卡吧报

显示全部楼层 · 发表于 2007-3-20 06:13:26

过蜘蛛、过NOD，过AVG

显示全部楼层 · 发表于 2007-3-20 06:33:45

AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Agent.bbb
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.bbb
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found Trojan.DL.Agent.Gen.1
VBA32 Found Embedded.Trojan-Downloader.Win32.Agent.bbb (probable variant)

显示全部楼层 · 发表于 2007-3-20 08:01:29

报的不多~~~~~~~~~~

显示全部楼层 · 发表于 2007-3-20 11:54:57

123

[ 本帖最后由 jlennon 于 2007-3-20 11:59 编辑 ]

显示全部楼层 · 发表于 2007-3-20 12:00:51

vba32开始发怒了。。。。。

显示全部楼层 · 发表于 2007-3-20 12:03:40

呵呵,卡巴好样的.

待加入启发式后击败红伞指日可待!!

显示全部楼层 · 发表于 2007-3-20 12:05:10

这个多半是误报

显示全部楼层 · 发表于 2007-3-20 12:06:16

Why do you think so？

显示全部楼层 · 发表于 2007-3-20 13:14:34

运行后antivir搞定
nod继续没反应。。
AntiVir Found TR/Dldr.SrSky
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.SrSky.A
ClamAV Found nothing
Dr.Web Found DLOADER.Trojan (probable variant)
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Agent.bdd
Fortinet Found QQHelp!tr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.bdd
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

显示全部楼层 · 发表于 2007-3-20 13:21:10

Submission details:
Submission received: 20 March 2007, 04:12:00 PM
Processing time: 2 min 21 sec
Submitted sample:
File MD5: 0xE7B03E5FE0B7294E95E14D5145C40C3B
Filesize: 57,344 bytes
Alias: Trojan-Downloader.Win32.Agent.bbb [Kaspersky Lab]

Technical Details:

File System Modifications

The following files were created in the system:
# Filename(s) File Size File MD5 Alias / Other Info
1 %System%\drivers\yvukx.sys  10,240 bytes 0xCC9EF7E9F42F54063876AE61F2F0957D Trojan-Downloader.Win32.Agent.bbb [Kaspersky Lab]

2 %System%\rarob.dll  59,392 bytes 0x547098F95F882878BA3DF733993C4539 Trojan-Downloader.Win32.Agent.bdd [Kaspersky Lab]

3 [file and pathname of the sample #1]  57,344 bytes 0xE7B03E5FE0B7294E95E14D5145C40C3B Trojan-Downloader.Win32.Agent.bbb [Kaspersky Lab]

Note:
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Memory modifications

There was a new process created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 57,344 bytes

The following module was loaded into the address space of other process(es):
Module Name Module Filename Address Space Details

rarob.dll %System%\rarob.dll Process name: explorer.exe
Process filename: %Windir%\explorer.exe
Address space: 0x1960000 - 0x1970000

There was a new kernel-mode driver installed in the system:
yvukx.sys (%System%\drivers\yvukx.sys)

Registry modifications

The following Registry Keys were created:
HKEY_LOCAL_MACHINE\SOFTWARE\Adobe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_YVUKX
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_YVUKX\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_YVUKX\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yvukx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yvukx\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yvukx\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_YVUKX
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_YVUKX\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_YVUKX\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yvukx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yvukx\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yvukx\Enum
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe]
Adobe = 0x0001F4FA
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_YVUKX\0000\Control]
*NewlyCreated* = 0x00000000
ActiveService = "yvukx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_YVUKX\0000]
Service = "yvukx"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "yvukx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_YVUKX]
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yvukx\Enum]
0 = "Root\LEGACY_YVUKX\0000"
Count = 0x00000001
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yvukx\Security]
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yvukx]
Type = 0x00000001
Start = 0x00000000
ErrorControl = 0x00000001
ImagePath = "System32\DRIVERS\yvukx.sys"
DisplayName = 79 76 75 6B 78
Group = 53 79 73 74 65 6D 20 42 75 73 20 45 78 74 65 6E 64 65 72
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_YVUKX\0000\Control]
*NewlyCreated* = 0x00000000
ActiveService = "yvukx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_YVUKX\0000]
Service = "yvukx"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "yvukx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_YVUKX]
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yvukx\Enum]
0 = "Root\LEGACY_YVUKX\0000"
Count = 0x00000001
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yvukx\Security]
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yvukx]
Type = 0x00000001
Start = 0x00000000
ErrorControl = 0x00000001
ImagePath = "System32\DRIVERS\yvukx.sys"
DisplayName = 79 76 75 6B 78
Group = 53 79 73 74 65 6D 20 42 75 73 20 45 78 74 65 6E 64 65 72

[病毒样本] 卡吧报

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

回复 #7 欠你幸福的帖子

本帖子中包含更多资源

[病毒样本] 卡吧报

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

回复 #7 欠你幸福 的帖子

本帖子中包含更多资源

回复 #7 欠你幸福的帖子