[病毒样本] 34X

显示全部楼层 · 发表于 2009-5-9 22:57:45

下载者样本

[ 本帖最后由 dearhaoji 于 2009-5-9 23:02 编辑 ]

显示全部楼层 · 发表于 2009-5-9 22:58:49

avira kill all

[ 本帖最后由 rok827 于 2009-5-9 23:56 编辑 ]

显示全部楼层 · 发表于 2009-5-9 23:00:17

病毒 2009-05-09  23:08:51 F:\DL\xiao7_0.exe Win32.Troj.Agent.xe.77824 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa9_0.exe Win32.Hack.NsAnti.22654 (后门程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa8_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa7_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa6_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa5_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa4_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa3_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa33_0.exe Win32.Troj.AgentVB.167975 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa31_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa30_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa2_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa29_0.exe Win32.Troj.QQPswT.bs.116858 (QQ小偷变种) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa28_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa27_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa26_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa25_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa24_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa23_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa22_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa21_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa20_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa1_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa19_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa18_0.exe Win32.Troj.OnlineGames.56872 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa17_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa16_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa15_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa14_0.exe Win32.Troj.LiuerT.a.90417 (传奇盗号木马A) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa13_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa12_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa11_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\aa10_0.exe Win32.Troj.cfgT.ex.38507 (木马程序) 隔离成功
病毒 2009-05-09  23:08:51 F:\DL\111_0.exe Win32.Troj.DownLoader.491520 (木马程序) 隔离成功

[ 本帖最后由 Palkia 于 2009-5-9 23:08 编辑 ]

显示全部楼层 · 发表于 2009-5-9 23:00:38

样本呢

显示全部楼层 · 发表于 2009-5-9 23:05:31

http://bbs.kafan.cn/attachment.p ... a3&t=1241881462 multiple threats deleted (after the next restart) - quarantined
http://bbs.kafan.cn/attachment.p ... a3&t=1241881462 » RAR » aa33_0.exe a variant of Win32/VB.NZV trojan was a part of the deleted object
http://bbs.kafan.cn/attachment.p ... a3&t=1241881462 » RAR » xiao7_0.exe probably a variant of Win32/Genetik trojan was a part of the deleted object
http://bbs.kafan.cn/attachment.p ... a3&t=1241881462 » RAR » aa4_0.exe probably a variant of Win32/PSW.OnLineGames.NRD trojan was a part of the deleted object
http://bbs.kafan.cn/attachment.p ... a3&t=1241881462 » RAR » aa1_0.exe probably a variant of Win32/PSW.OnLineGames.NRD trojan was a part of the deleted object
http://bbs.kafan.cn/attachment.p ... a3&t=1241881462 » RAR » aa26_0.exe probably a variant of Win32/PSW.OnLineGames.NRD trojan was a part of the deleted object
http://bbs.kafan.cn/attachment.p ... a3&t=1241881462 » RAR » aa7_0.exe probably a variant of Win32/PSW.OnLineGames.NRD trojan was a part of the deleted object
http://bbs.kafan.cn/attachment.p ... a3&t=1241881462 » RAR » 111_0.exe Win32/Agent.PJI trojan was a part of the deleted object
http://bbs.kafan.cn/attachment.p ... a3&t=1241881462 » RAR » aa29_0.exe Win32/PSW.Delf.NLZ trojan was a part of the deleted object

显示全部楼层 · 发表于 2009-5-9 23:08:28

费尔扫描kill29 动态防御kill 5 剩余0

显示全部楼层 · 发表于 2009-5-9 23:09:06

09:05:2009 23:08:31 SEARCHTASK "USER_DEFINED" started...
scan item: D:\virus\8
scan item: D:\virus\26
File scanned: D:\virus\8\111_0.exe - SIGNATURE FOUND "Trojan-Dropper.Agent"
File scanned: D:\virus\8\aa1_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\8\aa26_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\8\aa29_0.exe - SIGNATURE FOUND "Trojan-PWS.Win32.QQPass"
File scanned: D:\virus\8\aa33_0.exe - SIGNATURE FOUND "Trojan.Win32.Agent"
File scanned: D:\virus\8\aa4_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\8\aa7_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\8\xiao7_0.exe - SIGNATURE FOUND "Trojan-Dropper.Agent"
File scanned: D:\virus\26\aa10_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa11_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa12_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa13_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa14_0.exe - SIGNATURE FOUND "Win32.SuspectCrc"
File scanned: D:\virus\26\aa15_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa16_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa17_0.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: D:\virus\26\aa18_0.exe - SIGNATURE FOUND "Trojan-GameThief.Win32.WOW"
File scanned: D:\virus\26\aa19_0.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: D:\virus\26\aa20_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa21_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa22_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa23_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa24_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa25_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa27_0.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: D:\virus\26\aa28_0.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: D:\virus\26\aa2_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa30_0.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: D:\virus\26\aa31_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa3_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa5_0.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: D:\virus\26\aa6_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa8_0.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: D:\virus\26\aa9_0.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
09:05:2009 23:08:32 SEARCHTASK "USER_DEFINED" FINISHED...
----------------------------------------------------
Directories scanned: 2
Files scanned: 34
Virus found: 34
----------------------------------------------------

