1x (kaba miss) 3L附上其所下载的木马群病毒样本

显示全部楼层 · 发表于 2009-6-11 15:59:56

刚才没事在论坛闲逛，看到http://bbs.kafan.cn/thread-496822-1-1.html这个网址中，提供的病毒下载地址，没事就下载回来，测测杀毒软件……

没想到kaba又被做了免杀，上报kaba 查杀！(有释放病毒样本的行为……）

[ 本帖最后由幸福的猪猪于 2009-6-11 16:49 编辑 ]

显示全部楼层 · 发表于 2009-6-11 16:15:21

a virus or unwanted program 'TR/Crypt.FKM.Gen' [trojan] was found.

显示全部楼层 · 发表于 2009-6-11 16:44:31

http://www.2a8k.cn/d/1.exe
http://www.2a8k.cn/d/2.exe
http://www.2a8k.cn/d/3.exe
http://www.2a8k.cn/d/4.exe
http://www.2a8k.cn/d/5.exe
http://www.2a8k.cn/d/6.exe
http://www.2a8k.cn/d/7.exe
http://www.2a8k.cn/d/8.exe
http://www.2a8k.cn/d/9.exe
http://www.2a8k.cn/d/10.exe
http://www.2a8k.cn/d/11.exe
http://www.2a8k.cn/d/12.exe
http://www.2a8k.cn/d/13.exe
http://www.2a8k.cn/d/14.exe
http://www.2a8k.cn/d/15.exe
http://www.2a8k.cn/d/16.exe
http://www.2a8k.cn/d/17.exe
http://www.2a8k.cn/d/18.exe
http://www.2a8k.cn/d/19.exe
http://www.2a8k.cn/d/20.exe
http://www.2a8k.cn/d/21.exe
http://www.2a8k.cn/d/22.exe
http://www.2a8k.cn/d/23.exe
http://www.2a8k.cn/d/24.exe
http://www.2a8k.cn/d/25.exe
http://www.2a8k.cn/d/26.exe
http://www.2a8k.cn/d/27.exe
http://www.2a8k.cn/d/28.exe
http://www.2a8k.cn/d/29.exe
http://www.2a8k.cn/d/30.exe
http://www.2a8k.cn/d/31.exe
http://www.2a8k.cn/d/32.exe
http://www.2a8k.cn/d/33.exe
http://www.2a8k.cn/d/34.exe
http://www.2a8k.cn/d/35.exe
http://www.2a8k.cn/d/36.exe
http://www.2a8k.cn/d/37.exe
http://www.2a8k.cn/d/39.exe
http://www.2a8k.cn/d/50.exe
http://www.2a8k.cn/d/51.exe

连续替换差不多十个代理地址，才全部给下载回来！
木马群样本的下载列表地址：http://www.2a8k.cn/mei.txt

kaba miss 4x，to kill ！url to kaba！

样本全部打包上报！（40x）

[ 本帖最后由幸福的猪猪于 2009-6-11 16:51 编辑 ]

显示全部楼层 · 发表于 2009-6-11 16:45:34

sophos miss~

显示全部楼层 · 发表于 2009-6-11 16:54:08

"C:\Documents and Settings\Administrator\桌面\TDDownload.zip:\TDDownload\abcd.exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\桌面\TDDownload.zip";"Virus identified Win32/Cryptor";"Moved to Virus Vault"

显示全部楼层 · 发表于 2009-6-11 17:13:14

nod miss

显示全部楼层 · 发表于 2009-6-11 17:15:39

11:06:2009 17:14:40 SEARCHTASK "USER_DEFINED" started...
scan item: E:\123
File scanned: E:\123\1.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\10.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: E:\123\11.exe - SIGNATURE FOUND "Trojan-Dropper.OnLineGames"
File scanned: E:\123\12.exe - SIGNATURE FOUND "Trojan-PWS.Win32.QQPass"
File scanned: E:\123\13.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\14.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\15.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\16.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\17.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\18.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\19.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\2.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\20.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\21.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\22.exe - SIGNATURE FOUND "Trojan-Dropper.Agent"
File scanned: E:\123\23.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: E:\123\24.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\25.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\26.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\27.exe - SIGNATURE FOUND "Trojan-GameThief.Win32.WOW"
File scanned: E:\123\29.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\3.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\30.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: E:\123\31.exe - SIGNATURE FOUND "Trojan-PWS.Win32.Small"
File scanned: E:\123\32.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: E:\123\33.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\34.exe - SIGNATURE FOUND "Win32.SuspectCrc"
File scanned: E:\123\35.exe - SIGNATURE FOUND "Virus.Win32.JunkPoly"
File scanned: E:\123\36.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\37.exe - SIGNATURE FOUND "Win32.SuspectCrc"
File scanned: E:\123\39.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: E:\123\4.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\5.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\50.exe - SIGNATURE FOUND "Trojan.Win32.Agent"
File scanned: E:\123\51.exe - SIGNATURE FOUND "Trojan.Win32.Glox"
File scanned: E:\123\6.exe - SIGNATURE FOUND "Trojan-Dropper.OnLineGames"
File scanned: E:\123\7.exe - SIGNATURE FOUND "Generic.Onlinegames"
File scanned: E:\123\8.exe - SIGNATURE FOUND "Trojan-PWS.Win32.LdPinch"
File scanned: E:\123\9.exe - SIGNATURE FOUND "Trojan-GameThief.Win32.OnLineGames"
11:06:2009 17:14:41 SEARCHTASK "USER_DEFINED" FINISHED...
----------------------------------------------------
Directories scanned: 1
Files scanned: 40
Virus found: 39
----------------------------------------------------

