继续流氓 by AVPClub

显示全部楼层 · 发表于 2007-4-27 01:50:10

0000

显示全部楼层 · 发表于 2007-4-27 01:54:03

病毒包，闪人

显示全部楼层 · 发表于 2007-4-27 01:59:20

Scan performed at: 2007-4-27 1:59:18
Scanning Log
NOD32 version 2221 (20070426) NT
Command line: C:\Documents and Settings\EQ2\桌面\流氓1號.rar
Operating memory - is OK

Date: 27.4.2007 Time: 01:59:22
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\流氓1號.rar
C:\Documents and Settings\EQ2\桌面\流氓1號.rar ?RAR ?流氓1號\Updaterun.rar ?RAR ?Updaterun.exe - a variant of Win32/Adware.Toolbar.Baidu application
Number of scanned files: 9
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 01:59:25 Total scanning time: 3 sec (00:00:03)

显示全部楼层 · 发表于 2007-4-27 06:25:44

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\��å1̖.rar'
C:\Documents and Settings\morgan\My Documents\
  ��å1̖.rar
[0] Archive type: RAR
--> Á÷Ã¥1Ì–\1035.rar
      [1] Archive type: RAR
      --> 1035.exe
--> Á÷Ã¥1Ì–\bind_50046.rar
      [1] Archive type: RAR
      --> bind_50046.exe
         [DETECTION] Is the Trojan horse TR/Drop.Agent.29730
         [WARNING] Infected files in archives cannot be repaired!
--> Á÷Ã¥1Ì–\dodolook139.rar
      [1] Archive type: RAR
      --> dodolook139.exe
--> Á÷Ã¥1Ì–\Internat.rar
      [1] Archive type: RAR
      --> Internat.exe
         [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
         [WARNING] Infected files in archives cannot be repaired!
--> Á÷Ã¥1Ì–\lfrmewrk.rar
      [1] Archive type: RAR
      --> lfrmewrk.exe
         [DETECTION] Is the Trojan horse TR/Adclicker.FC
         [WARNING] Infected files in archives cannot be repaired!
--> Á÷Ã¥1Ì–\test.rar
      [1] Archive type: RAR
      --> test.exe
         [DETECTION] Is the Trojan horse TR/Click.SoftLy
         [WARNING] Infected files in archives cannot be repaired!
--> Á÷Ã¥1Ì–\Updaterun.rar
      [1] Archive type: RAR
      --> Updaterun.exe
         [DETECTION] Is the Trojan horse TR/Dldr.Agent.40960
         [WARNING] Infected files in archives cannot be repaired!
--> Á÷Ã¥1Ì–\ad_1719.rar
      [1] Archive type: RAR
      --> ad_1719.exe
         [DETECTION] Is the Trojan horse TR/Drop.Boran.XSS.2
         [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2007年4月26日  15:25
Used time: 00:08 min

The scan has been done completely.

   0 Scanning directories
   17 Files were scanned
   6 viruses and/or unwanted programs were found
   0 classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   11 Files not concerned
   9 Archives were scanned
   7 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-4-27 07:57:51

红伞。。。杀

显示全部楼层 · 发表于 2007-4-27 09:28:09

前一个样本下载的东西和你发的差不多，Updaterun这个运行就退出，dodolook139.exe不是有效应用程序

显示全部楼层 · 发表于 2007-4-27 10:00:44

kaba 杀

显示全部楼层 · 发表于 2007-4-27 11:15:01

KIS拦截：

显示全部楼层 · 发表于 2007-4-27 16:33:00

Virus check with AntiVirusKit
Version 16.0.7
Virus signatures of 2007-4-25
Start time: 2007-4-27 16:32
Engine(s): KAV engine (AVK 17.4126), BD-Engine (BD 17.3645)
Heuristic: On
Archives: On
System areas: On

Check system areas...
Check selected directories and files...
Object: bind_50046.exe=>(NSIS o) bzip2_solid_nsis0001
In archive: C:\Documents and Settings\Administrator\桌面\流氓1號\流氓1號\bind_50046.rar
Status: Virus detected
Virus: DeepScan:Generic.Dld.ADL.D6531E82 (BD-Engine)
Object: bind_50046.rar
Path: C:\Documents and Settings\Administrator\桌面\流氓1號\流氓1號
Status: Move file into quarantine
Virus: DeepScan:Generic.Dld.ADL.D6531E82 (BD-Engine)
Object: Internat.exe
In archive: C:\Documents and Settings\Administrator\桌面\流氓1號\流氓1號\Internat.rar
Status: Virus detected
Virus: Trojan-Downloader.Win32.Agent.bnv (KAV engine)
Object: Internat.rar
Path: C:\Documents and Settings\Administrator\桌面\流氓1號\流氓1號
Status: Move file into quarantine
Virus: Trojan-Downloader.Win32.Agent.bnv (KAV engine)
Object: lfrmewrk.exe
In archive: C:\Documents and Settings\Administrator\桌面\流氓1號\流氓1號\lfrmewrk.rar
Status: Virus detected
Virus: Trojan-Downloader.Win32.Adload.bz (KAV engine), Trojan.Adclicker.FC (BD-Engine)
Object: lfrmewrk.rar
Path: C:\Documents and Settings\Administrator\桌面\流氓1號\流氓1號
Status: Move file into quarantine
Virus: Trojan-Downloader.Win32.Adload.bz (KAV engine), Trojan.Adclicker.FC (BD-Engine)
Object: test.exe
In archive: C:\Documents and Settings\Administrator\桌面\流氓1號\流氓1號\test.rar
Status: Virus detected
Virus: Trojan-Clicker.Win32.Small.ld (KAV engine)
Object: test.rar
Path: C:\Documents and Settings\Administrator\桌面\流氓1號\流氓1號
Status: Move file into quarantine
Virus: Trojan-Clicker.Win32.Small.ld (KAV engine)
Object: Updaterun.exe
In archive: C:\Documents and Settings\Administrator\桌面\流氓1號\流氓1號\Updaterun.rar
Status: Virus detected
Virus: Trojan-Downloader.Win32.Agent.bdn (KAV engine), Trojan.Agent.ATO (BD-Engine)
Object: Updaterun.rar
Path: C:\Documents and Settings\Administrator\桌面\流氓1號\流氓1號
Status: Move file into quarantine
Virus: Trojan-Downloader.Win32.Agent.bdn (KAV engine), Trojan.Agent.ATO (BD-Engine)
Analysis complete: 2007-4-27 16:32
8 files checked
5 infected files detected
0 suspected files detected

显示全部楼层 · 发表于 2007-4-27 22:05:15

KIS
已删除: 木马程序 Trojan-Downloader.Win32.Agent.bnv 文件: D:\Downloads\流氓1號.rar/流氓1號\Internat.rar/Internat.exe//ASPack
已删除: 木马程序 Trojan-Downloader.Win32.Adload.bz 文件: D:\Downloads\流氓1號.rar/流氓1號\lfrmewrk.rar/lfrmewrk.exe
已删除: 木马程序 Trojan-Clicker.Win32.Small.ld 文件: D:\Downloads\流氓1號.rar/流氓1號\test.rar/test.exe
已删除: 木马程序 Trojan-Downloader.Win32.Agent.bdn 文件: D:\Downloads\流氓1號.rar/流氓1號\Updaterun.rar/Updaterun.exe

[病毒样本] 继续流氓 by AVPClub

本帖子中包含更多资源

本帖子中包含更多资源