一只

显示全部楼层 · 发表于 2009-2-28 22:35:37

TO KL

显示全部楼层 · 发表于 2009-2-28 22:43:57

启发可杀
2009/2/28 22:43:58 已清除病毒 HEUR:Trojan.Win32.Generic G:\Temp\Virus\256.rar/256.exe//ASPack

显示全部楼层 · 发表于 2009-2-28 22:45:56

000040AD 004040AD    0 !This program cannot be run in DOS mode.
00004248 00404248    0 .text
00004270 00404270    0 .rdata
00004297 00404297    0 @.data
000042C0 004042C0    0 .rsrc
000042E7 004042E7    0 @.reloc
00004472 00404472    0 qWh,R
000045CC 004045CC    0 VWhPR
000046A7 004046A7    0 SUVW
000047D4 004047D4    0 YYh0u
00004A29 00404A29    0 XSVWh
00004A82 00404A82    0 PVVVVVVV
00004FB5 00404FB5    0 UVh@u
000050B8 004050B8    0 YYt&WV
00005149 00405149    0 PVWVVVh
00005193 00405193    0 QVWVVVP
000052DA 004052DA    0 qWhPR
00005321 00405321    0 q@Pj@
00005355 00405355    0 q@Pj@
00005389 00405389    0 YYj@Y3
0000539E 0040539E    0 D$$Ph
00005448 00405448    0 qSSSj
00005490 00405490    0 YSSVh~
00005539 00405539    0 t,h$]
00005554 00405554    0 QQSPQQ
00005682 00405682    0 u'SSSSS
000057DA 004057DA    0 SWhPR
0000582D 0040582D    0 Pjfhp]
00005963 00405963    0 SWhPR
0000597B 0040597B    0 qj@Y3
000059D6 004059D6    0 qSSSj
00005C14 00405C14    0 SVWhPR
00005CF4 00405CF4    0 Pjghp]
00005D48 00405D48    0 SVWh?
00005D59 00405D59    0 qVVVVV
0000602A 0040602A    0 SWj@Y
00006559 00406559    0 Ph@$"
00006570 00406570    0 PhT$"
000066FA 004066FA    0 8MZu<
000068DF 004068DF    0 ;C8s(
00006A9B 00406A9B    0 qWj'Y3
00006B23 00406B23    0 SVWhPR
00006C7B 00406C7B    0 $j@Y3
00006D36 00406D36    0 HVtHHt3Ht
00006DDC 00406DDC    0 VVVhE
00006E10 00406E10    0 VWj@Y3
00006E53 00406E53    0 Pjhhp]
00006F20 00406F20    0 SVWj@Y3
000070BF 004070BF    0 qQUVPQh
000070F1 004070F1    0 L$ Q@P
0000717F 0040717F    0 SVWj@Y3
000072B8 004072B8    0 VC20XC00U
000073C7 004073C7    0 SVWUj
00007430 00407430    0 t.;t$$t(
00007A10 00407A10    0 ImportREC.exe
00007A20 00407A20    0 C32Asm.exe
00007A2C 00407A2C    0 LordPE.exe
00007A38 00407A38    0 PEditor.exe
00007A44 00407A44    0 OllyICE.exe
00007A50 00407A50    0 OllyDbg.exe
00007A5C 00407A5C    0 GetCurrentProcessId
00007A8C 00407A8C    0 IsDebuggerPresent
00007AA0 00407AA0    0 kernel32.dll
00007AB0 00407AB0    0 Sleep
00007ACC 00407ACC    0 CoInitializeEx
00007ADC 00407ADC    0 NSDownLoader26AVip20081206
00007AF8 00407AF8    0 svchost.exe
00007B04 00407B04    0 explorer.exe
00007B14 00407B14    0 SeDebugPrivilege
00007B30 00407B30    0 %s%d.txt
00007B54 00407B54    0 URLDownloadToFileA
00007B68 00407B68    0 ZwOpenSection
00007B78 00407B78    0 RtlInitUnicodeString
00007BA4 00407BA4    0 CURRENT_USER
00007BE4 00407BE4    0 SeSecurityPrivilege
00007BF8 00407BF8    0 pccguide.exe
00007C08 00407C08    0 ZONEALARM.exe
00007C18 00407C18    0 zonealarm.exe
00007C28 00407C28    0 XDelbox.exe
00007C34 00407C34    0 wink.exe
00007C40 00407C40    0 windows
00007C54 00407C54    0 WFINDV32.exe
00007C64 00407C64    0 webtrap.exe
00007C70 00407C70    0 WEBSCANX.exe
