:\我的文档\桌面\新建文件夹\FC4412EF809FEE601E9B29B0D399948C.exe\$TEMP\small66.exe\[UPX]\[Embedded_R#a2580]" file.  
2009-3-16        19:24:59        1237202699        Administrator        3736        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\新建文件夹\FC4412EF809FEE601E9B29B0D399948C.exe\$TEMP\4005.exe" file.  
2009-3-16        19:25:17        1237202717        Administrator        3548        Sign of "Win32:Koutodoor [Rtk]" has been found in "d:\我的文档\桌面\dzh_2009v5(4).rar\3E1E29DAF5EB9E5CCB4FDE5A5ED892C5.exe\$TEMP\setup_1027272.exe\[UPX]\[Embedded_I#06014]" file.  
2009-3-16        19:25:20        1237202720        Administrator        3548        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\dzh_2009v5(4).rar\3E1E29DAF5EB9E5CCB4FDE5A5ED892C5.exe\$TEMP\llly66.exe\$INSTDIR\setup.exe" file.  
2009-3-16        19:25:20        1237202720        Administrator        3548        Sign of "Win32:Adware-gen [Adw]" has been found in "d:\我的文档\桌面\dzh_2009v5(4).rar\3E1E29DAF5EB9E5CCB4FDE5A5ED892C5.exe\$TEMP\small66.exe\[UPX]\[Embedded_R#a2580]" file.  
2009-3-16        19:25:20        1237202720        Administrator        3548        Sign of "Win32:Agent-ADMW [Rtk]" has been found in "d:\我的文档\桌面\dzh_2009v5(4).rar\3E1E29DAF5EB9E5CCB4FDE5A5ED892C5.exe\$TEMP\lqbz81.exe\[Embedded_I#1f88]" file.  
2009-3-16        19:25:20        1237202720        Administrator        3548        Sign of "Win32:Agent-ADMW [Rtk]" has been found in "d:\我的文档\桌面\dzh_2009v5(4).rar\3E1E29DAF5EB9E5CCB4FDE5A5ED892C5.exe\$TEMP\lqbz81.exe" file.

Sherry.ai

来了

Sherry.ai

经过测试…生成物+下载物>3MB"寒~

ledled

Name: Trojan.DL.Agent.HLWA
Type: Trojan

Description:


Files:
c:\users\administrator\desktop\dzh_2009v5.exe

Name: Trojan.Agent2.IQ
Type: Trojan

Description:


Files:
c:\users\administrator\desktop\dzh_2009v5.exe