中了OK.exe（已上传源文件）

小小爬蔷虎

郁闷，装了nod32 4.0 最新的病毒库，仍然中招。换了小红伞，监控一直报。nod32不是老早就能查杀了吗？会不会是变种？
一会儿上传样本。正在杀毒。。。。

1111样本已经压缩了，解压后，把后缀该为rar即可。2222样本解压后即为文件夹。

[ 本帖最后由 小小爬蔷虎 于 2009-5-13 13:37 编辑 ]

wrq

样本同情中

einnawy

nis不报

328397663

原帖由 小小爬蔷虎 于 2009-5-13 12:40 发表
郁闷，装了nod32 4.0 最新的病毒库，仍然中招。换了小红伞，监控一直报。nod32不是老早就能查杀了吗？会不会是变种？
一会儿上传样本。正在杀毒。。。。

样本已经压缩了，解压后，把后缀该为rar即可。直接从小红 ...

上传源文件啊.

小小爬蔷虎

小红伞事件日志。
2009-5-13 11:37 [Guard] Malware found
      Virus or unwanted program 'TR/Drop.Trew.1 [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\SJGDSZQX\D55[1].exe.
      Action performed: Delete file
2009-5-13 11:37 [Guard] Malware found
      Virus or unwanted program 'TR/Drop.Trew.1 [trojan]'
      detected in file 'C:\WINDOWS\Temp\D55.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\6N8JARQ9\D54[1].exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\D54.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.NSPM.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\D53.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.NSPM.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\AXKXCHIT\D53[1].exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Dropper.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\K9A9SP07\D52[1].exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Dropper.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\D52.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Drop.Zena.A [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\SJGDSZQX\D51[1].exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Drop.Zena.A [trojan]'
      detected in file 'C:\WINDOWS\Temp\D51.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'DR/Smili.23552 [dropper]'
      detected in file 'C:\WINDOWS\Temp\D50.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'DR/Smili.23552 [dropper]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\6N8JARQ9\D50[1].exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A31.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\AXKXCHIT\A31[1].exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A30.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\K9A9SP07\A30[1].exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A29.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\SJGDSZQX\A29[1].exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A28.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\6N8JARQ9\A28[1].exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A27.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\AXKXCHIT\A27[1].exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A26.exe.
      Action performed: Delete file
2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\K9A9SP07\A26[1].exe.
      Action performed: Delete file

小小爬蔷虎

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A25.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\SJGDSZQX\A25[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A24.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\6N8JARQ9\A24[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A23.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\AXKXCHIT\A23[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A22.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\K9A9SP07\A22[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A21.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\SJGDSZQX\A21[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A13.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\6N8JARQ9\A13[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A20.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\AXKXCHIT\A20[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A19.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\K9A9SP07\A19[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A18.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\SJGDSZQX\A18[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A17.exe.
      Action performed: Deny access

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\6N8JARQ9\A17[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A16.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\AXKXCHIT\A16[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A15.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\K9A9SP07\A15[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A14.exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\SJGDSZQX\A14[1].exe.
      Action performed: Delete file

2009-5-13 11:36 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A12.exe.
      Action performed: Delete file

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\K9A9SP07\A10[1].exe.
      Action performed: Delete file

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\6N8JARQ9\A12[1].exe.
      Action performed: Delete file

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\AXKXCHIT\A11[1].exe.
      Action performed: Delete file

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\SJGDSZQX\A09[1].exe.
      Action performed: Delete file

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A11.exe.
      Action performed: Delete file

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A10.exe.
      Action performed: Deny access

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A09.exe.
      Action performed: Delete file

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A08.exe.
      Action performed: Delete file

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\6N8JARQ9\A08[1].exe.
      Action performed: Delete file

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\WINDOWS\Temp\A07.exe.
      Action performed: Deny access

2009-5-13 11:35 [Guard] Malware found
      Virus or unwanted program 'TR/Crypt.XDR.Gen [trojan]'
      detected in file 'C:\Documents and Settings\NetworkService\Local
      Settings\Temporary Internet Files\Content.IE5\AXKXCHIT\A07[1].exe.
      Action performed: Deny access

328397663

[:26:] 选几个/.放上来

sam.to

一楼附件的vt
https://www.virustotal.com/anali ... 115c180eaccd1fe9a4d

小小爬蔷虎

我已经上传源文件了。小红伞隔离区直接考过来，可能不行。
这是我刚按照你提供的连接扫的。https://www.virustotal.com/zh-cn/analisis/314219691cf180b22e7d9aec86a8f636

[ 本帖最后由 小小爬蔷虎 于 2009-5-13 13:45 编辑 ]

小小爬蔷虎

已经上传了，点的我手酸。