00007C80 00407C80    0 WEBSCAN.exe
00007C8C 00407C8C    0 vsstat.exe
00007C98 00407C98    0 VSSCAN40
00007CA4 00407CA4    0 VSHWIN32.exe
00007CB4 00407CB4    0 vshwin32.exe
00007CC4 00407CC4    0 VSECOMR.exe
00007CD0 00407CD0    0 VPC32.exe
00007CDC 00407CDC    0 vir.exe
00007CE4 00407CE4    0 VETTRAY.exe
00007CF0 00407CF0    0 VET95.exe
00007CFC 00407CFC    0 vavrunr.exe
00007D08 00407D08    0 UlibCfg.exe
00007D14 00407D14    0 TSC.exe
00007D1C 00407D1C    0 tmupdito.exe
00007D2C 00407D2C    0 tmproxy.exe
00007D38 00407D38    0 TMOAgent.exe
00007D48 00407D48    0 Tmntsrv.exe
00007D54 00407D54    0 TDS2-NT.exe
00007D60 00407D60    0 TDS2-98.exe
00007D6C 00407D6C    0 TCA.exe
00007D74 00407D74    0 TBSCAN.exe
00007D80 00407D80    0 symproxysvc.exe
00007D90 00407D90    0 SWEEP95.exe
00007D9C 00407D9C    0 sreng.exe
00007DA8 00407DA8    0 spy.exe
00007DB0 00407DB0    0 SPHINX.exe
00007DBC 00407DBC    0 smtpsvc.exe
00007DC8 00407DC8    0 SMC.exe
00007DD0 00407DD0    0 sirc32.exe
00007DDC 00407DDC    0 SERV95.exe
00007DE8 00407DE8    0 secu.exe
00007DF4 00407DF4    0 SCRSCAN.exe
00007E00 00407E00    0 scon.exe
00007E0C 00407E0C    0 SCANPM.exe
00007E18 00407E18    0 SCAN32.exe
00007E24 00407E24    0 scan.exe
00007E30 00407E30    0 scam32.exe
00007E3C 00407E3C    0 safeweb.exe
00007E48 00407E48    0 safeboxTray.exe
00007E58 00407E58    0 rn.exe
00007E60 00407E60    0 Rfw.exe
00007E68 00407E68    0 rescue32.exe
00007E78 00407E78    0 regedit.exe
00007E84 00407E84    0 RavTask.exe
00007E90 00407E90    0 RavStub.exe
00007E9C 00407E9C    0 RavMonD.exe
00007EA8 00407EA8    0 RavMon.exe
00007EB4 00407EB4    0 rav7win.exe
00007EC0 00407EC0    0 RAV7.exe
00007ECC 00407ECC    0 Rav.exe
00007ED4 00407ED4    0 ras.exe
00007EDC 00407EDC    0 pview95.exe
00007EE8 00407EE8    0 prot.exe
00007EF4 00407EF4    0 program.exe
00007F00 00407F00    0 PpPpWallRun.exe
00007F10 00407F10    0 PERSFW.exe
00007F1C 00407F1C    0 PCFWALLICON.exe
00007F2C 00407F2C    0 pccwin98.exe
00007F3C 00407F3C    0 pccmain.exe
00007F48 00407F48    0 pcciomon.exe
00007F58 00407F58    0 PCCClient.exe
00007F68 00407F68    0 pcc.exe
00007F70 00407F70    0 PAVCL.exe
00007F7C 00407F7C    0 PADMIN.exe
00007F88 00407F88    0 OUTPOST.exe
00007F94 00407F94    0 NVC95.exe
00007FA0 00407FA0    0 NUPGRADE.exe
00007FB0 00407FB0    0 norton.exe
00007FBC 00407FBC    0 NORMIST.exe
00007FC8 00407FC8    0 NMAIN.exe
00007FD4 00407FD4    0 nisum.exe
00007FE0 00407FE0    0 nisserv.exe
00007FEC 00407FEC    0 NAVWNT.exe
00007FF8 00407FF8    0 navwnt.exe
00008004 00408004    0 NAVW32.exe
00008010 00408010    0 NAVW.exe
0000801C 0040801C    0 NAVSCHED.exe
0000802C 0040802C    0 navrunr.exe
00008038 00408038    0 NAVNT.exe
00008044 00408044    0 NAVLU32.exe
00008050 00408050    0 navapw32.exe
00008060 00408060    0 navapsvc.exe
00008070 00408070    0 N32ACAN.exe
0000807C 0040807C    0 ms.exe
00008084 00408084    0 MPFTRAY.exe
00008090 00408090    0 MOOLIVE.exe
