下载时遇到的一个毒网

显示全部楼层 · 发表于 2007-4-1 16:33:26

搜索UltraEdit32时遇到的，大家看看
http://xiaoshuowang.com.cn/download/17520/

下面是日志:
2007-4-1 16:28:23 已由访问保护规则禁止 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\svchost.exe 用户定义的规则:保护SVCHOST进程已阻止的操作: 执行

显示全部楼层 · 发表于 2007-4-1 17:21:36

样本?

显示全部楼层 · 发表于 2007-4-1 17:24:58

Time Module Object Name Threat Action User Information
2007-4-1 17:25:53 IMON file http://www.xiaoshuowang.com.cn/c.jpg a variant of Win32/TrojanDownloader.Ani.Gen trojan  KASPERSK-F13F4E\EQ2
2007-4-1 17:25:52 IMON file http://www.xiaoshuowang.com.cn/a.jpg a variant of Win32/TrojanDownloader.Ani.Gen trojan  KASPERSK-F13F4E\EQ2
2007-4-1 17:25:37 IMON file http://www.xiaoshuowang.com.cn/c.jpg a variant of Win32/TrojanDownloader.Ani.Gen trojan  KASPERSK-F13F4E\EQ2
2007-4-1 17:25:35 IMON file http://www.xiaoshuowang.com.cn/a.jpg a variant of Win32/TrojanDownloader.Ani.Gen trojan  KASPERSK-F13F4E\EQ2
2007-4-1 17:25:33 IMON file http://www.xiaoshuowang.com.cn/c.jpg a variant of Win32/TrojanDownloader.Ani.Gen trojan  KASPERSK-F13F4E\EQ2
2007-4-1 17:24:51 AMON file C:\Documents and Settings\EQ2\Local Settings\Temporary Internet Files\Content.IE5\0V0P4DGD\a[3].jpg a variant of Win32/TrojanDownloader.Ani.Gen trojan quarantined - deleted - error while cleaning - operation unavailable for this type of object KASPERSK-F13F4E\EQ2 Event occurred on a new file created by the application: D:\Program Files\GreenBrowser\GreenBrowser.exe. The file was moved to quarantine. You may close this window.
2007-4-1 17:24:50 IMON file http://www.xiaoshuowang.com.cn/a.jpg a variant of Win32/TrojanDownloader.Ani.Gen trojan  KASPERSK-F13F4E\EQ2
2007-4-1 17:24:50 AMON file C:\Documents and Settings\EQ2\Local Settings\Temporary Internet Files\Content.IE5\0V0P4DGD\a[3].jpg a variant of Win32/TrojanDownloader.Ani.Gen trojan error while cleaning - operation unavailable for this type of object KASPERSK-F13F4E\EQ2 Event occurred at an attempt to access the file by the application: D:\Program Files\GreenBrowser\GreenBrowser.exe.
2007-4-1 17:24:47 IMON file http://www.xiaoshuowang.com.cn/c.jpg a variant of Win32/TrojanDownloader.Ani.Gen trojan  KASPERSK-F13F4E\EQ2

显示全部楼层 · 发表于 2007-4-1 17:27:36

样本上来了

显示全部楼层 · 发表于 2007-4-1 17:29:50

咖啡，杀木马

显示全部楼层 · 发表于 2007-4-1 17:44:32

AhnLab-V3 2007.3.31.0 04.01.2007  no virus found
AntiVir 7.3.1.47 03.31.2007 EXP/MS05-002.Ani.A
Authentium 4.93.8 03.31.2007  no virus found
Avast 4.7.936.0 03.31.2007  no virus found
AVG 7.5.0.447 03.31.2007  no virus found
BitDefender 7.2 04.01.2007 Exploit.Win32.MS05-002.Gen
CAT-QuickHeal 9.00 03.31.2007  no virus found
ClamAV devel-20070312 04.01.2007  no virus found
DrWeb 4.33 03.31.2007  no virus found
eSafe 7.0.15.0 03.31.2007  no virus found
eTrust-Vet 30.6.3527 03.31.2007  no virus found
Ewido 4.0 03.31.2007  no virus found
FileAdvisor 1 04.01.2007  no virus found
Fortinet 2.85.0.0 04.01.2007  no virus found
F-Prot 4.3.1.45 03.30.2007  no virus found
F-Secure 6.70.13030.0 04.01.2007  no virus found
Ikarus T3.1.1.3 04.01.2007  no virus found
Kaspersky 4.0.2.24 04.01.2007  no virus found
McAfee 4997 03.31.2007 Exploit-ANIfile.c
Microsoft 1.2306 04.01.2007 Exploit:Win32/Anicmoo.A
NOD32v2 2160 03.31.2007 a variant of Win32/TrojanDownloader.Ani.Gen
Norman 5.80.02 03.31.2007  no virus found
Panda 9.0.0.4 03.31.2007  no virus found
Prevx1 V2 04.01.2007  no virus found
Sophos 4.16.0 03.30.2007  no virus found
Sunbelt 2.2.907.0 03.31.2007  no virus found
Symantec 10 04.01.2007 Bloodhound.Exploit.131
TheHacker 6.1.6.083 03.30.2007  no virus found
UNA 1.83 03.16.2007  no virus found
VBA32 3.11.3 04.01.2007  no virus found
VirusBuster 4.3.7:9 03.31.2007  no virus found
Webwasher-Gateway 6.0.1 04.01.2007 Exploit.MS05-002.Ani.A

Aditional Information
File size: 285 bytes
MD5: acaff5ed40a0755ec9ddac4fdecd5dd2
SHA1: a374a4957e798dc6b5cdfd314b3beb4af36d160a

显示全部楼层 · 发表于 2007-4-1 17:48:06

完了~~中的时候没规则包，这下可能要修复咖啡了

显示全部楼层 · 发表于 2007-4-2 10:48:54

样本是jpg图片哈，运行后没有反应哦

[病毒样本] 下载时遇到的一个毒网

本帖子中包含更多资源

本帖子中包含更多资源