收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 [凝逸.扫描]30 MD5[3A1D74 E93E20 e93e20 7B88F5 4425 ...
返回列表 发新帖
查看: 1657|回复: 8
收起左侧

[病毒样本] [凝逸.扫描]30 MD5[3A1D74 E93E20 e93e20 7B88F5 442507 7b88f5 442507 2CC51A

[复制链接]
qqq000@qq.com
头像被屏蔽
发表于 2007-6-18 15:54:48 | 显示全部楼层 |阅读模式
[凝逸.扫描记录]
MD5[3A1D74 E93E20 e93e20 7B88F5 442507 7b88f5 442507 2CC51A 87E2F3 C9A4BA E8B16D 1DC12F 94BE96 E4BC92 12AA2D 0A478E 88BEBF 9AA2EC A9D63B 2cc51a 87e2f3 c9a4ba e8b16d 1dc12f 94be96 e4bc92 12aa2d 0a478e 88bebf 9aa2ec ]
f:\未知\1\3A1D74_skypeclient.exe,木马
f:\未知\1\E93E20_skypeclient_unpacked.exe,木马
f:\未知\1\e93e20_skypeclient_unpacked.exe,木马
f:\未知\1\ccc\7B88F5_lgbpd.exe,木马
f:\未知\1\ccc\442507_stdrun1.exe,木马
f:\未知\1\ccc\7b88f5_lgbpd.exe,木马
f:\未知\1\ccc\442507_stdrun1.exe,木马
f:\未知\1\sssss件\2CC51A_windds32.dll,木马
f:\未知\1\sssss件\87E2F3_mosou.dll,木马
f:\未知\1\sssss件\C9A4BA_nwizqjsj.dll,木马
f:\未知\1\sssss件\E8B16D_nwiztlbb.dll,木马
f:\未知\1\sssss件\1DC12F_winform.dll,木马
f:\未知\1\sssss件\94BE96_ztinetzt.dll,木马
f:\未知\1\sssss件\E4BC92_msdebug.dll,木马
f:\未知\1\sssss件\12AA2D_wanpacket.dll,木马
f:\未知\1\sssss件\0A478E_wpcap.dll,木马
f:\未知\1\sssss件\88BEBF_netsrvcs.dll,木马
f:\未知\1\sssss件\9AA2EC_nwizwmgjs.dll,木马
f:\未知\1\sssss件\A9D63B_nwizzhuxians.dll,木马
f:\未知\1\sssss件\2cc51a_windds32.dll,木马
f:\未知\1\sssss件\87e2f3_mosou.dll,木马
f:\未知\1\sssss件\c9a4ba_nwizqjsj.dll,木马
f:\未知\1\sssss件\e8b16d_nwiztlbb.dll,木马
f:\未知\1\sssss件\1dc12f_winform.dll,木马
f:\未知\1\sssss件\94be96_ztinetzt.dll,木马
f:\未知\1\sssss件\e4bc92_msdebug.dll,木马
f:\未知\1\sssss件\12aa2d_wanpacket.dll,木马
f:\未知\1\sssss件\0a478e_wpcap.dll,木马
f:\未知\1\sssss件\88bebf_netsrvcs.dll,木马
f:\未知\1\sssss件\9aa2ec_nwizwmgjs.dll,木马
感染:30/文件:30
扫描完成|文件:30|耗时:2002

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

wangjay1980
发表于 2007-6-18 15:58:48 | 显示全部楼层
deleted: Trojan program Trojan-Downloader.Win32.VB.awj        File: C:\Documents and Settings\Owner\×ÀÃæ\1\ccc\442507_stdrun1.exe//data0005
deleted: Trojan program Trojan-Proxy.Win32.Small.du        File: C:\Documents and Settings\Owner\×ÀÃæ\1\sssss¼þ\2CC51A_windds32.dll//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.sl        File: C:\Documents and Settings\Owner\×ÀÃæ\1\sssss¼þ\87E2F3_mosou.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.xg        File: C:\Documents and Settings\Owner\×ÀÃæ\1\sssss¼þ\E8B16D_nwiztlbb.dll
deleted: Trojan program Trojan-Downloader.Win32.Obfuscated.n        File: C:\Documents and Settings\Owner\×ÀÃæ\1\sssss¼þ\E4BC92_msdebug.dll
deleted: Trojan program Trojan-Proxy.Win32.Small.du        File: C:\Documents and Settings\Owner\×ÀÃæ\1\sssss¼þ\88BEBF_netsrvcs.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.up        File: C:\Documents and Settings\Owner\×ÀÃæ\1\sssss¼þ\9AA2EC_nwizwmgjs.dll
回复