显示全部楼层 · 发表于 2009-6-11 21:01:30

DR.WEB
To MISS
1.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12057;Deleted.;
10.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12034;Deleted.;
11.exe\data001;C:\Documents and Settings\all\桌面\123\11.exe;Trojan.Starter.1020;;
11.exe/data002\data001;C:\Documents and Settings\all\桌面\123\11.exe/data002;Trojan.PWS.Gamania.18902;;
data002;C:\Documents and Settings\all\桌面\123;Container contains infected objects;;
11.exe;C:\Documents and Settings\all\桌面\123;Container contains infected objects;Deleted.;
12.exe;C:\Documents and Settings\all\桌面\123;Trojan.MulDrop.31900;Deleted.;
13.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.11724;Deleted.;
14.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12056;Deleted.;
15.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12058;Deleted.;
16.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12041;Deleted.;
17.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12035;Deleted.;
18.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.11781;Deleted.;
19.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12035;Deleted.;
2.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.11386;Deleted.;
20.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12056;Deleted.;
21.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12056;Deleted.;
22.exe;C:\Documents and Settings\all\桌面\123;Probably BACKDOOR.Trojan;Renamed.;
23.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12059;Deleted.;
24.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.11386;Deleted.;
25.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12056;Deleted.;
26.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.11806;Deleted.;
27.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Gamania.18753;Deleted.;
28.exe\data001;C:\Documents and Settings\all\桌面\123\28.exe;Trojan.PWS.Wsgame.11749;;
28.exe;C:\Documents and Settings\all\桌面\123;Container contains infected objects;Deleted.;
29.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12035;Deleted.;
3.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12059;Deleted.;
30.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12059;Deleted.;
32.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12059;Deleted.;
33.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.11809;Deleted.;
34.exe\data001;C:\Documents and Settings\all\桌面\123\34.exe;Trojan.PWS.Gamania.origin;;
34.exe\data002;C:\Documents and Settings\all\桌面\123\34.exe;Trojan.Starter.1022;;
34.exe;C:\Documents and Settings\all\桌面\123;Container contains infected objects;Deleted.;
36.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Gamania.19056;Deleted.;
37.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Qqpass.2772;Deleted.;
39.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12034;Deleted.;
4.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12056;Deleted.;
5.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12035;Deleted.;
50.exe;C:\Documents and Settings\all\桌面\123;BackDoor.Generic.1928;Deleted.;
51.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Gamania.19070;Deleted.;
6.exe\data001;C:\Documents and Settings\all\桌面\123\6.exe;Trojan.Starter.979;;
6.exe/data002\data001;C:\Documents and Settings\all\桌面\123\6.exe/data002;Trojan.PWS.Wsgame.12038;;
data002;C:\Documents and Settings\all\桌面\123;Container contains infected objects;;
6.exe;C:\Documents and Settings\all\桌面\123;Container contains infected objects;Deleted.;
7.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12034;Deleted.;
8.exe;C:\Documents and Settings\all\桌面\123;Trojan.PWS.Wsgame.12035;Deleted.;
9.exe\data001;C:\Documents and Settings\all\桌面\123\9.exe;Trojan.PWS.Wsgame.11749;;
9.exe;C:\Documents and Settings\all\桌面\123;Container contains infected objects;Deleted.;

显示全部楼层 · 发表于 2009-6-11 21:49:12

to McAfee

显示全部楼层 · 发表于 2009-6-11 22:15:04

2009-06-11 22:14:50 D:\TDDownload\123\31.exe>>Resource\Res37016, Malware.Win32.Suspect.f, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\9.exe, Trojan-PSW.Win32.OLGames.tfm, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\8.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\7.exe, Trojan-PSW.Win32.Magania.msp, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\6.exe, Trojan-Dropper.Win32.Delf.xdk, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\51.exe, Malware.Win32.Suspect.b, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\50.exe, Trojan.Win32.VB.ldc, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\5.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\4.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\39.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\37.exe, Trojan-PSW.Win32.Agent.hhj, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\36.exe, Trojan-PSW.Win32.Magania.nbf, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\35.exe, Trojan-PSW.Win32.Agent.hdt, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\34.exe, Malware.Win32.Suspect.f, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\33.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\32.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\30.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\3.exe, Trojan-PSW.Win32.Magania.nbv, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\29.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\28.exe, Trojan-PSW.Win32.OLGames.tfm, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\27.exe, Trojan-PSW.Win32.WOW.pyj, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\26.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\25.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\24.exe, Trojan-PSW.Win32.Delf.tac, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\23.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\22.exe, Trojan-Dropper.Win32.Agent.ahbl, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\21.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\20.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\2.exe, Trojan-PSW.Win32.Delf.tac, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\19.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\18.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\17.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\16.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\15.exe, Trojan-PSW.Win32.Magania.nbx, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\14.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\13.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\12.exe, Trojan-PSW.Win32.QQPass.ntb, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\11.exe, Trojan-PSW.Win32.OnLineGames.ehve, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\10.exe, Trojan-PSW.Win32.Magania.nby, 成功删除
2009-06-11 22:14:50 D:\TDDownload\123\1.exe, Trojan-PSW.Win32.OLGames.taw, 成功删除

[病毒样本] 1x (kaba miss) 3L附上其所下载的木马群病毒样本

本帖子中包含更多资源

本帖子中包含更多资源