前天捉的几只样本

ouran

前几天捉了好多样本,传几个看看

soul20010

BitDefender Antivirus Plus v10
intenat3.rar=>intenat3.exe        Infected: Trojan.Gatt.A
sunny.rar=>sunny.exe        Infected: Generic.Malware.Sdld!!.151CE424

soul20010

BitDefender Antivirus Plus v10
SysInfo.rar=>SysInfo.vxd        Infected: Generic.PWStealer.3FEDBE52
SYSTEMMM.rar=>SYSTEMMM.exe        Infected: Generic.Malware.WBdld.75B488CE
myplayer.rar=>myplayer.com        Infected: Generic.Malware.BE!dldspg.7747F2AD
Kernel32.rar=>Kernel32.exe        Infected: Trojan.WOW.A

mofunzone

antivir漏掉一个

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\SYSTEMMM.rar'
C:\Documents and Settings\morgan\My Documents\
  SYSTEMMM.rar
    [0] Archive type: RAR
    --> SYSTEMMM.exe
        [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\ieagent.rar'
C:\Documents and Settings\morgan\My Documents\
  ieagent.rar
    [0] Archive type: RAR
    --> ieagent.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\intenat3.rar'
C:\Documents and Settings\morgan\My Documents\
  intenat3.rar
    [0] Archive type: RAR
    --> intenat3.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\Kernel32.rar'
C:\Documents and Settings\morgan\My Documents\
  Kernel32.rar
      [DETECTION] Is the Trojan horse TR/Agent.18757.B
      [WARNING]   The file was ignored!
    [0] Archive type: RAR
    --> Kernel32.exe
        [DETECTION] Is the Trojan horse TR/Agent.18757.B
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\myplayer.rar'
C:\Documents and Settings\morgan\My Documents\
  myplayer.rar
    [0] Archive type: RAR
    --> myplayer.com
        [DETECTION] Is the Trojan horse TR/Spy.Agent.PN.215
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\spoolsx.rar'
C:\Documents and Settings\morgan\My Documents\
  spoolsx.rar
    [0] Archive type: RAR
    --> spoolsx.exe
Begin scan in 'C:\Documents and Settings\morgan\My Documents\sunny.rar'
C:\Documents and Settings\morgan\My Documents\
  sunny.rar
    [0] Archive type: RAR
    --> sunny.exe
        [DETECTION] Is the Trojan horse TR/Agent.4608.65
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\SysInfo.rar'
C:\Documents and Settings\morgan\My Documents\
  SysInfo.rar
    [0] Archive type: RAR
    --> SysInfo.vxd
        [DETECTION] Is the Trojan horse TR/PSW.Steal.26327
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!


End of the scan: 2007年4月6日  19:06
Used time: 00:09 min

The scan has been done completely.

      0 Scanning directories
     16 Files were scanned
      8 viruses and/or unwanted programs were found
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      8 Files not concerned
      8 Archives were scanned
     14 Warnings
      0 Notes

mofunzone

File:         spoolsx.exe
Status:         INFECTED/MALWARE
MD5         daef789820db0dc3e1cea31b9cb7c713
Packers detected:         -

Scanner results
Scan taken on 07 Apr 2007 02:06:02 (GMT)
AntiVir         Found nothing
ArcaVir         Found nothing
Avast         Found nothing
AVG Antivirus         Found nothing
BitDefender         Found nothing
ClamAV         Found nothing
Dr.Web         Found DLOADER.Trojan (probable variant)
F-Prot Antivirus         Found Possibly a new variant of W32/SelfStarterInternetTrojan!Maximus
F-Secure Anti-Virus         Found nothing
Fortinet         Found nothing
Kaspersky Anti-Virus         Found nothing
NOD32         Found nothing
Norman Virus Control         Found nothing
Panda Antivirus         Found nothing
Rising Antivirus         Found nothing
VirusBuster         Found nothing
VBA32         Found nothing

hzq277284

AVG Anti-Malware  和 Dr.Web

欠妳緈諨

avast!下载报了3个,剩下的金山杀了3个

tonger2003

ieagent.rar (34.62 KB)
sunny.rar (2.1 KB)  spoolsx.rar (54.26 KB)
这3 个是死的吧

大家测试下~~ 开着EQ运行没什么反应 除了sunny在进程表上可以找到 但没什么动作~~

spoolsx是死~~~

wk1984

spoolsx.rar

NOD32不报,Dr.Web报

ouran

原帖由 tonger2003 于 2007-4-7 10:43 发表
ieagent.rar (34.62 KB)
sunny.rar (2.1 KB)  spoolsx.rar (54.26 KB)
这3个是死的吧

大家测试下~~ 开着EQ运行没什么反应 除了sunny在进程表上可以找到 但没什么动作~~

spoolsx是死~~~

sunny 应该有动作的,一方面修改注册表,导致无法显示隐藏文件
一般会在c盘根目录写入，添加到启动项
自动感染u盘，写入autorun.inf和sunny.exe