4(45 楼有新)

显示全部楼层 · 发表于 2009-9-29 12:42:34

Avira AntiVir
452104710.rar
  [0] Archive type: RAR
--> dd.ex2e
   [DETECTION] Is the TR/Hijacker.Gen Trojan
--> x.js
   [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
--> 2.css
   [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
--> av2.swf
   [DETECTION] Contains suspicious code HEUR/HTML.Malware
--> av1.swf
   [DETECTION] Contains recognition pattern of the JS/Shellcode.M Java script virus
[NOTE]    A backup was created as '4ae218d3.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

9876543.rar
  [0] Archive type: RAR
--> dd.ex2e
   [DETECTION] Is the TR/Hijacker.Gen Trojan
--> x.js
   [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
--> 2.css
   [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
--> av2.swf
   [DETECTION] Contains suspicious code HEUR/HTML.Malware
--> av1.swf
   [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
[NOTE]    A backup was created as '4af8903a.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2009-9-29 12:49:18

很好解压沙盘卡了一下然后kav报毒这个穿沙盘吗？
病毒 2009-09-29 12:42:17 病毒在文件C:\Sandbox\Administrator\DefaultBox\drive\G\TEST\dd.ex2e中 Win32.Troj.DownGIRL.131072(木马程序) 处理成功（操作：删除）

显示全部楼层 · 发表于 2009-9-29 12:50:39

。。。。。。。估计要出问题了

显示全部楼层 · 发表于 2009-9-29 17:40:39

859731506324f9283185c952b42b0bac av2.swf
fbc242888d1256c177183f71315b0f4c 3.css
da26cc430c8fcd61af4726f2eaa8c880 2.css
a072dde7d27c190b5b2c34cd0e3c3f05 x.js
34dcc65dccae4e36026d07b5b4a8caa1 dd.exe
eb8e5a03e4ea3cebea040359d0a4b515 av1.swf
37bb3c920d114cffe5721b0cf0086f2c av3.swf
to kl,ll

显示全部楼层 · 发表于 2009-9-29 22:51:03

Microsoft Security Essentials一个

显示全部楼层 · 发表于 2009-9-30 10:51:27

Avira AntiVir
werty34.rar
  [0] Archive type: RAR
--> dd.ex2e
   [DETECTION] Is the TR/Hijacker.Gen Trojan
--> x.js
   [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
--> 2.css
   [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
--> av2.swf
   [DETECTION] Contains suspicious code HEUR/HTML.Malware
--> av1.swf
   [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
[NOTE]    A backup was created as '4ae3507d.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2009-9-30 12:29:54

14af940a17a2f08381970c9e67791a80 x.js2
to kl

显示全部楼层 · 发表于 2009-9-30 14:29:37

Avira AntiVir
x.zip
  [0] Archive type: ZIP
--> x.js2
   [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE]    A backup was created as '4ae383a6.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2009-9-30 14:31:38

原始 - hxxp://abu.dns0755.net/365/360.htm
开始自动解析 - hxxp://abu.dns0755.net/365/360.htm
L1 - 正在解析 hxxp://abu.dns0755.net/365/iie.swf
L1 - 正在解析 hxxp://abu.dns0755.net/365/fff.swf
L1 - hxxp://abu.dns0755.net/365/yt.htm
L1 - hxxp://abu.dns0755.net/365/aa.js
L1 - 正在解析 hxxp://abu.dns0755.net/365/<EMBED src=iie.swf
L1 - 正在解析 hxxp://abu.dns0755.net/365/<EMBED src=fff.swf
L2 - hxxp://abu.dns0755.net/365/yt.js
L2 - hxxp://abu.dns0755.net/365/xie.htm
L2 - hxxp://abu.dns0755.net/365/office.htm
L2 - hxxp://abu.dns0755.net/365/newlz.htm
L2 - hxxp://abu.dns0755.net/365/of.htm
L2 - hxxp://abu.dns0755.net/365/bf.htm
L2 - hxxp://abu.dns0755.net/365/aa.htm
L3 - hxxp://abu.dns0755.net/365/3.htm
L3 - hxxp://abu.dns0755.net/365/4.htm
L3 - 正在解析 hxxp://abu.dns0755.net/365/av0.swf
L3 - 正在解析 hxxp://abu.dns0755.net/365/av1.swf
L3 - 正在解析 hxxp://abu.dns0755.net/365/av3.swf
L3 - 正在解析 hxxp://abu.dns0755.net/365/av2.swf
L3 - hxxp://abu.dns0755.net/365/newlz.js
L3 - hxxp://abu.dns0755.net/365/newlz.css
自动解析 - Auto XOR - 高度可疑 - hxxp://abu.dns0755.net/e/dd.exe
L4 - hxxp://abu.dns0755.net/365/2.css
自动解析 - Auto XOR - 高度可疑 - hxxp://abu.dns0755.net/e/dd.exe

输出的对象 - hxxp://abu.dns0755.net/e/dd.exe

此分析日志由 Illusion Wing 使用 Astox v1 Build 1220 在 2002年1月2日4时51分51秒生成。

显示全部楼层 · 发表于 2009-9-30 15:02:29

859731506324f9283185c952b42b0bac av2.swf
d664f201f17f990fc474641515fe327d 2.css
4e6e18d3569e77fe5c067a13edee10a0 iie.swf
29b414f0368b9780028676f27f5eb29b fff.swf
09b3f69453f3d8939ce0bf7790c3f096 dd.ex2e
ca16248794a923ffbcf66e5b2df2f485 av1.swf
37bb3c920d114cffe5721b0cf0086f2c av3.swf
fc0170da38fa58429c409b0b563deacb 3.css
to kl

2.css - Exploit.JS.Ssreader.a
3.css - Exploit.JS.RealPlr.qw
av1.swf - Exploit.JS.DirektShow.ap
av2.swf - Exploit.JS.DirektShow.ao
av3.swf - Exploit.JS.DirektShow.aq
dd.ex2e - Trojan-Downloader.Win32.Geral.hxr

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

fff.swf, iie.swf

No malicious code were found in these files.

[ 本帖最后由 sam.to 于 2009-9-30 17:28 编辑 ]

[病毒样本] 4(45 楼有新)

回复 18楼 20楼 sam.to 的帖子

回复 20楼 sam.to 的帖子

本帖子中包含更多资源

本帖子中包含更多资源

回复 24楼 sam.to 的帖子

本帖子中包含更多资源

回复 27楼 sam.to 的帖子

本帖子中包含更多资源