0000809C 0040809C    0 moniker.exe
000080A8 004080A8    0 mon.exe
000080B0 004080B0    0 microsoft.exe
000080C0 004080C0    0 mcafee.exe
000080CC 004080CC    0 LUCOMSERVER.exe
000080DC 004080DC    0 luall.exe
000080E8 004080E8    0 LOOKOUT.exe
000080F4 004080F4    0 lockdown2000.exe
00008108 00408108    0 lamapp.exe
00008114 00408114    0 kwatch.exe
00008120 00408120    0 KVPreScan.exe
00008130 00408130    0 KVMonXP.exe
0000813C 0040813C    0 KRF.exe
00008144 00408144    0 KPPMain.exe
00008150 00408150    0 kpfwsvc.exe
0000815C 0040815C    0 kpfw32.exe
00008168 00408168    0 KPFW32.exe
00008174 00408174    0 kissvc.exe
00008180 00408180    0 kavstart.exe
00008190 00408190    0 kav32.exe
0000819C 0040819C    0 Kasmain.exe
000081A8 004081A8    0 Kabackreport.exe
000081BC 004081BC    0 JED.exe
000081C4 004081C4    0 iomon98.exe
000081D0 004081D0    0 iom.exe
000081D8 004081D8    0 ICSSUPPNT.exe
000081E8 004081E8    0 ICMOON.exe
000081F4 004081F4    0 ICLOADNT.exe
00008204 00408204    0 ICLOAD95.exe
00008214 00408214    0 IceSword.exe
00008224 00408224    0 ice.exe
0000822C 0040822C    0 IBMAVSP.exe
00008238 00408238    0 IBMASN.exe
00008244 00408244    0 IAMSERV.exe
00008250 00408250    0 IAMAPP.exe
0000825C 0040825C    0 F-STOPW.exe
00008268 00408268    0 f-stopw.exe
00008274 00408274    0 FRW.exe
0000827C 0040827C    0 FP-WIN.exe
00008288 00408288    0 fp-win.exe
00008294 00408294    0 f-prot95.exe
000082A4 004082A4    0 F-PROT.exe
000082B8 004082B8    0 FINDVIRU.exe
000082C8 004082C8    0 F-AGNT95.exe
000082D8 004082D8    0 explorewclass.exe
000082EC 004082EC    0 ESPWATCH.exe
000082FC 004082FC    0 ESAFE.exe
00008308 00408308    0 EFINET32.exe
00008318 00408318    0 ECENGINE.exe
00008328 00408328    0 DVP95.exe
00008334 00408334    0 DV95_O.exe
00008340 00408340    0 DV95.exe
0000834C 0040834C    0 debu.exe
00008358 00408358    0 dbg.exe
00008360 00408360    0 DAVPFW.exe
0000836C 0040836C    0 CLEANER3.exe
0000837C 0040837C    0 CLEANER.exe
00008388 00408388    0 CLAW95CT.exe
00008398 00408398    0 CLAW95.exe
000083A4 004083A4    0 cfinet32.exe
000083B4 004083B4    0 cfinet.exe
000083C0 004083C0    0 CFIND.exe
000083CC 004083CC    0 CFIAUDIT.exe
000083DC 004083DC    0 CFIADMIN.exe
000083EC 004083EC    0 CCenter.exe
000083F8 004083F8    0 BLACKICE.exe
00008408 00408408    0 BLACKD.exe
00008414 00408414    0 avxonsol.exe
00008424 00408424    0 AVWIN95.exe
00008430 00408430    0 avsynmgr.exe
00008440 00408440    0 AVSCHED32.exe
00008450 00408450    0 AVPUPD.exe
0000845C 0040845C    0 AVKSERV.exe
00008468 00408468    0 avk.exe
00008470 00408470    0 AVGCTRL.exe
0000847C 0040847C    0 AVE32.exe
00008488 00408488    0 AVCONSOL.exe
00008498 00408498    0 AUTODOWN.exe
000084A8 004084A8    0 ATRACK.exe
000084B4 004084B4    0 atrack.exe
000084C0 004084C0    0 antivir.exe
000084CC 004084CC    0 ANTI-TROJAN.exe
000084DC 004084DC    0 anti.exe
000084E8 004084E8    0 ACKWIN32.exe
000084F8 004084F8    0 360tray.exe
