rundll123跟踪出来的毒网

ALEXBLAIR

1. 地址：http://down.97725.com/
   
2. 不能访问，只能按照地址下载
   
3. 下载格式：
   
4. http://down.97725.com/downma1.exe
   
5. 。。。。
   
6. http://down.97725.com/downma11.exe

复制代码

卡巴的检测报告

1. deleted: Trojan program Trojan-PSW.Win32.OnLineGames.es File: J:\X_ZONE\test\downma1.exe
   
2. deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nw File: J:\X_ZONE\test\downma10.exe//FSG
   
3. deleted: Trojan program Backdoor.Win32.Agent.alh File: J:\X_ZONE\test\downma8.exe//data.rar/systemm.exe//UPack
   
4. deleted: Trojan program Trojan-PSW.Win32.Delf.ub File: J:\X_ZONE\test\downma9.exe//FSG
   
5. deleted: Trojan program Trojan-PSW.Win32.OnLineGames.es File: J:\X_ZONE\test\downma3.exe
   
6. deleted: Trojan program Trojan-PSW.Win32.OnLineGames.es File: J:\X_ZONE\test\downma5.exe
   
7. deleted: Trojan program Trojan-PSW.Win32.WOW.qa File: J:\X_ZONE\test\downma7.exe

复制代码

tracydk

原帖由 ALEXBLAIR 于 2007-4-17 19:21 发表
地址：http://down.97725.com/
不能访问，只能按照地址下载
下载格式：
http://down.97725.com/downma1.exe
。。。。
http://down.97725.com/downma11.exe卡巴的检测报告deleted: Trojan program Trojan-P ...

AVAST又报了

剑指七星

已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es        文件: F:\downma.rar\downma1.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.nw        文件: F:\downma.rar\downma10.exe/FSG
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es        文件: F:\downma.rar\downma3.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es        文件: F:\downma.rar\downma5.exe
已删除: 木马程序 Trojan-PSW.Win32.WOW.qa        文件: F:\downma.rar\downma7.exe
已删除: 木马程序 Backdoor.Win32.Agent.alh        文件: F:\downma.rar\downma8.exe/data.rar\systemm.exe/UPack
已删除: 木马程序 Trojan-PSW.Win32.Delf.ub        文件: F:\downma.rar\downma9.exe/FSG

zxy900906

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\downma.rar'
C:\Documents and Settings\Administrator\桌面\downma.rar
  [0] Archive type: RAR
  --> downma1.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1696
  --> downma10.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.NW.2
  --> downma11.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
  --> downma3.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> downma5.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1738
  --> downma7.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> downma8.exe
      [DETECTION] Contains signature of the dropper DR/Agent.alh.1
      [1] Archive type: RAR SFX (self extracting)
      --> systemm.exe
          [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.alh Backdoor server programs
  --> downma9.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      A backup was created as '469bb0ff.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!

小邪邪

这一看就不用试了，通杀

aoyang

杀了

欠妳緈諨

D:\病毒测试\未解压\downma.rar ?RAR ?downma1.exe - Win32/PSW.Agent.NDF 木马 变种
D:\病毒测试\未解压\downma.rar ?RAR ?downma11.exe - Win32/Pacex.Gen 病毒
D:\病毒测试\未解压\downma.rar ?RAR ?downma3.exe - Win32/PSW.Agent.NCC 木马 变种
D:\病毒测试\未解压\downma.rar ?RAR ?downma5.exe - 可能是 Win32/PSW.Agent.NCC 木马 变种
D:\病毒测试\未解压\downma.rar ?RAR ?downma7.exe - Win32/PSW.Agent.NCC 木马 变种
D:\病毒测试\未解压\downma.rar ?RAR ?downma9.exe - 未知的 NewHeur_PE 病毒 [7]
nod32扫到6个

风野胤

是7个啊
Scanning Log
NOD32 version 2198 (20070417) NT
Command line: C:\Documents and Settings\Administrator. ?
?DD55774F18A2454\桌面\downma.rar
Checking CRC of NOD32.EXE: Status OK
C:\Program Files\Eset\nod32.exe - is OK
Operating memory is OK.
MBR sector of the 1. physical disk is OK.
Active boot sector of the 1. physical disk is OK.
Date: 17.4.2007  Time: 22:14:23
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and  ?
?Settings\Administrator.DD55774F18A2454\桌面\downma.rar
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma1.exe - a variant of  ?
?Win32/PSW.Agent.NDF trojan
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma10.exe - Win32/PSW. ?
?Legendmir.NEN trojan
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma11.exe - Win32/Pacex.Gen virus
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma3.exe - a variant of  ?
?Win32/PSW.Agent.NCC trojan
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma5.exe - probably a variant  ?
?of Win32/PSW.Agent.NCC trojan
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma7.exe - a variant of  ?
?Win32/PSW.Agent.NCC trojan
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma8.exe ?RAR ?wpcap.dll - is OK
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma8.exe ?RAR ?systemm.exe -  ?
?is OK
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma8.exe ?RAR ?drivers\npf.sys  ?
?- is OK
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma8.exe ?RAR ?Packet.dll - is OK
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma8.exe ?RAR ?WanPacket.dll -  ?
?is OK
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar ?RAR ?downma9.exe - probably unknown  ?
?NewHeur_PE virus [7]
C:\Documents and Settings\Administrator.DD55774F18A2454\ ?
?桌面\downma.rar:Zone.Identifier - is OK
Number of scanned files: 13
Number of threats found: 7
Time of completion: 22:14:42 Total scanning time: 19 sec  ?
?(00:00:19)
Notes:
[7] File is probably infected with an unknown virus.

solcroft

漏杀得downma11.exe执行后卡巴报 = KAV全杀

The EQs

原帖由 solcroft 于 2007-4-17 22:18 发表
漏杀得downma11.exe执行后卡巴报 = KAV全杀

明显的报壳。。。。Kaspersky脱不了NSANTI。。。