玩笑程序？

幸福的猪猪

360安全卫士扫描报告为：木马:Adware/Win32.180solutions.BM


此样本从本论坛的某病毒下载地址延伸出来的下载得到的。

样本提交卡巴斯基（中国）分析。

timhas266

Start of the scan: Friday, 25 December, 2009  14:49

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Tim\桌面\01.rar'
C:\Documents and Settings\Tim\桌面\01.rar
  [0] Archive type: RAR
    [NOTE]      A backup was created as '4b6260be.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
    --> 01.exe
      [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

303898443

MSE没事。

hddu

2009-12-25 16:44:47    加载库文件      操作:允许
进程路径:E:\01\01.exe
文件路径:C:\WINDOWS\system32\dnsapi.dll
触发规则:所有程序规则->联网操作->%windir%\system32\dnsapi.dll

2009-12-25 16:44:49    创建文件      操作:阻止并结束进程
进程路径:E:\01\01.exe
文件路径:C:\Program Files\gspc1.exe
触发规则:所有程序规则->%ProgramFiles%文件夹设置->%ProgramFiles%\*

theanotherone

不是玩笑程序 看看这是沙盘分析的 下载了001.exe 146.exe
Detailed report of suspicious malware actions:

Defined file type modified: C:\Program Files\Thunder Network\Thunder\Program\mp.dll
Defined file type copied to Windows folder: C:\WINNT\system32\001.exe
Defined file type copied to Windows folder: C:\WINNT\system32\146.exe
Defined registry AutoStart location added or modified: machine\software\microsoft\windows nt\currentversion\winlogon\Shell = x
Hide file from user: C:\Program Files\CoolPigCinema\works.dll
Hide file from user: C:\Program Files\gspc1.exe
Hide file from user: C:\Program Files\Thunder Network\Thunder\Program\allgrams.exe
Hide file from user: C:\Program Files\Thunder Network\Thunder\Program\mps.dll
Hide file from user: D:\cconter.exe

Risk evaluation result: High

牧羊老汉

启动后连接恶意网址下载木马

比如: http://down.88888wyt.com/1.exe

sharkking

ESET报~
E:\Documents and Settings\桌面\01.rar > RAR > 01.exe - 未查明的 NewHeur_PE 病毒

sharkking

有联网动作~

wliao

微点

BING126

McAfee 报了可疑月神。。