刚才遇到个嚣张的黑客

troika

因为我的电脑我妈有时也玩纸牌,所以开机不设置密码,结果我上着没多长时间天网提示有程序要求连网,我知道是病毒,本想禁止的,可一想,既然要连网,肯定是下载型病毒,所以我就允许了,结果果然多了几个病毒进我电脑,我分析了一下,卡巴没一个能杀,红伞提示一个是偷银行密码的病毒,我然后全上报了,最后我想进还原精灵6.1还原的,结果发现黑客已经进入还原精灵并点了增加还原点了,我赶紧撤消,全部还原.所以最后这场仗以我完胜而告终.黑客想和我玩还嫩了点.

附那几个病毒........

绅博周幸

里面那个qq.exe红伞没有报，现在上报

Thank you for your submission. Below you can see the current status of the uploaded files.


--------------------------------------------------------------------------------


We received the following archive files:



File ID  Filename  Size (Byte) Result
220199  qq.rar 24.256 OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
220200  qq.exe  25.698  UNDER ANALYSIS


Please find a detailed report concerning each individual sample below:

Filename Result
qq.exe  UNDER ANALYSIS

The file 'qq.exe' has been determined to be 'UNDER ANALYSIS'.


--------------------------------------------------------------------------------
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

绅博周幸

AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found Generic.PWStealer.7940997A  
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found probably a variant of Win32/PSW.QQPass.VD (probable variant)  
Norman Virus Control  Found nothing
Panda Antivirus  Found Trj/QQPass.QA  
VirusBuster  Found nothing
VBA32  Found MalwareScope.Backdoor.Hupigon.10  


那个qq.exe免杀做得不错，貌似这次NOD32报了

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\svchost.rar'
C:\Documents and Settings\Administrator\My Documents\
  svchost.rar
    [0] Archive type: RAR
    --> svchost.exe
        [DETECTION] Contains signature of the dropper DR/Delphi.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> qq.exe
    --> gg.exe
        [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> zz.exe
        [DETECTION] Is the Trojan horse TR/PWS.Banker.13824.A
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
费尔虽然只有2个，动态防御全部都给干掉了。。
果然费尔的动态防御很有用。。

The EQs

Scan performed at: 2007-3-11 8:49:27
Scanning Log
NOD32 version 2106 (20070310) NT
Command line: C:\Documents and Settings\EQ2\桌面\svchost.rar
Operating memory - is OK

Date: 11.3.2007  Time: 08:49:32
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\svchost.rar
C:\Documents and Settings\EQ2\桌面\svchost.rar ?RAR ?qq.exe - probably a variant of Win32/PSW.QQPass.VD trojan
C:\Documents and Settings\EQ2\桌面\svchost.rar ?RAR ?gg.exe - probably a variant of Win32/PSW.Delf.NEV trojan
Number of scanned files: 5
Number of threats found: 2
Number of files cleaned: 1
Time of completion: 08:49:32 Total scanning time: 0 sec (00:00:00)

hsjj2005

费尔   谢谢样本！

ohmyivan

你怎么设置的机器权限啊,怎么还能让黑客进入还原精灵??开3389拉??

蓝色牛仔裤

qq.exe还是逃不过BD啊~


Virus check with AntiVirusKit
Version 16.0.7
Virus signatures of 2007-3-9
Start time: 2007-3-11 9:30
Engine(s): KAV engine (AVK 17.3157), BD-Engine (BD 17.2348)
Heuristic: On
Archives: On
System areas: On

Check system areas...
Check selected directories and files...
Object: svchost.exe
        In archive: D:\svchost.rar
        Status: Virus detected
        Virus: Generic.PWStealer.2BFE8D6D (BD-Engine)
Object: qq.exe
        In archive: D:\svchost.rar
        Status: Virus detected
        Virus: Generic.PWStealer.7940997A (BD-Engine)
Object: zz.exe
        In archive: D:\svchost.rar
        Status: Virus detected
        Virus: Trojan.Legmir.E (BD-Engine)
Object: svchost.rar
        Path: D:
        Status: Virus detected
        Virus: Generic.PWStealer.2BFE8D6D, Generic.PWStealer.7940997A, Trojan.Legmir.E (BD-Engine)
Analysis complete: 2007-3-11 9:30
    1 files checked
    1 infected files detected
    0 suspected files detected

[ 本帖最后由 蓝色牛仔裤 于 2007-3-11 09:42 编辑 ]

蓝色牛仔裤

蜘蛛只杀了一个~

psyche22