举报

wangjay1980
发表于 2007-6-18 15:59:05 | 显示全部楼层
其余上报
回复

举报

mofunzone
发表于 2007-6-18 16:10:37 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\1'
C:\Documents and Settings\Administrator\My Documents\1\
  3A1D74_skypeclient.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
  E93E20_skypeclient_unpacked.exe
C:\Documents and Settings\Administrator\My Documents\1\ccc\
  442507_stdrun1.exe
      [DETECTION] Contains signature of the dropper DR/Dldr.VB.awj.5
      [WARNING]   The file was ignored!
  7B88F5_lgbpd.exe
C:\Documents and Settings\Administrator\My Documents\1\sssss件\
  0A478E_wpcap.dll
  12AA2D_wanpacket.dll
  1DC12F_winform.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
  2CC51A_windds32.dll
      [DETECTION] Is the Trojan horse TR/PSW.Onlinegames.AYD.51
      [WARNING]   The file was ignored!
  87E2F3_mosou.dll
  88BEBF_netsrvcs.dll
      [DETECTION] Is the Trojan horse TR/Agent.22016.B
      [WARNING]   The file was ignored!
  94BE96_ztinetzt.dll
  9AA2EC_nwizwmgjs.dll
      [DETECTION] Is the Trojan horse TR/Agent.10752.49
      [WARNING]   The file was ignored!
  A9D63B_nwizzhuxians.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
  C9A4BA_nwizqjsj.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
  E4BC92_msdebug.dll
      [DETECTION] Is the Trojan horse TR/Agent.22016.B
      [WARNING]   The file was ignored!
  E8B16D_nwiztlbb.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
回复

举报

hj5abc
发表于 2007-6-18 17:33:48 | 显示全部楼层
EXE部分..
F:\Samples\1[1]\1\ccc\442507_stdrun1.exe ?NSIS ?o05PrEz1083.exe - a variant of Win32/TrojanDownloader.VB.AW trojan - was a part of the deleted object

DLL部分..
Scanned disks, folders and files: F:\Samples\1[1]\1\sssss件\
F:\Samples\1[1]\1\sssss件\2CC51A_windds32.dll - a variant of Win32/Agent.NIK trojan
F:\Samples\1[1]\1\sssss件\88BEBF_netsrvcs.dll - a variant of Win32/Agent.NIK trojan
F:\Samples\1[1]\1\sssss件\E4BC92_msdebug.dll - a variant of Win32/Agent.NIK trojan
回复

举报

傻猪猪米走鸡
发表于 2007-6-18 17:50:54 | 显示全部楼层
nod报3!
回复

举报

taihuxian
发表于 2007-6-18 17:54:33 | 显示全部楼层
Virus: Trojan-Downloader.Win32.VB.awj

Virus found while downloading Web content.

Address: bbs.kafan.cn

Virus: Trojan-Proxy.Win32.Small.du (2x), Trojan-PSW.Win32.OnLineGames.sl, Trojan-PSW.Win32.OnLineGames.xg, Trojan-Downloader.Win32.Obfuscated.n, Trojan-PSW.Win32.OnLineGames.up

Virus found while downloading Web content.

Address: bbs.kafan.cn
回复

举报

promised
发表于 2007-6-18 18:10:42 | 显示全部楼层
*:
C:\
...AA2D_wanpacket.dll : is suspected of Trojan-PSW.Game.30 (paranoid heuristics)
C:\ABC\1[1]\1\...\1DC12F_winform.dll : infected MalwareScope.Trojan-PSW.Game.12
C:\ABC\1[1]\1\sssss件\87E2F3_mosou.dll : is suspected of Downloader.Small.160
C:\ABC\1[1]\1\sssss件\88BEBF_netsrvcs.dll : infected Trojan-Proxy.Win32.Small.du
C:\ABC\1[1]\1\sssss件\94BE96_ztinetzt.dll : is suspected of Downloader.Small.160
C:\ABC\1[1]\1\...\9AA2EC_nwizwmgjs.dll : is suspected of Downloader.Small.160
C:\ABC\1[1]\1\...\A9D63B_nwizzhuxians.dll : is suspected of Downloader.Small.160
C:\ABC\1[1]\1\sssss件\C9A4BA_nwizqjsj.dll : is suspected of Downloader.Small.160
C:\ABC\1[1]\1\sssss件\E8B16D_nwiztlbb.dll : is suspected of Downloader.Small.160
Program execution terminated by user


Directories       : 7       Files in archives:      Files on disks:
Archives:                   - total       : 0       - total       : 35
- scanned         : 0       -  scanned    : 0       - scanned     : 35
- contain viruses : 0       -  infected   : 0       - infected    : 2
- deleted         : 0       -  suspicious : 0       - suspicious  : 7

Startup    : 18:14:22 18-06-2007
End        : 18:14:27 18-06-2007
Total time : 00:00:05
终止批处理操作吗(Y/N)?
回复

举报

idiedd
发表于 2007-6-20 19:09:39 | 显示全部楼层
这么多PART,有何用? CRAP!
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-10 12:30 , Processed in 0.128933 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表