深度木马样本

显示全部楼层 · 发表于 2009-2-28 11:16:03

当然还要报告你的杀软表现！！！

显示全部楼层 · 发表于 2009-2-28 11:17:38

還以為一個= =
C:\Users\Kitman\Desktop\virus2\0891.exe
[0] Archive type: RAR SFX (self extracting)
--> 1.exe
   [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.111358 back-door program
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.AK dropper
[NOTE]    A backup was created as '49e1b515.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\virus2\13.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b510.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\virus2\14.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b511.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\virus2\15.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b512.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\virus2\16.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b513.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\virus2\17.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b514.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\virus2\18.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b515.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\virus2\19.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b516.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\virus2\20.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '49d6b50d.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\Kitman\Desktop\virus2\21.exe
   [DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    A backup was created as '49d6b50e.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2009年2月28日  11:51
Used time: 00:02 Minute(s)

The scan has been done completely.

   1 Scanning directories
   15 Files were scanned
   11 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   10 files were deleted
   0 files were repaired
   10 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   1 Archives were scanned
   0 Warnings
   10 Notes

[ 本帖最后由 Kitman 于 2009-2-28 11:52 编辑 ]

显示全部楼层 · 发表于 2009-2-28 11:24:00

使用G DATA AntiVirus检测
版本 19.1.0.0 (2008/10/29)
病毒特征库日期 2009/2/28
开始时间： 2009/2/28 11:20
引擎：引擎A (AVA 19.4017), 引擎B (AVB 19.240)
启发式：开启
档案文件：开启
系统区域：开启
检测rootkits：开启
检测系统区域...
检测以下目录和文件：
C:\Documents and Settings\Administrator\桌面\virus2\
对象： 13.exe
路径: C:\Documents and Settings\Administrator\桌面\virus2
状态：病毒，文件被删除
病毒： Trojan.Generic.1431814 (引擎 A)
对象： 14.exe
路径: C:\Documents and Settings\Administrator\桌面\virus2
状态：病毒，文件被删除
病毒： Trojan.Generic.1429791 (引擎 A)
对象： 15.exe
路径: C:\Documents and Settings\Administrator\桌面\virus2
状态：病毒，文件被删除
病毒： Trojan.Generic.1429791 (引擎 A)
对象： 16.exe
路径: C:\Documents and Settings\Administrator\桌面\virus2
状态：病毒，文件被删除
病毒： Trojan.Generic.1429791 (引擎 A)
对象： 17.exe
路径: C:\Documents and Settings\Administrator\桌面\virus2
状态：病毒，文件被删除
病毒： Trojan.Downloader.JLPM (引擎 A)
对象： 18.exe
路径: C:\Documents and Settings\Administrator\桌面\virus2
状态：病毒，文件被删除
病毒： Trojan.Generic.1431814 (引擎 A)
对象： 19.exe
路径: C:\Documents and Settings\Administrator\桌面\virus2
状态：病毒，文件被删除
病毒： Trojan.Generic.1429791 (引擎 A)
对象： 20.exe
路径: C:\Documents and Settings\Administrator\桌面\virus2
状态：病毒，文件被删除
病毒： Trojan.Generic.1436759 (引擎 A)
对象： 21.exe
路径: C:\Documents and Settings\Administrator\桌面\virus2
状态：病毒，文件被删除
病毒： Trojan.PWS.QQPass.NFP (引擎 A)
对象： (RAR Sfx o)=>msn036.bat
在压缩档案中： C:\Documents and Settings\Administrator\桌面\virus2\0891.exe
状态：发现病毒
病毒： Generic.Botget.8665C694 (引擎 A)
对象： (RAR Sfx o)=>setup_1027345.bat
在压缩档案中： C:\Documents and Settings\Administrator\桌面\virus2\0891.exe
状态：发现病毒
病毒： Generic.Botget.A23265C5 (引擎 A)
对象： (RAR Sfx o)=>YOYO1205.bat
在压缩档案中： C:\Documents and Settings\Administrator\桌面\virus2\0891.exe
状态：发现病毒
病毒： Generic.Botget.92C88E1D (引擎 A)
对象： 0891.exe
路径: C:\Documents and Settings\Administrator\桌面\virus2
状态：病毒，文件被删除
病毒： Generic.Botget.8665C694, Generic.Botget.A23265C5, Generic.Botget.92C88E1D (引擎 A)
扫描完成于： 2009/2/28 11:21
10个文件已检测
10个受感染文件已发现
0个可疑文件已发现

显示全部楼层 · 发表于 2009-2-28 11:25:17

MISS 3 to VB

显示全部楼层 · 发表于 2009-2-28 11:33:47

显示全部楼层 · 发表于 2009-2-28 11:35:24

ZAV R9 沒發現威脅

显示全部楼层 · 发表于 2009-2-28 11:48:51

AVIRA
Begin scan in 'E:\DownLoad\virus2'
E:\DownLoad\virus2\0891.exe
[0] Archive type: RAR SFX (self extracting)
--> 1.exe
   [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.111358 back-door program
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.AK dropper
[NOTE]    A backup was created as '49e1b3bd.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
E:\DownLoad\virus2\13.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b3b9.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
E:\DownLoad\virus2\14.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b3bd.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
E:\DownLoad\virus2\15.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b3c0.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
E:\DownLoad\virus2\16.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b3c4.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
E:\DownLoad\virus2\17.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b3c6.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
E:\DownLoad\virus2\18.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b3c8.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
E:\DownLoad\virus2\19.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '49d6b3ca.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
E:\DownLoad\virus2\20.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '49d6b3c1.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
E:\DownLoad\virus2\21.exe
   [DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    A backup was created as '49d6b3cb.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2009年2月28日  11:46
Used time: 00:41 Minute(s)

The scan has been done completely.

