2只小马,5楼更新了个毒包

显示全部楼层 · 发表于 2009-4-11 17:39:07

在外挂找的盗号木马

，已上报KV09

[ 本帖最后由 utfhv 于 2009-4-11 17:53 编辑 ]

显示全部楼层 · 发表于 2009-4-11 17:45:01

McAfee Artemis
to McAfee

[ 本帖最后由 schumi小粉于 2009-4-11 17:46 编辑 ]

显示全部楼层 · 发表于 2009-4-11 17:45:43

FS miss

A2 Trojan-Dropper.Win32.Comotor!IK

Starting the file scan:

Begin scan in 'D:\TDDownload\s.rar'
D:\TDDownload\s.rar
  [0] Archive type: RAR
--> ComRes.dll
   [DETECTION] Contains HEUR/Malware suspicious code
--> sgw.exe
   [1] Archive type: RSRC
   [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> 4.exe
   [1] Archive type: RSRC
   [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan

Beginning disinfection:
D:\TDDownload\s.rar
[NOTE]    The file was deleted!

End of the scan: 2009年4月11日  17:45
Used time: 00:00 Minute(s)

The scan has been done completely.

   0 Scanned directories
   5 Files were scanned
   0 Viruses and/or unwanted programs were found
   3 Files were classified as suspicious
   1 files were deleted
   0 Viruses and unwanted programs were repaired
   0 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2009-4-11 17:47:30

Warning

--------------------------------------------------------------------------------

In order not to compromise your security, this page will not be accessed

A virus or unwanted program has been detected
in the HTTP data on the requested page.

--------------------------------------------------------------------------------

Requested URL: http://bbs.kafan.cn/attachment.p ... 6f&t=1239443128
Information Contains HEUR/Malware suspicious code

--------------------------------------------------------------------------------

Generated by AntiVir WebGuard 9.0.3.0, AVE 8.2.0.138, VDF 7.1.3.41

显示全部楼层 · 发表于 2009-4-11 17:52:36

http://www.namipan.com/d/QQ%e5%8 ... 346290630d95d1d4600 再来一个毒包，可以测下你的杀软

显示全部楼层 · 发表于 2009-4-11 17:56:30

TR/Dropper.Gen

显示全部楼层 · 发表于 2009-4-11 18:31:11

2009-4-11 18:32:37 c:\documents and settings\administrator\桌面\4.exe 创建文件 C:\WINDOWS\system32\mmsfc1.dll 阻止 [文件组]危险文件和重要文件_阻止建改删 -> [文件]c:\windows\*; *.dll
2009-4-11 18:32:37 c:\documents and settings\administrator\桌面\4.exe 修改文件 C:\WINDOWS\system32\comres.dll 阻止 [文件组]全局阻止改 -> [文件]*; *.dll
2009-4-11 18:32:37 c:\documents and settings\administrator\桌面\4.exe 修改文件 C:\WINDOWS\system32\ComRes.dll 阻止 [文件组]全局阻止改 -> [文件]*; *.dll
2009-4-11 18:32:37 c:\documents and settings\administrator\桌面\4.exe 创建文件 C:\WINDOWS\fOntS\ComRes.dll 阻止 [文件组]危险文件和重要文件_阻止建改删 -> [文件]c:\windows\*; *.dll
2009-4-11 18:32:37 c:\documents and settings\administrator\桌面\4.exe 创建文件 C:\WINDOWS\fOntS\gth68335.ttf 阻止 [文件组]关系到系统启动运行的文件_阻止建改删 -> [文件]c:\windows\*
2009-4-11 18:32:37 c:\documents and settings\administrator\桌面\4.exe 创建文件 C:\WINDOWS\fOntS\gth68335.fon 阻止 [文件组]关系到系统启动运行的文件_阻止建改删 -> [文件]c:\windows\*
2009-4-11 18:32:37 c:\documents and settings\administrator\桌面\4.exe 创建文件 C:\WINDOWS\system32\gth68335.exe 阻止 [文件组]危险文件和重要文件_阻止建改删 -> [文件]c:\windows\*; *.exe
2009-4-11 18:32:37 c:\documents and settings\administrator\桌面\4.exe 创建文件 C:\WINDOWS\system32\gth68335.exe 阻止 [文件组]危险文件和重要文件_阻止建改删 -> [文件]c:\windows\*; *.exe
2009-4-11 18:32:37 c:\documents and settings\administrator\桌面\4.exe 创建文件 C:\WINDOWS\system32\gth68335.exe 阻止 [文件组]危险文件和重要文件_阻止建改删 -> [文件]c:\windows\*; *.exe
2009-4-11 18:32:39 c:\documents and settings\administrator\桌面\sgw.exe 创建文件 C:\WINDOWS\system32\mmsfc1.dll 阻止 [文件组]危险文件和重要文件_阻止建改删 -> [文件]c:\windows\*; *.dll
2009-4-11 18:32:39 c:\documents and settings\administrator\桌面\sgw.exe 创建文件 C:\WINDOWS\system32\mmsfc1.dll 阻止 [文件组]危险文件和重要文件_阻止建改删 -> [文件]c:\windows\*; *.dll
2009-4-11 18:32:39 c:\documents and settings\administrator\桌面\sgw.exe 创建文件 C:\WINDOWS\system32\mmsfc1.dll 阻止 [文件组]危险文件和重要文件_阻止建改删 -> [文件]c:\windows\*; *.dll
2009-4-11 18:32:39 c:\documents and settings\administrator\桌面\sgw.exe 修改文件 C:\WINDOWS\system32\comres.dll 阻止 [文件组]全局阻止改 -> [文件]*; *.dll
2009-4-11 18:32:39 c:\documents and settings\administrator\桌面\sgw.exe 修改文件 C:\WINDOWS\system32\ComRes.dll 阻止 [文件组]全局阻止改 -> [文件]*; *.dll
2009-4-11 18:32:39 c:\documents and settings\administrator\桌面\sgw.exe 创建文件 C:\WINDOWS\fOntS\ComRes.dll 阻止 [文件组]危险文件和重要文件_阻止建改删 -> [文件]c:\windows\*; *.dll
2009-4-11 18:32:39 c:\documents and settings\administrator\桌面\sgw.exe 创建文件 C:\WINDOWS\fOntS\gth68335.ttf 阻止 [文件组]关系到系统启动运行的文件_阻止建改删 -> [文件]c:\windows\*
2009-4-11 18:32:39 c:\documents and settings\administrator\桌面\sgw.exe 创建文件 C:\WINDOWS\fOntS\gth68335.fon 阻止 [文件组]关系到系统启动运行的文件_阻止建改删 -> [文件]c:\windows\*
2009-4-11 18:32:39 c:\documents and settings\administrator\桌面\sgw.exe 创建文件 C:\WINDOWS\system32\gth68335.exe 阻止 [文件组]危险文件和重要文件_阻止建改删 -> [文件]c:\windows\*; *.exe

显示全部楼层 · 发表于 2009-4-11 20:18:49

2009/4/11 20:17:38 已清除木马程序 Trojan.Win32.Chifrax.a G:\Temp\Virus\QQ华夏外挂.rar/QQ华夏外挂.exe
1楼 To KL

显示全部楼层 · 发表于 2009-4-11 20:37:07

all to dw

显示全部楼层 · 发表于 2009-4-11 21:26:44

ik kill 2

[病毒样本] 2只小马,5楼更新了个毒包

本帖子中包含更多资源

回复 5楼 utfhv 的帖子

回复 1楼 utfhv 的帖子

浏览过的版块