qd.exe及db1.exe (此帖已完,1394楼有新帖子的地址)

jayavira

回复 119楼 sam.to  的帖子

没有样本啊？
只好从VT复制了

a variant of Win32/Adware.WSearch.AJ
   

绅博周幸

类别: 特洛伊木马植入程序

说明: 这个程序很危险，它安装其他程序。

建议: 立即删除这个软件。

Microsoft Security Essentials 检测到可能会侵害您的隐私或损坏计算机的程序。即使不删除这些程序，仍然可以访问它们所使用的文件(不推荐)。若要访问这些文件，请选择“允许”操作，并单击“应用操作”。如果此选项不可用，请以管理员身份登录或请求本地管理员提供帮助。

项目:
file:C:\Users\zhouxing\Downloads\qd.e2xe

联机获取有关此项目的详细信息。[:26:]

sam.to

回复 121楼 jayavira  的帖子


    現在可以了

62590423

#119

sam.to

77338860734b58c09ed3c743d6d0f31f

to kl,ll,mcafee,comodo,avira


A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25832995	qd.e2xe	448 KB	UNDER ANALYSIS

Hello,

qd.e2xe - Trojan-Dropper.Win32.Agent.cohy

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

The answer is relevant to the latest bases from update sources.

Please quote all when answering.
-----------------
Regards, Baranov Artiom
Virus Analyst, Kaspersky Lab.





The file 'qd.e2xe' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Agent.amv.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

62590423

#125

sam.to

2CD1E044384D3873AD02D20FEFA8C991


to kl,ll,mcafee,comodo,avira

File ID	Filename	Size (Byte)	Result
25832998	db1.e_xe	408 KB	UNDER ANALYSIS

Hello,

Trojan-Dropper.Win32.Agent.coia

New malicious software was found in the attached file. Its detection will be included in the next update.
Thank you for your help.

Please quote all when answering.
-----------------
Regards, Kirill Kruglov
Virus Analyst, Kaspersky Lab.




The file 'db1.e_xe' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.WSearch.C.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

jayavira

回复 127楼 sam.to  的帖子

ess kill

2010-8-3 14:08:24        文件系统实时防护        文件        D:\下载文件夹\db1.e_xe        Win32/Adware.WSearch.AJ 应用程序 的变种        通过删除清除 - 已隔离        WWW-738C9D7CF42\Administrator        在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe.
   

jason_jiang

127
Trj/CI.A

sam.to

17c60ea0d1fd8077b695fd72147a5bbc   qd.ex1e
b3004c7acfbdce7779d83c4505316802   db1.e3xe

to kl,ll,mcafee,comodo,avira


A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25835744	db1.e3xe	408 KB	UNDER ANALYSIS
25835745	qd.ex1e	448 KB	UNDER ANALYSIS

Hello,

db1.e3xe - Trojan-Dropper.Win32.Agent.cpej,
qd.ex1e - Trojan-Dropper.Win32.Agent.cpek

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

-------------------------------------------
Regards, Ivan Kargapoltsev.
Virus analyst , Kaspersky Lab.
_____________________________
Ph.: +7(095)797-8700
Fax.: +7 (495) 948-43-31
newvirus@kaspersky.com
http://www.kaspersky.com  http://www.viruslist.com







Please find a detailed report concerning each individual sample below:

Filename

Result

db1.e3xe

MALWARE

The file 'db1.e3xe' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Drop.Zlob.bmz.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

qd.ex1e

MALWARE

The file 'qd.ex1e' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Drop.Zlob.bmz.1.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.