发一挂马链接

显示全部楼层 · 发表于 2007-2-28 13:41:45

http://www.zixue8.com/bak/bbs/yq/happy2.htm

是在打开

http://www.law.ac.cn/

的时候发现的

显示全部楼层 · 发表于 2007-2-28 13:43:16

不知是不是一年前的病毒
先发上来再说
nod和kis同时报了
不会提取
所以就发链接了

显示全部楼层 · 发表于 2007-2-28 14:06:17

Service load:  0%       100%

File:  happy2.rar
Status:  INFECTED/MALWARE
MD5  ba8d43483163ccccfb9bd52fddd07096
Packers detected:  -

Scanner results
Scan taken on 28 Feb 2007 05:58:59 (GMT)
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found JS/Psyme.BT@dl
F-Secure Anti-Virus  Found JS/Psyme.BT@dl, Trojan-Downloader.JS.Agent.bw
Fortinet  Found nothing
Kaspersky Anti-Virus  Found Trojan-Downloader.JS.Agent.bw
NOD32  Found nothing
Norman Virus Control  Found nothing
VirusBuster  Found JS.Psyme.CJ
VBA32  Found nothing

显示全部楼层 · 发表于 2007-2-28 14:55:24

确实有问题，不过antivir没报，上报了
把下载的东西也扔上来了

显示全部楼层 · 发表于 2007-2-28 15:13:59

McAfee 已自動封鎖並隔離特洛伊病毒。

詳細資料
偵測: Exploit-MS06-014.gen (特洛伊病毒)
檔案路徑: C:\Documents and Settings\all.HOME-\桌面\happy2.htm

xs.exe~miss已經上報可愛的QQ

显示全部楼层 · 发表于 2007-2-28 15:18:34

M版扔的生成物测试结果：
Virus check with AntiVirusKit
Version 17.0.6282
Virus signatures of 2/24/2007
Start time: 2/28/2007 15:16
Engine(s): Engine A (AVK 17.2920), Engine B (BD 17.2113)
Heuristic: On
Archives: On
System areas: On
Check system areas...
Check selected directories and files...
Object: xs.exe
In archive: C:\Documents and Settings\Administrator\桌面\xs.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.QQPass.sg (Engine A), Generic.PWS.WoW.016087BB (Engine B)
Object: happy2.htm
In archive: C:\Documents and Settings\Administrator\桌面\xs.rar
Status: Virus detected
Virus: Trojan-Downloader.JS.Agent.bw (Engine A)
Object: xs.rar
Path: C:\Documents and Settings\Administrator\桌面
Status: Move file into quarantine
Virus: Trojan-PSW.Win32.QQPass.sg, Trojan-Downloader.JS.Agent.bw (Engine A), Generic.PWS.WoW.016087BB (Engine B)
Analysis complete: 2/28/2007 15:16
1 files checked
1 infected files detected
0 suspected files detected

显示全部楼层 · 发表于 2007-2-28 15:32:12

发现恶意行为，试图下载一个EXE文件和一个VBS脚本到本地

mcafee阻止日志：
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\用户\桌面\Chenzi.exe
135FD 保护桌面设置

C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\用户\桌面\Chenzi.vbs
用户定义的规则:47FD C盘VBS文件管制

显示全部楼层 · 发表于 2007-2-28 15:37:23

把那个EXE文件和VBS脚本传上来

[ 本帖最后由小邪邪于 2007-2-28 15:43 编辑 ]

显示全部楼层 · 发表于 2007-2-28 15:48:32

脚本检测不出
============================
Archives: On
System areas: On

Check system areas...
Check selected directories and files...
Object: Chenzi.exe
      In archive: C:\Documents and Settings\Administrator\桌面\Chenzi.rar
      Status: Virus detected
     Virus: Trojan.Downloader.VB.ADO (Engine B)
Object: Chenzi.rar
      Path: C:\Documents and Settings\Administrator\桌面
      Status: Move file into quarantine
     Virus: Trojan.Downloader.VB.ADO (Engine B)
Analysis complete: 2/28/2007 15:48
1 files checked
1 infected files detected
0 suspected files detected

[ 本帖最后由 jlennon 于 2007-2-28 15:51 编辑 ]

显示全部楼层 · 发表于 2007-2-28 15:54:11

原帖由 mofunzone 于 2007-2-28 14:55 发表
确实有问题，不过antivir没报，上报了
把下载的东西也扔上来了

驱逐舰
nod32
费尔报毒

发一挂马链接

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源