來自外挂(16 楼有新)

sam.to

108858d0a2869507f9639ae221a8942f   bh1.2.exe2
a15f90239c1e6a26aa3ef09de690ecde   3G.exe2
1c1b3150e99fa5133566038f921a90cb   DNF天神1.02.ex2e
337e6f3914d4842f1e41937e8b926c1b   dnfmm1.27vip.exe2
5eceb10a84996059f5730bb7b912158f   xj13.6.exe2
851aacc182bdecdab80bb3209517614a   tu4.7.exe2
84fbc18e5c6dfc0c9d993e6d1fa3ff40   maomao2.6.ex2e
051edb68e523b56d4edc040aea0f63bf   xx3.2.exe2
to kl,ll,mcafee,eset,comodo


25482117          dnfmm1.27vip.exe2          1.99 MB          MALWARE
25482118          DNF####1.02.ex2e          632.02 KB          UNDER ANALYSIS
25482119          3G.exe2          1.09 MB          MALWARE
25482120          bh1.2.exe2          2.24 MB          MALWARE
25482122          xj13.6.exe2          1.97 MB          MALWARE
25482123          xx3.2.exe2          2.23 MB          MALWARE
25482124          maomao2.6.ex2e          1.92 MB          MALWARE
25482125          tu4.7.exe2          2.03 MB          MALWARE



http://sample.nod32.com.hk/index ... ea2054c34f14568fa85
http://sample.nod32.com.hk/index ... 637d07b7b995ede4707



Trojan.Win32.Agent2.ldf
Trojan.Win32.Agent2.ldi
Trojan.Win32.Agent2.ldj
还有一部分

[ 本帖最后由 sam.to 于 2009-10-28 11:15 编辑 ]

主动防御

RIS2010 发现两个可疑

[ 本帖最后由 主动防御 于 2009-10-26 12:05 编辑 ]

sam.to

82e1d5dc3e6bbf21c06803d3cf594ca7   xj13.7.exe_
6a705a68d62bc0fb9d7cac8c36fc1913   dnfmm1.28vip.exe_
e34fb0b7fc9f2bd45353d240a8d5b9bc   sstorm.dll_
b47312ee05e8747260c3136334f60543   DNF天神1.05.exe_
e86b7c065dddbdca058e76f70fcc28b5   xx3.3.exe_
85188e49e454300103125f911bef4111   tu4.8.exe_
679a727984245b6db18967b9262230db   she4.1.exe_
0b7fa8d7ae32370fca81cf9484023254   my3.7.exe_
28e80d7abd3a5b4523d8212573d801f2   bh1.3.exe+
to kl,ll,mcafee

[ 本帖最后由 sam.to 于 2009-10-28 11:34 编辑 ]

sam.to

a3016326328f8470f2784af8b9d652fc  Launcher.exe_
f9d671447597ccd4a89ffccbbb2fb52f  dbdnf.exe_
fdf6edb0ecf532d51ae4201c6783d332  龙王1027.exe_
9237c74e614d0d0a6cfb469330660b2e  鬼鬼1027.exe_
a48d2f2f52884a4a235bd8920c1d5b93  USkin.dll
45eebfd348a485a8e358ec800a7b58a2  ggld.dll
4dc65eafff8b120593a2c238d1e468d6  ggcc.dll
9e460ad5fc8c63c324122832fa47b140  lwl.dll
ad179c5cef0b746b1cae1a3147748cec  lwkn.dll
to kl,ll,mcafee


ggcc.dll, ggld.dll, lwkn.dll, lwl.dll, USkin.dll

以上文件不包含恶意代码。

[ 本帖最后由 sam.to 于 2009-10-29 18:27 编辑 ]

sam.to

ecb41da923f2da5163efcf9ddf2c005d  Launcher.ex2e
6c90848eb918122c9227baf1f41a8be9  xx3.5.exe_
72b224671986e75e63a3c14bb45af90e  bh1.5.exe_
b51a297f65250cacdb91eb7b14af3985  she4.3.exe_
c65d64d404b1440fbd657b33a25624de  dnfgz1.13.e_xe
826291089b12aba8616450fe29c05972  tu5.0.ex9e
e63f6e4cd041709ede9fbafd9d605f26  yyA.01.ex0e
12d8ab838acc106f8200c96851d1b013  maomao2.9.ex1e
00ad3e489066e9d149e0f98bc556bb4f  my3.9.ex2e
39c88d462162b22fc7ff107c3e4c72d8  xj13.9.ex2e
9fef4254e06a5da30067012dd52f48c8  dnfmm1.31vip.ex2e
8a464b8a064d4e8b053501c6cec94038  ggcc.dll_
1b2d57f911f5feb851139ab934e48593  ggld.dll_
a48d2f2f52884a4a235bd8920c1d5b93  USkin.dll_
dba0c8606ba18ac9458aa3a32584a207  鬼鬼1028.ex2e
TO KL,LL,COMODO

http://www.sendspace.com/file/klq5k7
http://rapidshare.com/files/299915432/580236-15.7z

