一个很强的木马，众多杀毒软件均无反应！！！

显示全部楼层 · 发表于 2009-2-28 15:59:49

Starting the file scan:

Begin scan in 'C:\Users\Administrator\Desktop\17sui.rar'
C:\Users\Administrator\Desktop\17sui.rar
  [0] Archive type: RAR
[NOTE]    The file was deleted!
--> setup.exe
   [1] Archive type: NSIS
   [DETECTION] Is the TR/Drop.Agent.apd Trojan
   --> [ProgramFilesDir]/snav/Snav.dll
      [DETECTION] Contains recognition pattern of the ADSPY/Bho.aer adware or spyware

显示全部楼层 · 发表于 2009-2-28 16:14:17

KV09不报，=看看主防

显示全部楼层 · 发表于 2009-2-28 17:06:54

很一般。
建立一个DLL，然后写注册表，全部被卡巴拦截，然后就死了。不像木马，估计就是一广告
2009-2-28 16:56:51 System Security Create C:\Sandbox\apple\DefaultBox\drive\C\Program Files\snav\Snav.dll
2009-2-28 16:56:51 Application Filtering Denied: KLPrivateData/KLOtherSoft/KLInternetBrowsers/Internet Explorer/BHO Modification hkey_users\SANDBOX_apple_DEFAULTBOX\machine\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626} KLPrivateData/KLOtherSoft/KLInternetBrowsers/Internet Explorer/BHO
2009-2-28 16:56:51 Application Filtering Denied: KLPrivateData/KLOtherSoft/KLInternetBrowsers/Internet Explorer/BHO Modification hkey_users\SANDBOX_apple_DEFAULTBOX\machine\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626} KLPrivateData/KLOtherSoft/KLInternetBrowsers/Internet Explorer/BHO
2009-2-28 16:56:51 Application Filtering Denied: KLPrivateData/KLOtherSoft/KLInternetBrowsers/Internet Explorer/BHO Modification hkey_users\SANDBOX_apple_DEFAULTBOX\machine\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626} KLPrivateData/KLOtherSoft/KLInternetBrowsers/Internet Explorer/BHO
2009-2-28 16:56:51 Application Filtering Denied: KLPrivateData/KLOtherSoft/KLInternetBrowsers/Internet Explorer/BHO Modification hkey_users\SANDBOX_apple_DEFAULTBOX\machine\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626} KLPrivateData/KLOtherSoft/KLInternetBrowsers/Internet Explorer/BHO
2009-2-28 16:56:52 System Security Process exit C:\Sandbox\apple\DefaultBox\user\current\Local Settings\Temp\Rar$EX00.547\setup.exe

显示全部楼层 · 发表于 2009-2-28 17:10:56

迈克菲给杀了

显示全部楼层 · 发表于 2009-2-28 17:16:43

TO KL

显示全部楼层 · 发表于 2009-2-28 17:35:24

DR.WEB
setup.exe\data002---\setup.exe;Adware.Bho.86

显示全部楼层 · 发表于 2009-2-28 18:12:49

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: http://bbs.kafan.cn/attachment.p ... be&t=1235815894
Information: Is the TR/Drop.Agent.apd Trojan

--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 8.0.15.0, AVE 8.2.0.98, VDF 7.1.2.95

显示全部楼层 · 发表于 2009-2-28 18:14:44

[扫描路径] C:\Documents and Settings\Administrator\桌面\17sui.rar
C:\Documents and Settings\Administrator\桌面\17sui.rar - 压缩文件 RAR
>C:\Documents and Settings\Administrator\桌面\17sui.rar/setup.exe 已加壳，方式： BINARYRES
>>C:\Documents and Settings\Administrator\桌面\17sui.rar/setup.exe - 压缩文件 NSIS
>>>C:\Documents and Settings\Administrator\桌面\17sui.rar/setup.exe/data001 - 确定
>>>C:\Documents and Settings\Administrator\桌面\17sui.rar/setup.exe/data002 是广告软件 Adware.Bho.86
>>C:\Documents and Settings\Administrator\桌面\17sui.rar/setup.exe - 发现压缩文件中有被感染的对象
C:\Documents and Settings\Administrator\桌面\17sui.rar - 发现压缩文件中有被感染的对象
C:\Documents and Settings\Administrator\桌面\17sui.rar:Zone.Identifier - 确定

显示全部楼层 · 发表于 2009-2-28 19:10:30

C:\Test\17sui.rar<RAR>:setup.exe<NSIS>:Snav.dll <- Adware.Bho.Dbk : No action

显示全部楼层 · 发表于 2009-2-28 19:45:53

真的那么厉害啊，我可不想被病毒感染电脑，电脑不能用就要小心饭碗了！

[病毒样本] 一个很强的木马，众多杀毒软件均无反应！！！

ArcaVir 2009