收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 QQ抢车位司机2009改进版
12下一页
返回列表 发新帖
查看: 5536|回复: 13
收起左侧

[可疑文件] QQ抢车位司机2009改进版

[复制链接]
zhb0128
头像被屏蔽
发表于 2009-10-7 13:20:11 | 显示全部楼层 |阅读模式
文件 QQ_______________2009_________.ra 接收于 2009.10.07 05:15:34 (UTC)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止

结果: 12/41 (29.27%)

正在读取服务器信息中...
您的文件所排队列位置: 3.
预计开始时间为 60 和 85 秒之间.
扫描完成前请勿关闭窗口.
目前针对您的文件所进行的扫描进程已停止, 我们将会在稍后恢复.
如果您的等候时间超过 5 分钟, 请重新发送文件.
您的文件目前正在被 VirusTotal 扫描中,
结果将会稍后完成时生成.
格式化文本
打印结果


您的文件已过期或不存在.
目前服务已停止, 您的文件将会稍后的未知时间内进行扫描 (位置:
). 您可以继续等待回应 (自动读取) 或者在下面的表单内输入您的电子邮件地址, 并按下 "获取", 当扫描完成时, 系统会自动给您发送电子邮件通知.  
Email:



反病毒引擎版本最后更新扫描结果
a-squared4.5.0.412009.10.07-
AhnLab-V35.0.0.22009.10.06-
AntiVir7.9.1.332009.10.06-
Antiy-AVL2.0.3.72009.10.05-
Authentium5.1.2.42009.10.07W32/Sisron.A!Generic
Avast4.8.1351.02009.10.06-
AVG8.5.0.4202009.10.04-
BitDefender7.22009.10.07-
CAT-QuickHeal10.002009.10.07-
ClamAV0.94.12009.10.05-
Comodo25242009.10.06-
DrWeb5.0.0.121822009.10.06-
eSafe7.0.17.02009.10.06-
eTrust-Vet35.1.70542009.10.06-
F-Prot4.5.1.852009.10.06W32/Sisron.A!Generic
F-Secure8.0.14470.02009.10.07Trojan-Dropper.Win32.Agent.bffb
Fortinet3.120.0.02009.10.06-
GData192009.10.07-
IkarusT3.1.1.72.02009.10.07Trojan-Dropper.Agent
Jiangmin11.0.8002009.10.06Heur:TrojanDropper.Agent
K7AntiVirus7.10.8632009.10.06-
Kaspersky7.0.0.1252009.10.07Trojan-Dropper.Win32.Agent.bffb
McAfee57632009.10.06-
McAfee+Artemis57632009.10.06Artemis!ED95EF7583B1
McAfee-GW-Edition6.8.52009.10.07-
Microsoft1.51012009.10.06TrojanDropper:Win32/Jadtre.B
NOD3244852009.10.06-
Norman6.01.092009.10.06-
nProtect2009.1.8.02009.10.06-
Panda10.0.2.22009.10.06-
PCTools4.4.2.02009.10.06-
Prevx3.02009.10.07-
Rising21.49.22.002009.09.30-
Sophos4.45.02009.10.07Mal/Generic-A
Sunbelt3.2.1858.22009.10.07Trojan-Dropper.Win32.Agent
Symantec1.4.4.122009.10.07Trojan.Dropper
TheHacker6.5.0.2.0322009.10.06-
TrendMicro8.950.0.10942009.10.07-
VBA323.12.10.112009.10.05suspected of Win32.Trojan.Downloader (http://...)
ViRobot2009.10.6.19722009.10.06-
VirusBuster4.6.5.02009.10.06-
附加信息
File size: 151503 bytes
MD5...: eec379f125cd4708c822ec24637ed48f
SHA1..: 1f3d194b190357e6cc1bd99737bcfa26240bfbe1
SHA256: 5209ab90c87e2be6de7ad300d10b93411281a07ac80881ebad3bd52bc82f7e45
ssdeep: 3072:y4VYm4VY84VYE4VYY4VYPRWCrjicnFqbTFljxSM70DP9Touk7Fy8sk:pYlY
vYnYjYMmOKFqvFljpY9TouOFyrk
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: RAR Archive (83.3%)
REALbasic Project (16.6%)
packers (F-Prot): embedded
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


[ 本帖最后由 zhb0128 于 2009-10-7 13:21 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

江湖的fans
发表于 2009-10-7 13:22:21 | 显示全部楼层
Trojan.Win32.Generic.11EDF0A3


RISING
回复

举报

江湖的fans
发表于 2009-10-7 13:23:10 | 显示全部楼层
去LZ签名那里看看


关注下BEAR
回复

举报

sse
头像被屏蔽
发表于 2009-10-7 13:27:23 | 显示全部楼层
RIS2010

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Soma Cruz
发表于 2009-10-7 13:28:22 | 显示全部楼层
to Fortinet
回复

举报

江湖的fans
发表于 2009-10-7 13:29:52 | 显示全部楼层
貌似会在windows下生成一个bat批处理


导致瑞星行为防御报毒
回复

举报

zhb0128
头像被屏蔽
 楼主| 发表于 2009-10-7 13:38:34 | 显示全部楼层
原帖由 江湖的fans 于 2009-10-7 13:23 发表
去LZ签名那里看看


