我抓到一条特殊的"大鱼"

显示全部楼层 · 发表于 2007-3-12 01:54:16

呵呵,现在有病毒能自动增加还原精灵6.1的还原点,对于菜鸟还是很危险的,而我就遇到了,就是压缩包里的09.exe,装还原精灵6.1的有兴趣可以试试,不要怕,执行病毒后进还原精灵撤消就没事了.

显示全部楼层 · 发表于 2007-3-12 01:57:58

nod32右键扫描剩下来的。。。准备运行看看

显示全部楼层 · 发表于 2007-3-12 02:01:36

剩下来的三个nod32运行也不报。。。。

显示全部楼层 · 发表于 2007-3-12 02:13:43

费尔杀了几个
病毒文件有6个没杀

其他几个运行错误

09.exe文件运行

C:\DOCUME~1\ADMINI~1.C6D\LOCALS~1\Temp\Packet.dll
C:\DOCUME~1\ADMINI~1.C6D\LOCALS~1\Temp\WanPacket.dll
C:\DOCUME~1\ADMINI~1.C6D\LOCALS~1\Temp\npptools.dll
C:\DOCUME~1\ADMINI~1.C6D\LOCALS~1\Temp\ctflsv.exe

费尔动态防御

危险进程(PID:3000): C:\Documents and Settings\Administrator.C6D589ADF78D463\桌面\01[1]\09.exe
创建一个危险的隐藏进程 C:\DOCUME~1\ADMINI~1.C6D\LOCALS~1\Temp\ctflsv.exe(PID:3756)
产品名称: 无
文件版本: 无
公司名称: 无
文件描述: 无
数字签名: 没有发现签名
危险级别: 低
级别评分: 26.8880

[ 本帖最后由 kp2006 于 2007-3-12 02:28 编辑 ]

显示全部楼层 · 发表于 2007-3-12 02:30:06

Thank you for your submission. Below you can see the current status of the uploaded files.

--------------------------------------------------------------------------------

We received the following archive files:

File ID  Filename  Size (Byte) Result
221003  01.rar 491.600 OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
221004  09.exe  225.280  UNDER ANALYSIS
221005  05.exe  276.992  UNDER ANALYSIS

Please find a detailed report concerning each individual sample below:

Filename Result
09.exe  UNDER ANALYSIS

The file '09.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
05.exe  UNDER ANALYSIS

The file '05.exe' has been determined to be 'UNDER ANALYSIS'.

--------------------------------------------------------------------------------
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

显示全部楼层 · 发表于 2007-3-12 03:22:11

Virus check with AntiVirusKit
Version 16.0.7
Virus signatures of 2007-3-11
Start time: 2007-3-12 3:18
Engine(s): KAV engine (AVK 17.3208), BD-Engine (BD 17.2388)
Heuristic: On
Archives: On
System areas: On

Check system areas...
Check selected directories and files...
Object: 01.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part1.rar
Status: Virus detected
Virus: Trojan-Dropper.Win32.VB.ii (KAV engine), Trojan.Dropper.Vb.II (BD-Engine)
Object: 04.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part2.rar
Status: Virus detected
Virus: Trojan-Downloader.Win32.Small.bic (KAV engine)
Object: 05.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part2.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.QQShou.ix (KAV engine)
Object: 06.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part2.rar
Status: Virus detected
Virus: Backdoor.Win32.Delf.afk (KAV engine)
Object: 02.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part1.rar
Status: Virus detected
Virus: Trojan.NSAnti.B (BD-Engine)
Object: 03.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part1.rar
Status: Virus detected
Virus: Generic.Malware.BE!dldspg.F5F6FED1 (BD-Engine)
Object: 04.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part1.rar
Status: Virus detected
Virus: Trojan.Downloader.HideDown (BD-Engine)
Object: 06.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part1.rar
Status: Virus detected
Virus: Backdoor.Delf.AFK (BD-Engine)
Object: 07.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part1.rar
Status: Virus detected
Virus: Trojan.NSAnti.B (BD-Engine)
Object: 08.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part1.rar
Status: Virus detected
Virus: Trojan.NSAnti.B (BD-Engine)
Object: 09.exe
In archive: C:\Documents and Settings\Administrator\桌面\01[1].part1.rar
Status: Virus detected
Virus: MemScan:Trojan.Jvoncik.A (BD-Engine)
Object: 01[1].part1.rar
Path: C:\Documents and Settings\Administrator\桌面
Status: Move file into quarantine
Virus: Trojan-Dropper.Win32.VB.ii, Trojan-Downloader.Win32.Small.bic, Trojan-PSW.Win32.QQShou.ix, Backdoor.Win32.Delf.afk (KAV engine), Trojan.Dropper.Vb.II, Trojan.NSAnti.B (3x), Generic.Malware.BE!dldspg.F5F6FED1, Trojan.Downloader.HideDown, Backdoor.Delf.AFK, MemScan:Trojan.Jvoncik.A (BD-Engine)
Analysis complete: 2007-3-12 3:18
3 files checked
1 infected files detected
0 suspected files detected

显示全部楼层 · 发表于 2007-3-12 03:23:09

删了删了，网络延迟，发重了

[ 本帖最后由 jlennon 于 2007-3-12 03:36 编辑 ]

显示全部楼层 · 发表于 2007-3-12 07:15:30

驱逐舰
2007-3-12 7:13:15 01.exe (S)C:\Documents and Settings\xxx\桌面\01 Trojan.DownLoader.8802 12
2007-3-12 7:13:16 03.exe (S)C:\Documents and Settings\xxx\桌面\01 Trojan.Hitpop 12
2007-3-12 7:13:16 04.exe (S)C:\Documents and Settings\xxx\桌面\01 Tool.HideDownfile 12
2007-3-12 7:13:18 06.exe (S)C:\Documents and Settings\xxx\桌面\01 Trojan.DownLoader.8802 12
2007-3-12 7:13:51 01.exe C:\Documents and Settings\xxx\桌面\01 10
data002 Trojan.DownLoader.8802
2007-3-12 7:13:51 03.exe C:\Documents and Settings\xxx桌面\01 Trojan.Hitpop 10
2007-3-12 7:13:51 04.exe C:\Documents and Settings\xxx\桌面\01 Tool.HideDownfile 10
2007-3-12 7:13:51 06.exe C:\Documents and Settings\xxx\桌面\01 Trojan.DownLoader.8802 10

显示全部楼层 · 发表于 2007-3-12 07:30:16

Starting the file scan:

Begin scan in 'D:\01[1].rar'
D:\01[1].rar
  [0] Archive type: RAR
  --> 01[1]\01.exe
   [DETECTION] Is the Trojan horse TR/Drop.VB.II
  --> 01[1]\02.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
  --> 01[1]\03.exe
   [DETECTION] Is the Trojan horse TR/Agent.92768
  --> 01[1]\04.exe
   [DETECTION] Contains signature of the dropper DR/Hidedown.A.2
  --> 01[1]\05.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 01[1]\06.exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Delf.afk Backdoor server programs
  --> 01[1]\07.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
  --> 01[1]\08.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-3-12 11:49:33

生成器微点没报，另外一个运行后就退出，没有生产物也没有写注册表

[病毒样本] 我抓到一条特殊的"大鱼"

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块