   1 Scanning directories
   15 Files were scanned
   11 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   10 files were deleted
   0 files were repaired
   10 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   1 Archives were scanned
   0 Warnings
   10 Notes

显示全部楼层 · 发表于 2009-2-28 11:56:29

2009-2-28 11:56:39 1235793399 Administrator 2180 Sign of "Win32:OnLineGames-FFZ [Trj]" has been found in "d:\我的文档\桌面\threats\13.exe\[UPX]\[Embedded_R#0607c]" file.
2009-2-28 11:56:47 1235793407 Administrator 2180 Sign of "Win32:OnLineGames-FFZ [Trj]" has been found in "d:\我的文档\桌面\threats\14.exe\[UPX]\[Embedded_R#0607c]" file.
2009-2-28 11:56:47 1235793407 Administrator 2180 Sign of "Win32:OnLineGames-FFZ [Trj]" has been found in "d:\我的文档\桌面\threats\15.exe\[UPX]\[Embedded_R#0607c]" file.
2009-2-28 11:56:47 1235793407 Administrator 2180 Sign of "Win32:OnLineGames-FFZ [Trj]" has been found in "d:\我的文档\桌面\threats\16.exe\[UPX]\[Embedded_R#0607c]" file.
2009-2-28 11:56:48 1235793408 Administrator 2180 Sign of "Win32:OnLineGames-FFZ [Trj]" has been found in "d:\我的文档\桌面\threats\17.exe\[UPX]\[Embedded_R#0607c]" file.
2009-2-28 11:56:48 1235793408 Administrator 2180 Sign of "Win32:OnLineGames-FFZ [Trj]" has been found in "d:\我的文档\桌面\threats\18.exe\[UPX]\[Embedded_R#607c]" file.
2009-2-28 11:56:48 1235793408 Administrator 2180 Sign of "Win32:OnLineGames-FFZ [Trj]" has been found in "d:\我的文档\桌面\threats\19.exe\[UPX]\[Embedded_R#607c]" file.
2009-2-28 11:56:48 1235793408 Administrator 2180 Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\threats\20.exe" file.
2009-2-28 11:56:48 1235793408 Administrator 2180 Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\threats\21.exe" file.

显示全部楼层 · 发表于 2009-2-28 12:00:35

显示全部楼层 · 发表于 2009-2-28 12:02:37

eset 全
C:\Documents and Settings\GUNDAM\桌面\virus2\0891.exe » RAR » msn036.bat - BAT/TrojanDownloader.Ftp.NBT trojan
C:\Documents and Settings\GUNDAM\桌面\virus2\0891.exe » RAR » setup_1027345.bat - BAT/TrojanDownloader.Ftp.NBU trojan
C:\Documents and Settings\GUNDAM\桌面\virus2\0891.exe » RAR » YOYO1205.bat - BAT/TrojanDownloader.Ftp.NBV trojan
C:\Documents and Settings\GUNDAM\桌面\virus2\0891.exe » RAR » 8.vbe - BAT/TrojanDownloader.Ftp.NBU trojan
C:\Documents and Settings\GUNDAM\桌面\virus2\13.exe - a variant of Win32/PSW.OnLineGames.NTM trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\virus2\14.exe - Win32/PSW.OnLineGames.NTM trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\virus2\15.exe - Win32/PSW.OnLineGames.NTM trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\virus2\16.exe - Win32/PSW.OnLineGames.NTM trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\virus2\17.exe - Win32/PSW.OnLineGames.NTM trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\virus2\18.exe - Win32/PSW.OnLineGames.NTM trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\virus2\19.exe - Win32/PSW.OnLineGames.NTM trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\virus2\20.exe - Win32/PSW.OnLineGames.NUO trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\virus2\21.exe - a variant of Win32/PSW.Delf.NMX trojan - cleaned by deleting - quarantined
C:\Documents and Settings\GUNDAM\桌面\virus2\0891.exe » RAR » msn036.bat - BAT/TrojanDownloader.Ftp.NBT trojan - was a part of the deleted object
C:\Documents and Settings\GUNDAM\桌面\virus2\0891.exe » RAR » setup_1027345.bat - BAT/TrojanDownloader.Ftp.NBU trojan - was a part of the deleted object
C:\Documents and Settings\GUNDAM\桌面\virus2\0891.exe » RAR » YOYO1205.bat - BAT/TrojanDownloader.Ftp.NBV trojan - was a part of the deleted object
C:\Documents and Settings\GUNDAM\桌面\virus2\0891.exe » RAR » 8.vbe - BAT/TrojanDownloader.Ftp.NBU trojan - was a part of the deleted object

[病毒样本] 深度木马样本

本帖子中包含更多资源

本帖子中包含更多资源

驱逐舰.............

本帖子中包含更多资源