qd.exe及db1.exe (此帖已完,1394楼有新帖子的地址)

江湖的fans

NORTON  SONAR KILL ALL

蝉鸣时

130

ESET NOD32 emptied.
db1.e3xe - Win32/Adware.WSearch.AJ 应用程序 的变种
qd.ex1e - Win32/Adware.WSearch.AJ 应用程序 的变种

蝉鸣时

密码多少呀
江湖的fans 发表于 2010.8.5 12:10

密码是infected。

sam.to

159a418763eabca84fedb95884c1da00   db1.exe
a1264af64451c176389d206d2ddd7fc5   qd.exe

to kl,ll,mcafee,comodo,avira



A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25836500	qd.ex3e	448 KB	UNDER ANALYSIS
25836501	db1.exe2	408 KB	UNDER ANALYSIS

Hello,

78176345_266993987_db1.exe2 - Trojan-Dropper.Win32.Agent.cpfj,
78176345_266993988_qd.ex3e - Trojan-Dropper.Win32.Agent.cpfk

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.


Please quote all when answering.
-----------------
Regards, Kirill Kruglov
Virus Analyst, Kaspersky Lab.

Filename

Result

qd.ex3e

MALWARE

The file 'qd.ex3e' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Drop.Agent.adg.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

db1.exe2

MALWARE

The file 'db1.exe2' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Drop.Purgodoor.A.24.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

蝉鸣时

134

ESET NOD32 emptied.
db1.exe2 - Win32/Adware.WSearch.AJ 应用程序 的变种
qd.ex3e - Win32/Adware.WSearch.AJ 应用程序 的变种

jason_jiang

134 to xandora(panda)

sam.to

091af840b5904ed2c44bc524d608f49b   qd.exe2
ffa779e54a8eef8676e5df1b9ecf50d2   db1.exe2

to kl,ll,mcafee,comodo,avira



A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25837598	db1.exe2	408 KB	UNDER ANALYSIS
25837599	qd.exe2	448 KB	UNDER ANALYSIS

Hello,

db1.exe_ - Trojan-Dropper.Win32.Agent.cpld,
qd.exe_ - Trojan-Dropper.Win32.Agent.cple

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

Best regards, Unuchek Roman








Please find a detailed report concerning each individual sample below:

Filename

Result

db1.exe2

MALWARE

The file 'db1.exe2' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/WSearch.A.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

qd.exe2

MALWARE

The file 'qd.exe2' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/WSearch.AA.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.

jason_jiang

137 to xandora(panda)

8073176430

137 eset kill
Win32/Adware.WSearch.AJ 应用程序 的变种

生命de重建

To avast!