7x 【5楼 >不完整的木马群病毒样本】

幸福的猪猪

hxxp://www.downpao.com/setup.rar
hxxp://333.8585le.com/00/2.exe
hxxp://www.6oo7.cn/a/34.exe
hxxp://qdvod.dcv2.cn/tj2/t2.exe
hxxp://qdvod.dcv2.cn/tj2/css.exe
hxxp://www.6oo7.cn/d/166.exe
hxxp://qdvod.dcv2.cn/root/mmc.exe

解压密码为：infected

kaba miss setup.rar ,to kill !

Hello,


de.exe - Trojan-Downloader.Win32.Agent.bklk

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.


[ 本帖最后由 幸福的猪猪 于 2009-3-10 08:09 编辑 ]

nosferatu

Begin scan in 'C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD'
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD\TDDOWNLOAD\166.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.aber.43 back-door program
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD\TDDOWNLOAD\2.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD\TDDOWNLOAD\34.exe
      --> Object
        [1] Archive type: RSRC
        --> Object
          [DETECTION] Contains a recognition pattern of the (harmful) BDS/Delf.cas back-door program
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD\TDDOWNLOAD\css.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD\TDDOWNLOAD\mmc.exe
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD\TDDOWNLOAD\t2.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was deleted!
25283561  de.exe  234 KB  UNDER ANALYSIS

ledled

de.exe to VB

Sebastian

Starting the file scan:

Begin scan in 'D:\TDDOWNLOAD'
D:\TDDOWNLOAD\166.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.aber.43 back-door program
    [NOTE]      A backup was created as '49eba596.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\2.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a1aa58e.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\34.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
        [DETECTION] Contains a recognition pattern of the (harmful) BDS/Delf.cas back-door program
    [NOTE]      A backup was created as '49e3a594.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\css.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '4a28a5d3.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\mmc.exe
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    [NOTE]      A backup was created as '4a18a5ce.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\t2.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '49e3a593.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2009年3月10日  07:25
Used time: 00:01 Minute(s)

The scan has been done completely.

      1 Scanned directories
      7 Files were scanned
      6 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      6 files were deleted
      0 Viruses and unwanted programs were repaired
      6 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      0 Archives were scanned
      0 Warnings
      6 Notes

幸福的猪猪

再来12x  
kaba miss 5x ，to kill ！【由于某些特殊原因，病毒下载地址不完整，可以说又是一个木马群！】

hxxp://temp.838wg.cn/pp/my.exe
hxxp://don.b1du.net/down/gbjxsj.exe
hxxp://don.b1du.net/down/lazx.exe
hxxp://don.b1du.net/down/gbdj.exe
hxxp://don.b1du.net/down/lacb.exe
hxxp://don.b1du.net/down/lawow.exe
hxxp://don.b1du.net/down/gbdh2.exe
hxxp://don.b1du.net/down/gzdh3.exe
hxxp://don.b1du.net/down/gbdnf.exe
hxxp://don.b1du.net/down/gzjr.exe
hxxp://don.b1du.net/down/gbwd.exe
hxxp://don.b1du.net/down/gbwmgj.exe

样本全部打包上报！

kaba miss 5x的回信：

Hello,


gbjxsj.exe - Trojan-GameThief.Win32.WOW.gbr

This file is already detected. Please update your antivirus bases.

lacb.exe - Trojan-GameThief.Win32.WOW.gbx
lawow.exe - Trojan-GameThief.Win32.WOW.gci
lazx.exe - Trojan-GameThief.Win32.WOW.gce
my.exe - Trojan-GameThief.Win32.WOW.gcl

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.



解压密码为：infected

[ 本帖最后由 幸福的猪猪 于 2009-3-10 14:58 编辑 ]

Sebastian

avira premium security suite 9

Starting the file scan:

Begin scan in 'D:\TDDOWNLOAD'
D:\TDDOWNLOAD\gbdh2.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a19a8ee.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\gbdj.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4b986eff.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\gbdnf.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a19a910.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\gbjxsj.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a1fa8ee.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\gbwd.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a2ca8ee.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\gbwmgj.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4bad6eff.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\gzdh3.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a19a906.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\gzjr.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a1fa906.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\lacb.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a18a8ed.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\lawow.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a2ca8ed.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\lazx.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '4a2fa8ed.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\TDDOWNLOAD\my.exe
    [DETECTION] Is the TR/BHO.Gen Trojan
    [NOTE]      A backup was created as '49e3a905.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2009年3月10日  07:38
Used time: 00:00 Minute(s)

The scan has been done completely.

      1 Scanned directories
     12 Files were scanned
     12 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
     12 files were deleted
      0 Viruses and unwanted programs were repaired
     12 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      0 Archives were scanned
      0 Warnings
     12 Notes

wcj20236

微点全杀。。。

ledled

MISS 4 to VB

kingmuro

Palkia

miss to rs