知道密码的不要说出来


25485211          ggcc.dll_          916 KB          CLEAN
25016105          USkin.dll_          327 KB          CLEAN
25485212          ggld.dll_          136.5 KB          CLEAN

[ 本帖最后由 sam.to 于 2009-11-2 16:42 编辑 ]

sam.to

c33164f69f2b573b1a38b473de97d33a  bh1.6.exe2
f599e66f793319874b353767012f8ee2  my4.0.e2xe
9c2ed4e685ad89bcfa27bb460694f944  she4.4.ex2e
0ecacc2648c81444e650327011f766c6  tu5.1.e2xe
8cf3e0b0349df22e0a663d9baeaa130f  xx3.6.ex2e
c65d64d404b1440fbd657b33a25624de  dnfgz1.13.exe2
51a425d2e445ded1b4e4f62ffad500b2  Launcher.exe2
e63f6e4cd041709ede9fbafd9d605f26  yyA.01.ex2e
24d0114ba1979acfc1ce0a3c68387525  ggcc.dll
0a17b296f6c5337ff0342bb4ad529938  ggld.dll
20cea525e91145fd5f321bce4f07e79d  maomao3.1.exe2
a48d2f2f52884a4a235bd8920c1d5b93  USkin.dll
157cb3feabb79b7effd33f1febd49b5b  鬼鬼1031.ex2e
d4b643d67d5ff0450536c2f749a30518  lwkn.dll
59aac330e43cbda73bebf92bd3bcb555  lwl.dll
abea49cdfc86727c764ceab2be40b794  龙王1031.ex2e
de910640cf9f0abf47740c566db55ef1  神鸟v02.exe2
ca6559ae5e02d47eb88eeedfb0f3c109  DNF天神1.10.exe2
491bed2fca39d05945054e3a680e4cf0  sstorm.dll
e239bdb469e51d90f2c674bdfaa48c60  xj14.0.exe_

to kl,ll

http://rapidshare.com/files/300753216/580236-16.rar

知道密码的不要说出来



dnfgz1.13.exe2, ggcc.dll, ggld.dll, maomao3.1.exe2, USkin.dll, yyA.01.ex2e

No malicious code were found in these files.

??1031.ex2e - Trojan-Dropper.Win32.Agent.bhbx

At the moment this file is detected. Please update your antivirus bases.

DNF??1.10.exe2 - Trojan-Dropper.Win32.Agent.bhbv

At the moment this file is detected. Please update your antivirus bases.

lwkn.dll, sstorm.dll, ??v02.exe2

No malicious code were found in these files.
Hello,

##1028.ex2e - Trojan-Dropper.Win32.Agent.bgyp

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Launcher.ex2e, Launcher.ex2e.data0000, USkin.dll_

No malicious code were found in these files.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

[ 本帖最后由 sam.to 于 2009-11-2 11:53 编辑 ]

悠柚

D:\TDDownload\580236-16\bh1.6.exe2         已检测: Trojan-Downloader.Win32.VB!IK
D:\TDDownload\580236-16\dnfgz1.13.exe2         已检测: Trojan-Downloader.Win32.Small!IK
D:\TDDownload\580236-16\maomao3.1.exe2         已检测: Riskware.Win32.VB!IK
D:\TDDownload\580236-16\my4.0.e2xe         已检测: Trojan-Downloader.Win32.VB!IK
D:\TDDownload\580236-16\she4.4.ex2e         已检测: Trojan-Downloader.Win32.VB!IK
D:\TDDownload\580236-16\tu5.1.e2xe         已检测: Trojan-Downloader.Win32.VB!IK
D:\TDDownload\580236-16\USkin.dll         已检测: Win32.SuspectCrc!IK
D:\TDDownload\580236-16\xj14.0.exe_         已检测: Trojan-Downloader.Win32.VB!IK
D:\TDDownload\580236-16\xx3.6.ex2e         已检测: Trojan-Downloader.Win32.VB!IK
D:\TDDownload\580236-16\yyA.01.ex2e         已检测: Trojan.Crypt!IK

newsun

密码是多少？

jhlzh

xialai kankan