[病毒样本] 2p

显示全部楼层 · 发表于 2009-5-16 11:33:51

生成物

显示全部楼层 · 发表于 2009-5-16 11:35:34

D:\kafan\2p\ad.exe
[DETECTION] Is the TR/Downloader.Gen Trojan

显示全部楼层 · 发表于 2009-5-16 11:38:09

Starting the file scan:

Begin scan in 'D:\kafan\2pe'
D:\kafan\2pe\s0.exe
[DETECTION] Is the TR/PSW.LdPinch.jm1 Trojan
[NOTE]    The file was deleted!
D:\kafan\2pe\s1.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\2pe\s2.exe
[DETECTION] Is the TR/Crypt.UPKM.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\2pe\s3.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\2pe\s4.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: CAB (Microsoft)
      --> svchost.exe
      [DETECTION] Is the TR/Dldr.Agent.xsd Trojan
[NOTE]    The file was deleted!
D:\kafan\2pe\s5.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
[NOTE]    The file was deleted!
D:\kafan\2pe\s6.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!

End of the scan: 2009年5月16日  11:40
Used time: 00:04 Minute(s)

The scan has been done completely.

   1 Scanned directories
   12 Files were scanned
   7 Viruses and/or unwanted programs were found
   0 Files were classified as suspicious
   7 files were deleted
   0 Viruses and unwanted programs were repaired
   0 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   1 Archives were scanned
   0 Warnings
   7 Notes

显示全部楼层 · 发表于 2009-5-16 11:48:45

Win32:Microjoin-DE [Trj]

显示全部楼层 · 发表于 2009-5-16 11:51:18

C:\Users\BOBO\Desktop\2pe\1 - 正常
C:\Users\BOBO\Desktop\2pe\hysetup.exe - 正常
C:\Users\BOBO\Desktop\2pe\s0.exe - 可能是 Win32/TrojanDropper.Agent.NNO 特洛伊木马的变种 - 扫描完成后再选择处理方式
C:\Users\BOBO\Desktop\2pe\s1.exe - Win32/Agent.PJI 特洛伊木马 - 扫描完成后再选择处理方式
C:\Users\BOBO\Desktop\2pe\s2.exe - Win32/AutoRun.Delf.AK 蠕虫的变种 - 扫描完成后再选择处理方式
C:\Users\BOBO\Desktop\2pe\s3.exe > FSG v2.0 - 正常
C:\Users\BOBO\Desktop\2pe\s4.exe > UPX v12_m2 > CAB > internet.exe > UPX v12_m2 - 正常
C:\Users\BOBO\Desktop\2pe\s4.exe > UPX v12_m2 > CAB > svchost.exe - Win32/Kryptik.OA.Gen 特洛伊木马
C:\Users\BOBO\Desktop\2pe\s4.exe > CAB > internet.exe > UPX v12_m2 - 正常
C:\Users\BOBO\Desktop\2pe\s4.exe > CAB > svchost.exe - Win32/Kryptik.OA.Gen 特洛伊木马
C:\Users\BOBO\Desktop\2pe\s5.exe > AUTOIT > script.au3 - 正常
C:\Users\BOBO\Desktop\2pe\s5.exe > AUTOIT > file.bin - 正常
C:\Users\BOBO\Desktop\2pe\s6.exe - Win32/Injector.AQ 特洛伊木马的变种 - 扫描完成后再选择处理方式
C:\Users\BOBO\Desktop\2pe\s7.exe - 正常

显示全部楼层 · 发表于 2009-5-16 11:59:26

1楼伞杀之
         [检测]       Is the TR/Downloader.Gen Trojan

2楼伞杀之
      [检测]       Is the TR/PSW.LdPinch.jm1 Trojan
--> 2pe\s1.exe
   [检测]       Is the TR/Spy.Gen Trojan
--> 2pe\s2.exe
   [检测]       Is the TR/Crypt.UPKM.Gen Trojan
--> 2pe\s3.exe
   [检测]       Is the TR/Dropper.Gen Trojan
--> 2pe\s4.exe
   --> Object
      [2] 压缩文档类型: RSRC
      --> Object
      [3] 压缩文档类型: CAB (Microsoft)
      --> svchost.exe
         [检测]       Is the TR/Dldr.Agent.xsd Trojan
[注意]       备份创建为 '4a733a48.qua'  ( 隔离 )
[注意]       此文件已被删除！

显示全部楼层 · 发表于 2009-5-16 13:42:27

[:26:] 二楼

G DATA 杀出

2pe[1].part1
1个

2pe[1].part2

3个

显示全部楼层 · 发表于 2009-5-16 13:43:37

1楼杀
1个

显示全部楼层 · 发表于 2009-5-16 14:47:20

Result: 1 malware found
Generic.Malware.dld!!.3E1EA864 (virus)

C:\Documents and Settings\sk\桌面\virus\16\2p\ad.exe Action: deleted

Result: 4 malware found

MemScan:Trojan.Downloader.JLUS (virus)

C:\Documents and Settings\sk\桌面\virus\16\2pe\s0.exe Action: deleted

Generic.Malware.SP!dldspg.29FD65EE (virus)

C:\Documents and Settings\sk\桌面\virus\16\2pe\s2.exe Action: deleted

GenPack:Generic.Rincux2.730FD74B (virus)

C:\Documents and Settings\sk\桌面\virus\16\2pe\s4.exe Action: deleted

Trojan.Injector.AQ (virus)

C:\Documents and Settings\sk\桌面\virus\16\2pe\s6.exe Action: deleted

Scanning Engines:

F-Secure Aquarius: 11.00.00, 2009-05-14
F-Secure Hydra: 3.08.9080, 2009-05-15

[病毒样本] 2p

本帖子中包含更多资源

本帖子中包含更多资源

回复 2楼 hddu 的帖子

浏览过的版块