U盘病毒......NDO过 ......Rising杀

显示全部楼层 · 发表于 2009-8-1 14:56:25

U盘被人借去的.....结果ESET套装就报了个Auto.....我开隐藏文件才发现的.....1.3M 分卷传了

[ 本帖最后由 kasdywxx 于 2009-8-1 14:57 编辑 ]

显示全部楼层 · 发表于 2009-8-1 15:02:09

显示全部楼层 · 发表于 2009-8-1 15:03:28

VirSCAN.org Scanned Report :
Scanned time : 2009/08/01 14:36:14 (CST)
Scanner results: 51% Scanner(19/37) found malware!
File Name    : Recycle.exe
File Size    : 1406915 byte
File Type    : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5          : baacb24727a123db423d9e9a25aca6af
SHA1          : 75a33ebdd44bcc50d23eb3f201048590d6943a3b
Online report  : http://virscan.org/report/0abdd3604429eae7cd4a9d77a8634bc6.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    4.5.0.3       20090731163245 2009-07-31  0.67 Trojan.Peed!IK
AhnLab V3    2009.07.31.04 2009.07.31       2009-07-31  0.77 -
AntiVir       8.2.0.238    7.1.5.57       2009-07-31  2.75 TR/Dropper.Gen
Antiy       2.0.18       20090801.2664522  2009-08-01  0.23 -
Arcavir       2009          200907311811    2009-07-31  0.11 Heur.W32
Authentium    5.1.1          200907311707    2009-07-31  1.21 W32/Nuj.A.gen!Eldorado (Possible)
AVAST!       4.7.4          090731-0       2009-07-31  0.05 -
AVG          8.5.288       270.13.38/2274 2009-07-31  1.69 -
BitDefender 7.81008.3870356 7.26928          2009-08-01  3.83 Dropped:Trojan.Peed.Gen
CA (VET)    9.0.0.143    31.6.6649       2009-08-01  8.83 -
ClamAV       0.95.2       9640             2009-08-01  0.23 -
Comodo       3.10          1832             2009-08-01  0.82 -
CP Secure    1.1.0.715    2009.08.01       2009-08-01  12.21  -
Dr.Web       4.44.0.9170    2009.08.01       2009-08-01  5.37 -
F-Prot       4.4.4.56       20090731       2009-07-31  1.20 W32/Nuj.A.gen!Eldorado (generic, not disinfectable)
F-Secure    7.02.73807    2009.07.29.10    2009-07-29  0.26 Trojan-Dropper.Win32.Flystud.yo [AVP]
Fortinet    2.81-3.120    10.666          2009-07-31  0.31 -
GData       19.6797/19.421  20090801       2009-08-01  5.31 -
ViRobot       20090730       2009.07.30       2009-07-30  0.45 -
Ikarus       T3.1.01.64    2009.07.31.73137  2009-07-31  4.85 Trojan.Peed
JiangMin    11.0.800       2009.08.01       2009-08-01  3.53 TrojanDropper.Flystud.oz
Kaspersky    5.5.10       2009.08.01       2009-08-01  0.15 Trojan-Dropper.Win32.Flystud.yo
KingSoft    2009.2.5.15    2009.7.31.18    2009-07-31  1.01 Win32.Troj.FakeFolderT.yo.1406378
McAfee       5.3.00       5694             2009-07-31  2.96 W32/Autorun.worm.ev
Microsoft    1.4903       2009.07.31       2009-07-31  5.01 Backdoor:Win32/FlyAgent.F
Norman       6.01.09       6.01.00          2009-07-31  6.01 -
Panda       9.05.01       2009.07.31       2009-07-31  2.39 -
Trend Micro 8.700-1004    6.336.17       2009-07-31  0.07 -
Quick Heal    10.00          2009.07.30       2009-07-30  1.60 TrojanDropper.Flystud.ko
Rising       20.0          21.40.44.00    2009-07-31  1.21 Trojan.Win32.ECode.ee
Sophos       2.89.1       4.44             2009-08-01  2.75 Mal/EncPk-GF
Sunbelt       5301          5301             2009-07-30  1.28 -
Symantec    1.3.0.24       20090731.004    2009-07-31  0.56 -
nProtect    20090731.01    4987030          2009-07-31  6.83 Dropped:Trojan.Peed.Gen
The Hacker    6.3.4.3       v00375          2009-07-31  0.98 -
VBA32       3.12.10.9    20090730.1435    2009-07-30  1.80 Trojan-Dropper.Win32.Flystud.ko
VirusBuster 4.5.11.10    10.110.1/1825217  2009-07-31  2.19 Backdoor.FlyAgent.BBK

