一个[B35C20]

观弈书童

20509.exe - 可能是 Win32/TrojanDropper.Agent.AKO 木马 的一个变种

taihuxian

Virus: Trojan.Win32.Qhost.it

Virus found while downloading Web content.

Address: bbs.kafan.cn

micetai

[0] Archive type: RAR
  --> 20509.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!

dikex

原帖由 dikex 于 2007-6-6 19:16 发表
分析了一下，壮观的同时连接多个邮件服务器的25端口，貌似是用于进行DDoS的病毒[:26:]

详细可以看这里http://hi.baidu.com/dikex/blog/item/9ac7c83650eb9b300a55a907.html

汗……
搞错了，这个是用于发送垃圾邮件的

弄封垃圾邮件上来给各位看看：


Message-ID: <52407992961546.B8980EA3E9@L74C5>
From: "Beulah Gardner" <jxxagjewmn@rricorp.com>
To: <slundh@ii104.net>
Subject: As fast as 30 minutes.
Date: Wed, 6 Jun 2007 21:12:36 +0800
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: nymul81JNd0yguS3u9sOdmOuNy8peTLOoQvG
Content-Type: text/html;
         charset="Windows-1251"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-885=
9-1">
<META content=3D"MSHTML 6.00.2900.2912" name=3D"GENERATOR">
</HEAD>
<BODY text=3D#000000 bgColor=3D#ffffff>
<p align=3D"center">If you have a problem getting or keeping an=20
erection, your sex life can suffer. <br />You should know that=20
you=92re not alone. In fact, more than half of all men over 40 <br/>hav=
e difficulties getting or maintaining an erection. This issue, also cal=
led <br />erectile dysfunction, occurs with younger men as=20
well!</p>
<p align=3D"center">You should know there is something you can do about==20
it. <br />Join the millions of men who have already <strong>improved=20=
their sex lives</strong>!</p>
<p align=3D"center"><a href=3D"http://MDY5YmVlODA5MDk5ZTEyZDVlMmE5MWQz.=
feshresort.com"><font size=3D"4"><strong>http://MjkxNzkzYTRlN2E5YzNlYzE=
2NTIxZGY2.fes

wangjay1980

好晕啊

woai_jolin

变种！！！

2007/6/6 23:48:40        Scanning Log
2007/6/6 23:48:40        Version of virus signature database: 2313 (20070606)
2007/6/6 23:48:40        Date: 6.6.2007  Time: 23:48:40
2007/6/6 23:48:40        Scanned disks, folders and files: E:\病毒测试\
2007/6/6 23:48:40        E:\病毒测试\20509.rar - probably a variant of Win32/TrojanDropper.Agent.AKO trojan - deleted - quarantined
2007/6/6 23:48:40        E:\病毒测试\20509.rar &raquo; RAR &raquo; 20509.exe - probably a variant of Win32/TrojanDropper.Agent.AKO trojan
2007/6/6 23:48:40        Number of scanned files: 2
2007/6/6 23:48:40        Number of threats found: 1
2007/6/6 23:48:40        Time of completion: 23:48:40  Total scanning time: 0 sec (00:00:00)

蓝色牛仔裤

[Scan path] C:\Documents and Settings\Administrator\桌面\20509.rar
>C:\Documents and Settings\Administrator\桌面\20509.rar\20509.exe infected with Trojan.Qhost.45065
C:\Documents and Settings\Administrator\桌面\20509.rar - archive contains infected objects

鼻耳盖子

:\WINNT\SYSTEM32\OJBX.DLL I:\TEST\070606\19\20509\20509.EXE


HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\ DCOM SERVER 20509  {2C1CD3D7-86AC-4068-93BC-A02304B20509} C:\WINNT\SYSTEM32\OJBX.DLL

tracydk