今天的样本5/25，持续更新中....

显示全部楼层 · 发表于 2007-5-25 17:03:31

不说啥了
大家都熟悉了。

显示全部楼层 · 发表于 2007-5-25 17:12:38

对于这种几小时自我更新的毒，杀毒软件的路在何方？

启发？主动防御？

显示全部楼层 · 发表于 2007-5-25 17:19:55

Begin scan in 'D:\病毒木马样本\virus2.zip'
D:\病毒木马样本\virus2.zip
  [0] Archive type: ZIP
  --> conime.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> copypfh.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> csrss.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> ctfmon.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> IEXPLORE.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> mmc.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> smss.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> spglsdr.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> srogm.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> stpgldk.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> svchost(1).exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> svchost32.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\病毒木马样本\svchost1.zip'
D:\病毒木马样本\svchost1.zip
  [0] Archive type: ZIP
  --> svchost.exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
   [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-5-25 17:20:54

lz这种病毒你从哪捉到的？

显示全部楼层 · 发表于 2007-5-25 17:21:48

Start of the scan: 2007年5月25日  17:22

Starting the file scan:

Begin scan in 'D:\病毒样本\svchost.zip'
D:\病毒样本\svchost.zip
  [0] Archive type: ZIP
  --> svchost.exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
   [INFO]    The file was moved to '46b9ab68.qua'!

End of the scan: 2007年5月25日  17:22
Used time: 00:02 min

The scan has been done completely.

   0 Scanning directories
   2 Files were scanned
   1 viruses and/or unwanted programs were found
   0 classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Start of the scan: 2007年5月25日  17:23

Starting the file scan:

Begin scan in 'D:\病毒样本\virus.zip'
D:\病毒样本\virus.zip
  [0] Archive type: ZIP
  --> conime.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> copypfh.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> csrss.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> ctfmon.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> IEXPLORE.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> mmc.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> smss.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> spglsdr.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> srogm.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> stpgldk.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> svchost(1).exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> svchost32.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was moved to '46c8ab66.qua'!

End of the scan: 2007年5月25日  17:23
Used time: 00:02 min

The scan has been done completely.

   0 Scanning directories
   13 Files were scanned
   12 viruses and/or unwanted programs were found
   0 classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-5-25 17:22:20

File:	svchost1.zip
Status:	INFECTED/MALWARE
MD5	e62d916d8a5e789724b08c82b680631d
Packers detected:	Analyzing...

Scanner results
Scan taken on 25 May 2007 09:18:11 (GMT)
A-Squared	Found nothing
AntiVir	Found DR/Delphi.Gen
ArcaVir	Found nothing
Avast	Found nothing
AVG Antivirus	Found nothing
BitDefender	Found nothing
ClamAV	Found nothing
Dr.Web	Found DLOADER.Trojan (probable variant)
F-Prot Antivirus	Found nothing
F-Secure Anti-Virus	Found nothing
Fortinet	Found nothing
Kaspersky Anti-Virus	Found nothing
NOD32	Found probably a variant of Win32/PSW.Delf.NHI (probable variant)
Norman Virus Control	Found nothing
Panda Antivirus	Found nothing
Rising Antivirus	Found nothing
VirusBuster	Found nothing
VBA32	Found Trojan-PSW.Lmir.83 (paranoid heuristics) (probable variant)

File:	virus2.zip
Status:	INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5	45d42d8405949fa781ca05756790f2bf
Packers detected:	Analyzing...

Scanner results
Scan taken on 25 May 2007 09:23:49 (GMT)
A-Squared	Found nothing
AntiVir	Found TR/Crypt.NSPM.Gen
ArcaVir	Found nothing
Avast	Found nothing
AVG Antivirus	Found nothing
BitDefender	Found nothing
ClamAV	Found nothing
Dr.Web	Found nothing
F-Prot Antivirus	Found Possibly a new variant of W32/PWStealer1!Generic
F-Secure Anti-Virus	Found nothing
Fortinet	Found nothing
Kaspersky Anti-Virus	Found nothing
NOD32	Found nothing
Norman Virus Control	Found W32/Viking.gen5
Panda Antivirus	Found nothing
Rising Antivirus	Found nothing
VirusBuster	Found Packed/NSPM
VBA32	Found MalwareScope.Worm.Viking.3

[ 本帖最后由伯夷叔齐于 2007-5-25 17:26 编辑 ]

显示全部楼层 · 发表于 2007-5-25 17:23:53

风暴胜者V2 测试版本(http://www.v0day.com)
_________您的安全是我们的责任_______________
载入病毒库…进行整理…分配内存…可以使用
蜜罐检测:正常 OK!
===============================================
___________病毒查杀结果__________________

