4005+lly66+lqbzse+service+syseter+small696(exe)【第275次更新】

显示全部楼层 · 发表于 2009-3-29 10:52:01

本帖最后由 Sherry.ai 于 2010-4-9 19:30 编辑

From:Zhongsou

Without hash

274：http://www.brsbox.com/filebox/down/fc/d3c871f7511dd99f42174adbea86f363

显示全部楼层 · 发表于 2009-3-29 10:54:48

Starting the file scan:

Begin scan in 'D:\new\4005.exe'
D:\new\4005.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
Begin scan in 'D:\new\llly66.exe'
D:\new\llly66.exe
  [0] Archive type: NSIS
[DETECTION] Contains recognition pattern of the DR/Spy.Agent.ahoi dropper
--> [UnknownDir]/install.exe
   [DETECTION] Is the TR/Agent.FWQ Trojan
--> [UnknownDir]/nlpsa.txt
   [DETECTION] Is the TR/Downloader.Gen Trojan
--> [UnknownDir]/setup.exe
   [DETECTION] Is the TR/Agent.fwq.1 Trojan
--> [UnknownDir]/sysmain.dat
   [DETECTION] Is the TR/Kaba.73278 Trojan
--> [UnknownDir]/sysvc.dat
   [DETECTION] Is the TR/Spy.Agent.abzr Trojan
Begin scan in 'D:\new\lqbz81.exe'
Begin scan in 'D:\new\service.exe'
D:\new\service.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
Begin scan in 'D:\new\setup_1027272.exe'
D:\new\setup_1027272.exe
--> Object
   [1] Archive type: OVL
   --> Object
      [DETECTION] Is the TR/Agent.pxw Trojan
Begin scan in 'D:\new\small66.exe'
D:\new\small66.exe
--> Object
   [DETECTION] Contains recognition pattern of the ADSPY/Agent.XA adware or spyware

Beginning disinfection:
D:\new\4005.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE]    The file was moved to '49fee396.qua'!
D:\new\llly66.exe
[DETECTION] Contains recognition pattern of the DR/Spy.Agent.ahoi dropper
[NOTE]    The file was moved to '4a3ae3d2.qua'!
D:\new\service.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was moved to '4a40e3cb.qua'!
D:\new\setup_1027272.exe
[NOTE]    The file was moved to '4a42e3cb.qua'!
D:\new\small66.exe
[NOTE]    The file was moved to '4a2fe3d3.qua'!

End of the scan: 2009年3月29日  10:56
Used time: 00:00 Minute(s)

The scan has been done completely.

   0 Scanned directories
   13 Files were scanned
   10 Viruses and/or unwanted programs were found
   0 Files were classified as suspicious
   0 files were deleted
   0 Viruses and unwanted programs were repaired
   5 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   1 Archives were scanned
   0 Warnings
   5 Notes

显示全部楼层 · 发表于 2009-3-29 11:01:41

上报4个到山山

显示全部楼层 · 发表于 2009-3-29 11:05:38

avast！ missed one ，to lab

显示全部楼层 · 发表于 2009-3-29 11:12:18

C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > service.exe - Win32/TrojanDownloader.Delf.OQP 特洛伊木马 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > setup_1027272.exe - Win32/Agent.OCX 特洛伊木马的变种 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > small66.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > 4005.exe - Win32/Delf.NHZ 特洛伊木马的变种 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > llly66.exe > NSIS > install.exe - Win32/Adware.NewWeb 应用程序 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > llly66.exe > NSIS > nlpsa.txt - Win32/Adware.NewWeb 应用程序 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > llly66.exe > NSIS > setup.exe - Win32/Adware.NewWeb 应用程序 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > llly66.exe > NSIS > sysmain.dat - Win32/Adware.NewWeb 应用程序 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > llly66.exe > NSIS > sysvc.dat - Win32/Adware.Agent.NLG 应用程序的变种 - 是已删除对象的一部分
C:\Documents and Settings\Administrator\My Documents\桌面\1.rar > RAR > lqbz81.exe - Win32/Agent.PAL 特洛伊木马 - 是已删除对象的一部分

显示全部楼层 · 发表于 2009-3-29 12:19:53

When accessing data from the URL, "http://bbs.kafan.cn/attachment.php?aid=498562&k=a5d7d11c54ee0a63796a19568efe8acf&t=1238300321"
a virus or unwanted program 'TR/ATRAPS.Gen' [trojan] was found.
Action taken: Blocked file

显示全部楼层 · 发表于 2009-3-29 12:21:06

原帖由 Palkia 于 2009-3-29 11:01 发表
上报4个到山山

上报4个到星星

显示全部楼层 · 发表于 2009-3-29 12:23:22

DR.WEB
4005.exe - infected with Trojan.DownLoader.origin
small66.exe - probably infected with MULDROP.Trojan
TO MISS

显示全部楼层 · 发表于 2009-3-29 13:21:17

卡巴
已删除：木马程序 Backdoor.Win32.Hupigon.gjoy 文件: D:\1.rar/service.exe//Petite
已删除：木马程序 Rootkit.Win32.Agent.ijd 文件: D:\1.rar/setup_1027272.exe
已删除：木马程序 Trojan-Spy.Win32.Agent.ahoi 文件: D:\1.rar/llly66.exe//data0008

