mirc

显示全部楼层 · 发表于 2009-4-14 12:11:59

Scanned file: postcard.gif.rar - Infected
postcard.gif.rar/postcard.gif.exe/archive comment - OK
postcard.gif.rar/postcard.gif.exe/a.reg - infected by Backdoor.IRC.Zapchast.zwrc
postcard.gif.rar/postcard.gif.exe/aliases.ini - OK
postcard.gif.rar/postcard.gif.exe/control.ini - OK
postcard.gif.rar/postcard.gif.exe/mirc.ico - OK
postcard.gif.rar/postcard.gif.exe/mirc.ini - infected by Backdoor.IRC.Zapchast.zwrc
postcard.gif.rar/postcard.gif.exe/run.bat - infected by Backdoor.IRC.Zapchast.zwrc
postcard.gif.rar/postcard.gif.exe/servers.ini - OK
postcard.gif.rar/postcard.gif.exe/spoolsv.exe - infected by not-a-virus:Client-IRC.Win32.mIRC.603
postcard.gif.rar/postcard.gif.exe/users.ini - OK
postcard.gif.rar/postcard.gif.exe/ident.txt - OK
postcard.gif.rar/postcard.gif.exe/xmas.jpg - OK
postcard.gif.rar/postcard.gif.exe/fullname.txt - OK
postcard.gif.rar/postcard.gif.exe/s.mrc - OK
postcard.gif.rar/postcard.gif.exe/com.mrc - OK

显示全部楼层 · 发表于 2009-4-14 12:13:04

结果: 找到 2 恶意软件
Backdoor.IRC.Zapchast.zwrc (病毒)

* G:\postcard.gif.rar\postcard.gif.exe\mirc.ini
* G:\postcard.gif.rar\postcard.gif.exe\run.bat

找到危险软件
Client-IRC.Win32.mIRC.603 (危险软件)

* G:\postcard.gif.rar\postcard.gif.exe\spoolsv.exe

显示全部楼层 · 发表于 2009-4-14 12:19:28

2009-04-14 12:19:20 修改文件操作:阻止并结束进程
进程路径:E:\virus\postcard.gif.exe
文件路径:C:\Windows\temp
触发规则:所有程序规则->03-禁止创建文件的目录（黑名单）->%windir%\*

显示全部楼层 · 发表于 2009-4-14 12:21:20

D:\kafan\postcard.gif.rar
  [0] Archive type: RAR
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
--> postcard.gif.exe
   [DETECTION] Contains recognition pattern of the DR/PSW.Zapchast.zwrc.67 dropper
   --> a.reg
      [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.1260.A back-door program
   --> mirc.ini
      [DETECTION] Is the TR/PSW.Zapchast.zwrc.2 Trojan
   --> run.bat
      [DETECTION] Contains recognition pattern of the BAT/Zapchast.U batch virus

显示全部楼层 · 发表于 2009-4-14 13:04:17

显示全部楼层 · 发表于 2009-4-14 13:32:38

卡巴检测到：木马程序 Backdoor.IRC.Zapchast.zwrc URL:

.exe//a.reg

显示全部楼层 · 发表于 2009-4-15 14:55:38

名称: mIRC based
类型: Backdoor

描述:
Gives someone else access to your computer by bypassing the normal authentication procedures.

文件:
c:\users\administrator\desktop\postcard.gif.exe|spoolsv.exe

名称: Trojan.mIRC-Based.AM
类型: Trojan

描述:

文件:
c:\users\administrator\desktop\postcard.gif.exe|run.bat

[病毒样本] mirc

本帖子中包含更多资源

本帖子中包含更多资源