===============================================
2007年5月25日17时26分4秒开始查杀C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\conime.exe 为可疑文件
  未知的可疑率80%的文件(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\copypfh.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\copypfh.exe 操作:阻止运行
  未知的可疑率80%的文件(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\csrss.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\csrss.exe 操作:阻止运行
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\ctfmon.exe 为可疑文件
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\IEXPLORE.EXE 为可疑文件
  未知的可疑率60%的文件(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\mmc.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\mmc.exe 操作:阻止运行
  未知的可疑率60%的文件(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\smss.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\smss.exe 操作:阻止运行
  未知的可疑率80%的文件(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\spglsdr.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\spglsdr.exe 操作:阻止运行
  未知的可疑率60%的文件(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\srogm.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\srogm.exe 操作:阻止运行
  未知的可疑率80%的文件(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\stpgldk.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\stpgldk.exe 操作:阻止运行
  未知的可疑率80%的文件(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\svchost(1).exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\svchost(1).exe 操作:阻止运行
  未知的可疑率80%的文件(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\svchost32.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\svchost32.exe 操作:阻止运行
=========================================
_________文件性质分析结果________________
"带壳"仅指文件性质,仅供专业人员分析使用。

C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\svchost.exe 带壳文件:UPX加壳
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\copypfh.exe 带壳文件:UPX加壳
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\csrss.exe 带壳文件:UPX加壳
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\mmc.exe 带壳文件:UPX加壳
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\smss.exe 带壳文件:UPX加壳
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\spglsdr.exe 带壳文件:UPX加壳
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\srogm.exe 带壳文件:UPX加壳
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\stpgldk.exe 带壳文件:UPX加壳
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\svchost(1).exe 带壳文件:UPX加壳
C:\Documents and Settings\root\桌面\virus\新建文件夹 (5)\svchost\svchost32.exe 带壳文件:UPX加壳
-----------------------------------------
2007年5月25日17时26分9秒收起线程…100% 查杀完毕！
扫描文件：13查杀病毒：10

[ 本帖最后由金剑于 2007-5-25 17:26 编辑 ]

显示全部楼层 · 发表于 2007-5-25 17:24:15

扫描开始时间: 2007-05-25 17:25:07
扫描日志
NOD32 版本 2291 (20070525) NT
命令行: D:\病毒样本\svchost.zip
C:\Program Files\Eset\nod32.exe<病毒 - 正常>
系统内存<病毒 - >
物理磁盘 1 的 MBR 扇区，<病毒 - 正常>
物理磁盘 1 的活动引导扇区，<病毒 - 正常>

日期: 2007年5月25日时间: 17:25:17
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: D:\病毒样本\svchost.zip
D:\病毒样本\svchost.zip ?ZIP ?svchost.exe<病毒 - 可能是 Win32/PSW.Delf.NHI 木马变种>
已扫描文件数量: 1
已发现病毒数量: 1
完成时间: 17:25:17 总共扫描时间: 0 秒 (00:00:00)

virus.zip NOD飘过

显示全部楼层 · 发表于 2007-5-25 17:26:45

不要吓唬人了，防网马还不简单？只要用非IE内核浏览器或SandboxIE，保证你怎么裸奔都不出事

* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Friday, May 25, 2007
* VPS: 000743-4, 24/05/2007
*
C:\Documents and Settings\Virtual Machine\Desktop\virus\conime.exe\[Embedded#2061]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\copypfh.exe\[Embedded#1fee]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\csrss.exe\[Embedded#20b9]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\ctfmon.exe\[Embedded#1f3b]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\IEXPLORE.EXE\[Embedded#20a2]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\mmc.exe\[Embedded#2092]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\smss.exe\[Embedded#1fd8]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\spglsdr.exe\[Embedded#2035]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\srogm.exe\[Embedded#1fb8]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\stpgldk.exe\[Embedded#1eb6]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\svchost(1).exe\[Embedded#1ff6]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
C:\Documents and Settings\Virtual Machine\Desktop\virus\svchost32.exe\[Embedded#1f25]\[UPX] [L] Win32:Agent-EWQ [Trj] (0)
Infected files: 12
Total files: 36
Total folders: 1
Total size: 944.4 KB
*
* Task stopped: Friday, May 25
* Run-time was 4 second(s)

显示全部楼层 · 发表于 2007-5-25 17:33:27

杀毒软件不仅要为“高手”玩毒使用，还要为只会上上网的普通人服务

[病毒样本] 今天的样本5/25，持续更新中....

本帖子中包含更多资源

本帖子中包含更多资源