显示全部楼层 · 发表于 2009-3-29 13:24:54

微点
时间处理结果木马名称木马进程名木马文件创建者
--------------- 处理成功 Trojan-Spy.Win32.Agent.wzf D:\1\LLLY66.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
--------------- 处理成功 Trojan.Win32.Delf.hiu D:\1\4005.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
--------------- 处理成功 Backdoor.Win32.Hupigon.lwn D:\1\SERVICE.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE

显示全部楼层 · 发表于 2009-3-29 13:34:03

4005.exe_ - Trojan-Downloader.Win32.Agent.bpqm,
small66.exe_ - Trojan-Dropper.Win32.Agent.albd

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

显示全部楼层 · 发表于 2009-3-29 20:24:53

只有1个更新了

a-squared 4.0.0.101 2009.03.29 Trojan.Win32.AgentBypass!IK
AhnLab-V3 5.0.0.2 2009.03.28 -
AntiVir 7.9.0.129 2009.03.27 TR/Agent.122880.44
Antiy-AVL 2.0.3.1 2009.03.29 -
Authentium 5.1.2.4 2009.03.28 W32/Heuristic-KPP!Eldorado
Avast 4.8.1335.0 2009.03.28 -
AVG 8.5.0.285 2009.03.28 -
BitDefender 7.2 2009.03.29 -
CAT-QuickHeal 10.00 2009.03.28 -
ClamAV 0.94.1 2009.03.29 -
Comodo 1089 2009.03.29 -
DrWeb 4.44.0.09170 2009.03.29 MULDROP.Trojan
eSafe 7.0.17.0 2009.03.27 Suspicious File
eTrust-Vet 31.6.6421 2009.03.27 -
F-Prot 4.4.4.56 2009.03.28 W32/Heuristic-KPP!Eldorado
F-Secure 8.0.14470.0 2009.03.29 -
Fortinet 3.117.0.0 2009.03.29 -
GData 19 2009.03.29 -
Ikarus T3.1.1.48.0 2009.03.29 Trojan.Win32.AgentBypass
K7AntiVirus 7.10.684 2009.03.28 -
Kaspersky 7.0.0.125 2009.03.29 -
McAfee 5567 2009.03.28 -
McAfee+Artemis 5567 2009.03.28 -
McAfee-GW-Edition 6.7.6 2009.03.29 Ad-Spyware.Agent.XA
Microsoft 1.4502 2009.03.29 Trojan:Win32/AgentBypass.gen!I
NOD32 3972 2009.03.28 probably a variant of Win32/Genetik
Norman 6.00.06 2009.03.27 -
nProtect 2009.1.8.0 2009.03.29 -
Panda 10.0.0.10 2009.03.29 -
PCTools 4.4.2.0 2009.03.29 -
Prevx1 V2 2009.03.29 -
Rising 21.22.62.00 2009.03.29 -
Sophos 4.40.0 2009.03.29 Mal/Emogen-P
Sunbelt 3.2.1858.2 2009.03.28 -
Symantec 1.4.4.12 2009.03.29 Downloader
TheHacker 6.3.3.9.295 2009.03.29 -
TrendMicro 8.700.0.1004 2009.03.28 PAK_Generic.001
VBA32 3.12.10.1 2009.03.27 -
ViRobot 2009.3.27.1666 2009.03.27 -

显示全部楼层 · 发表于 2009-3-29 20:29:47

第二次上报山山

显示全部楼层 · 发表于 2009-3-29 20:47:06

FILSECLAB

显示全部楼层 · 发表于 2009-3-30 08:43:18

Name: Trojan.Agent2.PW
Type: Trojan

Description:

Files:
c:\users\administrator\desktop\新建文件夹\lqbz81.exe

显示全部楼层 · 发表于 2009-3-30 18:22:48

Update

显示全部楼层 · 发表于 2009-3-30 18:25:39

AVIRA KILLED。

显示全部楼层 · 发表于 2009-3-30 18:25:47

第3次更新
TR/ATRAPS.Gen

显示全部楼层 · 发表于 2009-3-30 19:29:25

SSD亮了。。

显示全部楼层 · 发表于 2009-3-30 20:11:08

Hello,
service.exe_ - Backdoor.Win32.Hupigon.gnbw,
small66(1).exe_ - Trojan-Dropper.Win32.Agent.aldd
New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.
Please quote all when answering.
The answer is relevant to the latest bases from update sources.

>
>
Regards, Kusachev Mikhail
Virus Analyst
10/1, 1st Volokolamsky Proezd, Moscow, 123060, Russia
Tel./Fax: + 7 (495) 797 8700
http://www.kaspersky.com http://www.viruslist.com

卡巴今晚回复很有效率..~!

[ 本帖最后由 328397663 于 2009-3-30 20:38 编辑 ]

[病毒样本] 4005+lly66+lqbzse+service+syseter+small696(exe)【第275次更新】

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源