关注下BEAR


谢谢,我也是引用论坛上某位的签名做下推广,希望大家多多关注。
回复

举报

z2665
发表于 2009-10-7 14:15:28 | 显示全部楼层
好yd的病毒啊。红伞也在劫持项中 ,看来已经有病毒目标红伞了。to comodo
http://camas.comodo.com/cgi-bin/ ... 0b45d92143346c54d24
NameLast Write Time
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe2009.01.12 14:47:59.390
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe2009.01.12 14:47:59.359
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc2009.01.12 14:47:59.390
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp2009.01.12 14:47:59.359
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe2009.01.12 14:47:59.359
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcagent.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcods.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe2009.01.12 14:47:59.359
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe2009.01.12 14:47:59.359
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe2009.01.12 14:47:59.359
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe2009.01.12 14:47:59.359
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe2009.01.12 14:47:59.359
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe2009.01.12 14:47:59.359
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfCtlCom.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe2009.01.12 14:47:59.375
LM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\РЮёґ№¤ѕЯ.exe2009.01.12 14:47:59.375
LM\System\CurrentControlSet\Services\AppMgmt\Enum2009.01.12 14:47:56.921


[ 本帖最后由 z2665 于 2009-10-7 14:25 编辑 ]
回复

举报

zhb0128
头像被屏蔽
 楼主| 发表于 2009-10-7 14:21:59 | 显示全部楼层
好像NOD32也会被干掉的
回复

举报

lza_China
发表于 2009-10-7 14:27:56 | 显示全部楼层
2009-10-7 14:27:03    创建新进程    允许
进程: c:\windows\explorer.exe
目标: c:\documents and settings\xpmuser\桌面\qq抢车位司机2009改进版\kk计算器.exe
命令行: "C:\Documents and Settings\XPMUser\桌面\QQ抢车位司机2009改进版\KK计算器.exe"
规则: [应用程序]*

2009-10-7 14:27:03    修改文件    允许
进程: c:\documents and settings\xpmuser\桌面\qq抢车位司机2009改进版\kk计算器.exe
目标: C:\WINDOWS\system32\appmgmts.dll
规则: [文件组]系统执行文件 -> [文件]c:\windows\*; *.dll

2009-10-7 14:27:03    启动驱动程序或服务    允许
进程: c:\documents and settings\xpmuser\桌面\qq抢车位司机2009改进版\kk计算器.exe
目标: Application Management
文件路径: C:\WINDOWS\system32\svchost.exe -k netsvcs
规则: [应用程序]*

2009-10-7 14:27:03    创建文件    允许
进程: c:\documents and settings\xpmuser\桌面\qq抢车位司机2009改进版\kk计算器.exe
目标: C:\Documents and Settings\XPMUser\Local Settings\Temp\cpp.bat
规则: [文件组]所有执行文件 -> [文件]*; *.bat

2009-10-7 14:27:03    创建文件    允许
进程: c:\windows\system32\svchost.exe
目标: C:\WINDOWS\TEMP\hccomt.sys
规则: [文件组]系统执行文件 -> [文件]c:\windows\*; *.sys

2009-10-7 14:27:03    创建注册表项    允许
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hccomt
规则: [注册表组]自动运行程序所在位置 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

2009-10-7 14:27:03    创建新进程    允许
进程: c:\documents and settings\xpmuser\桌面\qq抢车位司机2009改进版\kk计算器.exe
目标: c:\windows\system32\cmd.exe
命令行: cmd /c C:\DOCUME~1\XPMUser\LOCALS~1\Temp\cpp.bat
规则: [应用程序]*

2009-10-7 14:27:04    修改注册表值    允许
进程: c:\windows\system32\services.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hccomt\ImagePath
值: \??\C:\WINDOWS\TEMP\hccomt.sys
规则: [注册表组]自动运行程序所在位置 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\*; ImagePath

2009-10-7 14:27:04    加载驱动程序    允许
进程: c:\windows\system32\services.exe
目标: c:\windows\temp\hccomt.sys
规则: [应用程序]c:\windows\system32\services.exe

2009-10-7 14:27:04    删除文件    允许
进程: c:\windows\system32\cmd.exe
目标: C:\Documents and Settings\XPMUser\桌面\QQ抢车位司机2009改进版\KK计算器.exe
规则: [文件组]所有执行文件 -> [文件]*; *.exe

2009-10-7 14:27:04    创建新进程    允许
进程: c:\windows\system32\cmd.exe
目标: c:\windows\system32\conime.exe
命令行: C:\WINDOWS\system32\conime.exe
规则: [应用程序]*

2009-10-7 14:27:04    删除文件    允许
进程: c:\windows\system32\cmd.exe
目标: C:\Documents and Settings\XPMUser\Local Settings\Temp\cpp.bat
规则: [文件组]所有执行文件 -> [文件]*; *.bat

2009-10-7 14:27:04    删除注册表项    允许
进程: c:\windows\system32\svchost.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hccomt
规则: [注册表组]自动运行程序所在位置 -> [注册表]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

2009-10-7 14:27:08    访问网络    允许
进程: c:\windows\system32\svchost.exe
目标: TCP [本机 : 1135] ->  [125.91.11.57 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2009-10-7 14:27:08    访问网络    允许
进程: c:\windows\system32\svchost.exe
目标: TCP [本机 : 1137] ->  [74.63.89.90 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2026-4-20 06:07 , Processed in 0.091129 second(s), 3 queries , Redis On.

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表