比较可疑求鉴定

显示全部楼层 · 发表于 2011-1-3 00:52:59

VirSCAN.org Scanned Report :
Scanned time : 2011/01/03 00:47:11 (CST)
Scanner results: 6%的杀软(2/36)报告发现病毒
File Name    : logon_1.2.3710.22936.exe
File Size    : 284847 byte
File Type    : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5          : 52319c2cf83731c84b53138c8ea0a8c3
SHA1          : e1714ce34896271fc61d41ab9700d45a41b00fdd
Online report  : http://virscan.org/report/97a2545b30c4e29bd0374f333b663d41.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    5.1.0.2       20110101143450 2011-01-01  0.08 -
安博士V3    2011.01.02.00 2011.01.02       2011-01-02  0.08 -
AntiVir       8.2.4.134    7.11.0.248       2010-12-31  0.33 -
安天          2.0.18       20101228.6954489  2010-12-28  0.02 -
Arcavir       2010          201101022214    2011-01-02  0.16 -
Authentium    5.1.1          201101011825    2011-01-01  1.71 -
AVAST!       4.7.4          110102-0       2011-01-02  0.08 -
AVG          8.5.850       271.1.1/3354    2011-01-02  0.62 -
BitDefender 7.90123.6579581 7.35508          2011-01-03  6.24 -
ClamAV       0.96.5       12467          2011-01-02  0.47 -
Comodo       4.0          7267             2011-01-02  0.08 -
CP Secure    1.3.0.5       2011.01.02       2011-01-02  0.13 Troj.Downloader.W32.Aphex.020
Dr.Web       5.0.2.3300    2011.01.03       2011-01-03  10.79  -
F-Prot       4.4.4.56       20110101       2011-01-01  1.86 -
F-Secure    7.02.73807    2011.01.02.02    2011-01-02  0.30 -
飞塔          4.2.254       12.743          2011-01-01  0.08 -
GData       21.1455/21.581  20110102       2011-01-02  0.09 -
ViRobot       20101231       2010.12.31       2010-12-31  0.08 -
Ikarus       T3.1.32.15.0 2011.01.02.77461  2011-01-02  5.71 -
江民杀毒    13.0.900       2011.01.02       2011-01-02  0.90 -
卡巴斯基    5.5.10       2011.01.02       2011-01-02  0.63 -
金山毒霸    2009.2.5.15    2011.1.2.12    2011-01-02  0.12 -
迈克菲       5400.1158    6212             2010-12-30  2.53 -
Microsoft    1.6402       2011.01.01       2011-01-01  0.08 -
Norman       6.06.11       6.06.00          2010-12-07  8.02 -
熊猫卫士    9.05.01       2011.01.02       2011-01-02  0.08 -
趋势科技    9.200-1012    7.742.05       2011-01-02  0.18 -
Quick Heal    11.00          2011.01.02       2011-01-02  0.16 -
瑞星          20.0          22.80.04.04    2010-12-31  0.13 -
Sophos       3.14.1       4.60             2011-01-02  3.40 -
Sunbelt       3.9.2464.2    7919             2011-01-01  0.08 -
赛门铁克    1.3.0.24       20110101.005    2011-01-01  0.08 -
nProtect    20110101.01    9513887          2011-01-01  0.08 -
The Hacker    6.7.0.1       v00109          2010-12-30  0.11 -
VBA32       3.12.14.2    20101230.1227    2010-12-30  4.69 Trojan.Win32.Refroso.bcoh
VirusBuster 4.5.11.10    10.130.59/1996632 2011-01-02  3.44 -

显示全部楼层 · 发表于 2011-1-3 08:27:43

修改一项注册表，其它没发现可疑了
先上报红伞，让红伞鉴定一下，等到确定是病毒了，再上报eset

http://camas.comodo.com/cgi-bin/ ... 5412aed4c548f82308c

显示全部楼层 · 发表于 2011-1-3 09:44:14

大蜘蛛clean，加了壳，改变了存档格式：
logon_1.2.3710.22936.exe/logon_1.2.3710.22936.exe.pak\logon_1.2.3710.22936.exe packed by ZLIB
>logon_1.2.3710.22936.exe/logon_1.2.3710.22936.exe.pak\logon_1.2.3710.22936.exe - archive BINARYRES
暂时不上报了

显示全部楼层 · 发表于 2011-1-3 10:00:56

修改http,ftp等一系列相关协议,试图改变默认启动程序,木马无疑[:26:]

显示全部楼层 · 发表于 2011-1-3 10:20:10

我来 to eset

显示全部楼层 · 发表于 2011-1-3 12:07:09

显示全部楼层 · 发表于 2011-1-3 18:00:52

2011-01-03 17:59:22 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\logon_1[1].2.3710.22936\logon_1.2.3710.22936.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cache