显示全部楼层 · 发表于 2009-8-1 15:07:14

DR.WEB
\Recycle.exe - infected with Win32.HLLW.Autoruner.4360

显示全部楼层 · 发表于 2009-8-1 15:07:35

又见peed，说实在的，nod32对peed真不敏感

[ 本帖最后由 schumi小粉于 2009-8-1 15:10 编辑 ]

显示全部楼层 · 发表于 2009-8-1 16:02:38

2003-01-01 05:47:22 文件保护(创建文件)    操作:阻止并结束进程
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.860\Recycle.exe
文件路径:C:\WINDOWS\system32\389720\A75384.EXE
2003-01-01 05:47:22 应用程序保护(运行应用程序)    操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.860\Recycle.exe
文件路径:C:\WINDOWS\explorer.exe
命令行:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.860\
2003-01-01 05:47:22 文件保护(创建文件)    操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.860\Recycle.exe
文件路径:C:\WINDOWS\system32\4CB0A6\
2003-01-01 05:47:22 文件保护(创建文件)    操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.860\Recycle.exe
文件路径:C:\WINDOWS\system32\8B2B7A\
2003-01-01 05:47:22 文件保护(创建文件)    操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.860\Recycle.exe
文件路径:C:\WINDOWS\system32\14B7E2\
2003-01-01 05:47:22 文件保护(创建文件)    操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.860\Recycle.exe
文件路径:C:\WINDOWS\system32\389720\

显示全部楼层 · 发表于 2009-8-1 16:18:21

2009-08-01 16:16:26 D:\My Documents\桌面\test\Recycle\Recycle.exe Dropped:Trojan.Peed.Gen 已删除

显示全部楼层 · 发表于 2009-8-1 17:25:53

程序：
F:\过微点\RECYCLE.EXE
木马程序生成以下文件：
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\E_N4\HTMLVIEW.FNE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\E_N4\DP1.FNE
3) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\E_N4\SHELL.FNE
4) C:\WINDOWS\SYSTEM32\C93BB8\9C23D9.EXE
5) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\E_N4\INTERNET.FNE
6) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\E_N4\EAPI.FNE
7) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\E_N4\SPEC.FNE
8) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL
SETTINGS\TEMP\E_N4\CNVPE.FNE
9) C:\WINDOWS\SYSTEM32\8908A2\HTMLVIEW.FNE
10) C:\WINDOWS\SYSTEM32\8908A2\INTERNET.FNE
11) C:\WINDOWS\SYSTEM32\8908A2\EAPI.FNE
12) C:\WINDOWS\SYSTEM32\8908A2\DP1.FNE
13) C:\WINDOWS\SYSTEM32\8908A2\SHELL.FNE
14) C:\WINDOWS\SYSTEM32\8908A2\SPEC.FNE
15) C:\WINDOWS\SYSTEM32\8908A2\CNVPE.FNE
是否删除木马程序及其衍生物?

好大的动作

显示全部楼层 · 发表于 2009-8-1 17:46:38

哎呀……5楼跟我现在用的主题一样，我VS套装主题~

显示全部楼层 · 发表于 2009-8-1 17:48:09

To 8 L

全都是易语言的库文件吧……动作很一般。

KIS连分卷都杀……= =？这也太……我只点了Part1就全Over了……

[病毒样本] U盘病毒......NDO过 ......Rising杀

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

360杀毒