显示全部楼层 · 发表于 2009-5-9 23:09:25

OK了！上传样本了

显示全部楼层 · 发表于 2009-5-9 23:10:05

对扫描配置设置:
任务名............: ShlExt
配置文件...........: C:\DOCUME~1\Dog\LOCALS~1\Temp\dd03d823.avp
日志.............: 高
首选操作...........: 询问用户
次选操作...........: 忽略
扫描主引导扇区........: 开
扫描引导扇区.........: 开
引导扇区...........: C:,
进程扫描...........: 关
扫描注册表..........: 关
搜索 rootkits....: 关
系统文件完整性检查......: 关
扫描所有文件.........: 智能文件选择
扫描压缩文档.........: 开
递归深度...........: 20
智能扩展...........: 开
背离压缩文档类型.......: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
宏启发............: 开
文件启发...........: 高
背离风险类型.........: +APPL,+GAME,+JOKE,+PCK,+SPR,
扩展搜索设置.........: 0x08300432

扫描开始于: 2009年5月9日  23:09

开始文件扫描:

开始扫描 'C:\Documents and Settings\Dog\桌面\8.rar'
C:\Documents and Settings\Dog\桌面\
  8.rar
[0] 压缩文档类型: RAR
   --> aa33_0.exe
      [检测]       Is the TR/Crypt.FKM.Gen Trojan
   --> xiao7_0.exe
      [1] 压缩文档类型: RSRC
      --> Object
      [2] 压缩文档类型: Runtime Packed
      [检测]       Is the TR/Hijacker.Gen Trojan
      [警告]       压缩文档中的被感染文件不能修复！
   --> aa4_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa1_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa26_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa7_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> 111_0.exe
      [1] 压缩文档类型: Runtime Packed
      --> Object
      [2] 压缩文档类型: RSRC
      [检测]       Is the TR/Spy.Gen Trojan
      [警告]       压缩文档中的被感染文件不能修复！
   --> aa29_0.exe
      [1] 压缩文档类型: Runtime Packed
      --> Object
      [2] 压缩文档类型: RSRC
      [检测]       Is the TR/ATRAPS.Gen Trojan
      [警告]       压缩文档中的被感染文件不能修复！
  8.rar:Zone.Identifier
开始扫描 'C:\Documents and Settings\Dog\桌面\26.rar'
C:\Documents and Settings\Dog\桌面\
  26.rar
[0] 压缩文档类型: RAR
   --> aa11_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa12_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa13_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa14_0.exe
      [1] 压缩文档类型: Runtime Packed
      [检测]       Is the TR/Hijacker.Gen Trojan
      [警告]       压缩文档中的被感染文件不能修复！
   --> aa15_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa16_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa17_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa18_0.exe
      [检测]       Is the TR/Dropper.Gen Trojan
   --> aa19_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa20_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa21_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa22_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa23_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa24_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa25_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa27_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa28_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa2_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa30_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa31_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa3_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa5_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa6_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa8_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa9_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
   --> aa10_0.exe
      [检测]       Is the TR/Crypt.XDR.Gen Trojan
  26.rar:Zone.Identifier

开始杀毒:
C:\Documents and Settings\Dog\桌面\
  8.rar
[注意]       此文件已被移动到 '4a779ce6.qua'！
C:\Documents and Settings\Dog\桌面\
  26.rar
[注意]       此文件已被移动到 '4a339cee.qua'！

全杀！

显示全部楼层 · 发表于 2009-5-9 23:10:31

在 D:\My Documents\桌面\test\8.rar->xiao7_0.exe 中发现 TrojanDropper.Agent.vjd 病毒, 已删除
在 D:\My Documents\桌面\test\8.rar->aa4_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\8.rar->aa1_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\8.rar->aa26_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\8.rar->aa7_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\8.rar->aa29_0.exe 中发现 Trojan/PSW.QQPass.dhn 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa11_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa12_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa14_0.exe 中发现 TrojanDownloader.Delf.ptt 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa15_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa16_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa17_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa18_0.exe 中发现 Trojan/Agent.abcl 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa19_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa20_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa21_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa22_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa23_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa24_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa25_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa27_0.exe 中发现 Trojan/PSW.LdPinch.pri 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa28_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa2_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa30_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa31_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa3_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa5_0.exe 中发现 Trojan/PSW.LdPinch.pxd 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa6_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa8_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa9_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
在 D:\My Documents\桌面\test\26.rar->aa10_0.exe 中发现 Trojan/Agent.cicj 病毒, 已删除
正常结束。

扫描结果:
               文件数 :36                               病毒体 :31
               删除 :31                                  解毒 :0
扫描速度(千字节/秒) :889                            扫描时间 :00:00:02
扫描文件速度(个/秒) :18

[病毒样本] 34X

本帖子中包含更多资源

34

kv2008 kill