2011-01-03 17:59:22 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\logon_1[1].2.3710.22936\logon_1.2.3710.22936.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cookies

2011-01-03 17:59:23 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\logon_1[1].2.3710.22936\logon_1.2.3710.22936.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; History

2011-01-03 17:59:24 创建新进程阻止
进程: c:\documents and settings\administrator\桌面\logon_1[1].2.3710.22936\logon_1.2.3710.22936.exe
目标: c:\program files\internet explorer\iexplore.exe
命令行: "C:\Program Files\Internet Explorer\iexplore.exe" http://www.yklxj.info
规则: [应用程序组]所有程序规则-系统程序执行规则 -> [应用程序]* -> [子应用程序]c:\program files\internet explorer\iexplore.exe

显示全部楼层 · 发表于 2011-1-3 19:17:52

AVG MISS

显示全部楼层 · 发表于 2011-1-3 20:37:41

金山沙箱里跑了一转~

显示全部楼层 · 发表于 2011-1-3 21:41:34

VirSCAN.org Scanned Report :
Scanned time : 2011/01/03 21:37:32 (CST)
Scanner results: 6%的杀软(2/36)报告发现病毒
File Name    : logon_1[1].2.3710.22936.rar
File Size    : 244413 byte
File Type    : RAR archive data, v1d, os
MD5          : 645f7c18de1d78fb784c8f2f62b509a9
SHA1          : 0aa9360ec10f998648fb79cfd065b1a23e3276f2
Online report  : http://virscan.org/report/afa9e497d5402a200d3d4a036b5d34d6.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    5.1.0.2       00050000000000 0005-00-00  13.82  -
安博士V3    2011.01.02.01 2011.01.02       2011-01-02  1.91 -
AntiVir       8.2.4.134    7.11.0.248       2010-12-31  0.31 -
安天          2.0.18       20101228.6954489  2010-12-28  0.12 -
Arcavir       2010          201101031233    2011-01-03  0.18 -
Authentium    5.1.1          201101021951    2011-01-02  1.80 -
AVAST!       4.7.4          110103-0       2011-01-03  0.14 -
AVG          8.5.850       271.1.1/3355    2011-01-03  0.60 -
BitDefender 7.90123.6584761 7.35525          2011-01-03  6.32 -
ClamAV       0.96.5       12469          2011-01-03  0.42 -
Comodo       4.0          7276             2011-01-02  1.20 -
CP Secure    1.3.0.5       2011.01.03       2011-01-03  0.13 Troj.Downloader.W32.Aphex.020
Dr.Web       5.0.2.3300    2011.01.03       2011-01-03  10.44  -
F-Prot       4.4.4.56       20110102       2011-01-02  1.72 -
F-Secure    7.02.73807    2011.01.03.02    2011-01-03  0.29 -
飞塔          4.2.254       12.746          2011-01-02  0.32 -
GData       21.1463/21.584  20110103       2011-01-03  8.87 -
ViRobot       20110103       2011.01.03       2011-01-03  0.45 -
Ikarus       T3.1.32.15.0 2011.01.03.77464  2011-01-03  5.31 -
江民杀毒    13.0.900       2011.01.03       2011-01-03  3.08 -
卡巴斯基    5.5.10       2011.01.03       2011-01-03  0.18 -
金山毒霸    2009.2.5.15    2011.1.3.14    2011-01-03  3.68 -
迈克菲       5400.1158    6214             2011-01-02  21.28  -
Microsoft    1.6402       2011.01.02       2011-01-02  3.74 -
Norman       6.06.11       6.06.00          2010-12-07  10.03  -
熊猫卫士    9.05.01       2011.01.02       2011-01-02  2.16 -
趋势科技    9.200-1012    7.744.08       2011-01-03  0.07 -
Quick Heal    11.00          2011.01.03       2011-01-03  0.97 -
瑞星          20.0          22.80.04.04    2010-12-31  3.01 -
Sophos       3.14.1       4.60             2011-01-03  3.20 -
Sunbelt       3.9.2464.2    7930             2011-01-02  1.95 -
赛门铁克    1.3.0.24       20110102.003    2011-01-02  0.12 -
nProtect    20110102.01    9523232          2011-01-02  13.49  -
The Hacker    6.7.0.1       v00109          2011-01-02  0.46 -
VBA32       3.12.14.2    20101230.1227    2010-12-30  3.40 Trojan.Win32.Refroso.bcoh
VirusBuster 4.5.11.10    10.130.60/2004466 2011-01-03  3.02 -

[可疑文件] 比较可疑求鉴定

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块

[可疑文件] 比较可疑 求鉴定

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块

[可疑文件] 比较可疑求鉴定