4(45 楼有新)

显示全部楼层 · 发表于 2009-9-27 13:17:05

http://abn.dns0755.net/d/dd.exe

显示全部楼层 · 发表于 2009-9-27 14:01:46

b2cb9454628f6385a2a181a5bc05e5f4 3.css
to kl,ll,mcafee.eset,antivir,comodo

https://www.virustotal.com/anali ... 2da505c2-1254031279

http://virscan.org/report/38c75126d4ce1e761bb98e796d1deca4.html

The file '3.css2' has been determined to be 'UNDER ANALYSIS'.

http://sample.nod32.com.hk/index ... 385a2a181a5bc05e5f4

Hello,

3.css2 - Exploit.JS.Agent.apt

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

The file '3.css2' has been determined to be 'MALWARE'. Our analysts named the threat JS/Agent.onm. The term "JS/" denotes a Java scriptvirus.Detection will be added to our virus definition file (VDF) with one of the next updates.

[ 本帖最后由 sam.to 于 2009-9-29 18:20 编辑 ]

显示全部楼层 · 发表于 2009-9-27 23:59:12

b5f78378a040c52d0d4be2ef90d19b33 dd.exe
4b9ea8bf239c4047cc89a0385702eb25 ddd.exe
37bb3c920d114cffe5721b0cf0086f2c av3.swf
2881ea8781f73691abe446d1c7bf9777 av2.swf
1adc20c680c6480633f891f73b59b390 3.css
ba93175deb0680966d06d57ee7404691 2.css
4e6e18d3569e77fe5c067a13edee10a0 iie.swf
29b414f0368b9780028676f27f5eb29b fff.swf
e6f5a1e8ff579c3f8a84e26659766a1f x.js
58cc2d70523c503e6ee25f6ecebe3b06 av1.swf
to kl

2.css - Exploit.JS.Agent.apy
av1.swf - Exploit.JS.Agent.apz
x.js - Trojan-Downloader.JS.Iframe.bug

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

3.css - Exploit.JS.Agent.apt
dd.ex3e - Worm.Win32.AutoRun.axcu

At the moment these files are detected. Please update your antivirus bases.

av2.swf, av3.swf, ddd.e4xe, fff.swf, iie.swf

No malicious code were found in these files.

[ 本帖最后由 sam.to 于 2009-9-28 12:57 编辑 ]

显示全部楼层 · 发表于 2009-9-28 09:47:54

Avira AntiVir
8365410.rar
  [0] Archive type: RAR
--> av1.swf
   [DETECTION] Contains recognition pattern of the JS/Shellcode.M Java script virus
--> dd.ex3e
   [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
--> x.js
   [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
--> 2.css
   [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
--> av2.swf
   [DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE]    A backup was created as '4ae09eae.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2009-9-28 13:08:15

094d34eb97024f947904585f44a09d09 3.css
4178ecfbb8c580bb4bbe0dd670e7f27a x.js
5313c5dd9e634f9d63b1436558df5a52 ddd.exe2
843a02836ae348315f1e3269aed73bac dd.ex2e
be491ccf5ff01b6892966b1a7091e669 av1.swf
37bb3c920d114cffe5721b0cf0086f2c av3.swf
abcf8ef2c31807565ceb39b3744e97e8 av2.swf
ba93175deb0680966d06d57ee7404691 2.css
4e6e18d3569e77fe5c067a13edee10a0 iie.swf
29b414f0368b9780028676f27f5eb29b fff.swf

to kl

Hello,

2.css - Exploit.JS.Agent.apy,
3.css - Exploit.JS.Agent.aqc,
av1.swf, av2.swf - Exploit.JS.Agent.aqb,
dd.ex2e - Worm.Win32.AutoRun.axda,
x.js_ - Trojan.JS.Iframe.di

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

av3.swf, ddd.exe2, fff.swf, iie.swf

No malicious code were found in these files.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.
>

[ 本帖最后由 sam.to 于 2009-9-28 14:06 编辑 ]

显示全部楼层 · 发表于 2009-9-28 13:18:33

Avira AntiVir
g9875.rar
  [0] Archive type: RAR
--> av2.swf
   [DETECTION] Contains suspicious code HEUR/HTML.Malware
--> av1.swf
   [DETECTION] Contains recognition pattern of the JS/Shellcode.M Java script virus
--> dd.ex2e
   [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
--> x.js
   [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
--> 2.css
   [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
[NOTE]    A backup was created as '4ae0d001.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

[ 本帖最后由 benq80282 于 2009-9-28 13:19 编辑 ]

显示全部楼层 · 发表于 2009-9-28 18:01:02

eset
g9875.rar > RAR > dd.ex2e - 可能是 Win32/AutoRun.Agent.IE 蠕虫的变种 - 是已删除对象的一部分

显示全部楼层 · 发表于 2009-9-29 00:16:30

2dfb36ba5dcef933a39bc5767c6d56a4 av1.swf
abcf8ef2c31807565ceb39b3744e97e8 av2.swf
ef552bfdbd99a815dd6f8c66b6216b93 2.css
4e6e18d3569e77fe5c067a13edee10a0 iie.swf
29b414f0368b9780028676f27f5eb29b fff.swf
3540c621bb2d6d6049ef1def3dd54f51 x.js
5368e6b4df849be1e9b56a5becf018da dd.ex2e
to kl,ll

Hello,

2.css - Exploit.JS.Agent.aqd
x.js - Trojan-Downloader.JS.Iframe.bup

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

av1.swf, av2.swf - Exploit.JS.Agent.aqb
dd.ex2e - Worm.Win32.AutoRun.axdc

At the moment these files are detected. Please update your antivirus bases.

fff.swf, iie.swf

No malicious code were found in these files.

[ 本帖最后由 sam.to 于 2009-9-29 13:49 编辑 ]

显示全部楼层 · 发表于 2009-9-29 03:19:35

诺顿

显示全部楼层 · 发表于 2009-9-29 12:10:05

19fe108dacbb00ea89efbd89901cea75  x.js
ef552bfdbd99a815dd6f8c66b6216b93  2.css
b9883405bc98418a1ae838cabfe68660  3.css
859731506324f9283185c952b42b0bac  av2.swf
37bb3c920d114cffe5721b0cf0086f2c  av3.swf
2b386901cc2bea699bb2621e4ced7ff5  av1.swf
d2ce01462e89d05d851cdd4c2e1dedce  dd.exe
to kl,ll

2.css detected       Exploit.JS.Agent.aqd
3.css detected       Trojan.JS.Agent.apr
av1.swf detected       Exploit.JS.DirektShow.ap
av2.swf detected       Exploit.JS.DirektShow.ao
av3.swf detected       Exploit.JS.DirektShow.aq
dd.ex2e detected       Worm.Win32.AutoRun.axee
x.js_ detected       Trojan-Downloader.JS.Iframe.bup

[ 本帖最后由 sam.to 于 2009-10-1 12:06 编辑 ]

[病毒样本] 4(45 楼有新)

本帖子中包含更多资源

本帖子中包含更多资源

回复 13楼 sam.to 的帖子

本帖子中包含更多资源

回复 15楼 sam.to 的帖子

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源