00008504 00408504    0 360safebox.exe
00008514 00408514    0 360safe.exe
00008520 00408520    0 Debugger
0000852C 0040852C    0 Avp.exe
00008538 00408538    0 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
00008584 00408584    0 LoadLibraryA
00008594 00408594    0 VirtualAllocEx
000085A4 004085A4    0 \svchost.exe
000085B4 004085B4    0 NsDlRK250
000085C0 004085C0    0 \\.\NsDlRK250
000085D4 004085D4    0 \Nskhelper2.sys
00008688 00408688    0 CheckSumMappedFile
0000869C 0040869C    0 NsPsDk%.2d
000086C0 004086C0    0 %s\NsPass%d.sys
000086EC 004086EC    0 SYSTEM
000086F4 004086F4    0 TEST_EVENT
00008770 00408770    0 NsDnldrKillProcess
00008784 00408784    0 NtQuerySystemInformation
000087DC 004087DC    0 KeServiceDescriptorTable
000087F8 004087F8    0 ntdll.dll
00008830 00408830    0 inet_addr
0000883C 0040883C    0 SendARP
00008860 00408860    0 GetAdaptersInfo
00008870 00408870    0 WinNT
00008878 00408878    0 Win2K
00008880 00408880    0 WinXP
00008888 00408888    0 Win2003
00008890 00408890    0 UnKnow
00008898 00408898    0 %s?mac=%s&os=%s&ver=2.6A.1206&temp=%d&key=%d
000088C8 004088C8    0 %.2X-%.2X-%.2X-%.2X-%.2X-%.2X
000088E8 004088E8    0 \appwinproc.dll
000088F8 004088F8    0 360.qihoo.com
00008908 00408908    0 tool.ikaka.com
00008918 00408918    0 www.virustotal.com
0000892C 0040892C    0 bbs.sucop.com
0000893C 0040893C    0 www.dswlab.com
0000894C 0040894C    0 www.nod32club.com
00008960 00408960    0 www.lanniao.org
00008970 00408970    0 www.cnnod32.cn
00008980 00408980    0 www.kaspersky.com
00008994 00408994    0 virustotal.com
000089A4 004089A4    0 kaspersky.com.cn
000089B8 004089B8    0 www.kaspersky.com.cn
000089D0 004089D0    0 union.kingsoft.com
000089E4 004089E4    0 shadu.duba.net
000089F4 004089F4    0 www.nod32.com
00008A04 00408A04    0 www.eset.com.cn
00008A14 00408A14    0 www.duba.net
00008A24 00408A24    0 www.jiangmin.com
00008A38 00408A38    0 jiangmin.com
00008A48 00408A48    0 dl.jiangmin.com
00008A58 00408A58    0 rising.com.cn
00008A68 00408A68    0 www.rising.com.cn
00008A7C 00408A7C    0 www.chinakv.com
00008A8C 00408A8C    0 www.360safe.com
00008A9C 00408A9C    0 www.360safe.cn
00008AAC 00408AAC    0 www.360.cn

显示全部楼层 · 发表于 2009-2-28 22:52:18

显示全部楼层 · 发表于 2009-2-28 22:53:58

'RKIT/Agent.8320.C' [trojan]

显示全部楼层 · 发表于 2009-2-28 22:57:56

VirusBuster found nothing

显示全部楼层 · 发表于 2009-2-28 23:01:44

to rs

显示全部楼层 · 发表于 2009-2-28 23:25:23

Hello,

256.exe - Trojan-Downloader.Win32.Agent.bjhv

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

显示全部楼层 · 发表于 2009-2-28 23:55:51

BitDefender 2009

This web page has been blocked by BitDefender Antivirus Real-time Protection!

The blocked web page included objects that were either infected or likely to be infected with a virus. Your system has NOT been infected.

显示全部楼层 · 发表于 2009-3-1 00:08:43

dr.web
\256.exe - infected with Trojan.Inject.5415

[病毒样本] 一只

本帖子中包含更多资源

本帖子中包含更多资源

评分