[md5:59e0c9]p2p19061.exe

mofunzone

File:           p2p19061.exe
Status:        
INFECTED/MALWARE
MD5:         59e0c987ffe0d7555f505e509d44af02
Packers detected:        
-
Bit9 reports:         File not found
Scanner results
Scan taken on 20 Jun 2007 23:30:47 (GMT)
A-Squared        
Found nothing
AntiVir        
Found HEUR/Malware
ArcaVir        
Found nothing
Avast        
Found nothing
AVG Antivirus        
Found nothing
BitDefender        
Found Trojan.Downloader.Share.A
ClamAV        
Found nothing
Dr.Web        
Found DLOADER.Trojan (probable variant)
F-Prot Antivirus        
Found nothing
F-Secure Anti-Virus        
Found nothing
Fortinet        
Found nothing
Kaspersky Anti-Virus        
Found nothing
NOD32        
Found nothing
Norman Virus Control        
Found Sandbox: W32/Downloader; [ General information ]

* File length: 36864 bytes.

[ Changes to filesystem ]
* Creates file C:\PROGRA~1\unrar.exe.
* Creates file C:\PROGRA~1\client.rar.

[ Changes to registry ]
* Creates key "HKCU\Software\Microsoft\Control".

[ Network services ]
* Downloads file from http://83.149.105.227/installs/unrar.exe as C:\PROGRA~1\unrar.exe.
* Connects to "83.149.105.227" on port 80 (TCP).
* Opens URL: 83.149.105.227/installs/unrar.exe.
* Downloads file from http://83.149.105.227/installs/client.rar as C:\PROGRA~1\client.rar.
* Opens URL: 83.149.105.227/installs/client.rar.

[ Security issues ]
* Starting downloaded file - potential security problem.
Panda Antivirus        
Found nothing
Rising Antivirus        
Found nothing
VirusBuster        
Found nothing
VBA32        
Found nothing

红心王子

又是这一套
扫描不报
监控报

红心王子

链接木马下载的地址 BD和蜘蛛报的都比较准 Trojan.Downloader.Share.A

a256886572008

運行p2p19061.exe，發現下列行為，被EQ-Secure RC2攔截！
-----------------
2007-06-21 08:04:07    运行应用程序      操作:允许
进程路径:C:\windows\Explorer.EXE
文件路径:D:\桌面\virus\p2p19061\p2p19061.exe
规则:应用程序规则->系統程序->%windir%\Explorer.EXE


2007-06-21 08:04:32    删除注册表      操作:阻止
进程路径:C:\windows\system32\svchost.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
注册表名称:StillImageMonitor
规则:所有程序规则->系统自动运行->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*

-----------------------------
1.他會 删除注册表
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   StillImageMonitor
2.運行時，被Comodo 攔截！

wangjay1980

detected: virus Downloader (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\p2p19061.rar/p2p19061.exe

wangjay1980

p2p19061.exe_ - P2P-Worm.Win32.Agent.af

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

1688388728

病毒: P2P-Worm.Win32.Agent.af
文件: p2p19061[1].rar
目录: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZM0SZ5EQ
进程: GreenBrowser.exe

dericyeoh

已删除: 病毒 P2P-Worm.Win32.Agent.af        文件: C:\Documents and Settings\Deric Yeoh\桌面\p2p19061.rar/p2p19061.exe

taihuxian

Kaspersky Internet Security 7.0

The requested URL http://bbs.kafan.cn/attachment.php?aid=90420 is infected with P2P-Worm.Win32.Agent.af virus