最完美的磁碟机病毒样本--值得收藏和研究！（不断更新，添加感染文件exe、htm）(页 1) - 病毒样本区 - 卡饭论坛 _杀毒软件_防火墙_HIPS_反病毒_计算机安全

youba 发表于 2008-7-22 11:02

最完美的磁碟机病毒样本--值得收藏和研究！（不断更新，添加感染文件exe、htm）

磁碟机（Worm.Win32.DiskGen）V93696增强完整版

这是本人精心提取磁碟机病毒所放出的全部病毒！

由于压缩包比较大，无法直接上传，分卷压缩会影响压缩包的质量，所以我将样本上传到网盘上了，大家请到[url=http://www.eeload.com/chinese/view/o/23b3.html]http://www.eeload.com/chinese/view/o/23b3.html[/url]下载样本。

[color=red]更新日志详见43楼！！[/color]
[color=#ff0000][/color]
[color=black]下图是中了磁碟机之后病毒下载的恶意软件列表（本人在中毒后30分钟后利用毒霸网页查毒方式最终检测的结果）[/color]

[attach]356955[/attach]

[attach]356956[/attach]

[attach]356957[/attach]

[attach]356958[/attach]

[attach]356959[/attach]

[size=4][b]另外附赠最新版的磁碟机病毒安装程序下载地址[/b][/size][url=http://w.c0mo.com/setup.exe][size=4][b]http://w.c0mo.com/setup.exe[/b][/size][/url][size=4][b]再说一遍：[color=red]安全第一！测试第二！[/color][color=red]严禁[/color]菜鸟下载使用，[color=red]严禁[/color]在正常系统上运行！[color=red]特别严禁[/color]利用本资源进行恶意传播行为，一旦发现，本人将彻底[color=red]停止[/color]对本软件的更新！并且会立即[color=red]删除[/color]本资源！测试研究时一定要[color=red]高度谨慎[/color]，没有十足把握的[color=red]不允许[/color]下载！一旦运行和传播开来所造成的一切后果和损失本人[color=red]不承担[/color]任何责任！所以希望大家能够正确的应用该样本。最后祝大家学习愉快~我的QQ：527892415[/b][/size]

[[i] 本帖最后由 youba 于 2008-9-24 14:36 编辑 [/i]]

ballakay 发表于 2008-7-22 11:06

Scanning Report
22 July 2008 11:05:53 - 11:05:55
Computer name: BALLAKAY-PC
Scanning type: Scan target
Target: C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾

--------------------------------------------------------------------------------

Result: 16 malware found
Virus.Win32.Xorer.dr (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\setup.exe Action: quarantined
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\lsass.exe Action: quarantined
Virus.Win32.Xorer.eu (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\037589.log Action: quarantined
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\446751.log Action: quarantined
Worm.Win32.AutoRun.dck (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\AUTORUN.0NF Action: quarantined
Virus.Win32.Xorer.dv (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\NetApi000.sys Action: quarantined
Virus.Win32.Xorer.ed (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\pagefile.exe Action: quarantined
Virus.Win32.Xorer.er (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\pagefile.pif Action: quarantined
Virus.Win32.Xorer.eo (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\Temp\Setup.exe Action: quarantined
Virus.Win32.Xorer.dp (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\dnsq.dll Action: quarantined
Backdoor.Win32.VB.ags (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Lcass.exe Action: quarantined
Trojan-Downloader.Win32.Agent.hjg (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\alg.exe Action: quarantined
Trojan-PSW.Win32.OnLineGames.mix (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\AntiTool.exe Action: quarantined
Virus.Win32.Xorer.dd (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\netcfg.000 Action: quarantined
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\netcfg.dll Action: quarantined
Virus.Win32.Xorer.dq (virus)
C:\Users\Administrator\Desktop\ÍêÃÀ´Åµú»ú²¡¶¾Ñù±¾\±¾µØ´ÅÅÌ(C£º)\system32\Com\smss.exe Action: quarantined

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 16
Not scanned: 0
Result:
Viruses: 16
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Quarantined: 16
Failed: 0
Boot Sectors:
Scanned: 0
Infected: 0
Suspicious items: 0
Disinfected: 0

--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2008-07-21_06
Spyware: 2008-07-21_06
Scanning Engines:
F-Secure AVP: 7.00.171, 2008-07-21
F-Secure Libra: 2.04.05, 2008-07-16
F-Secure Orion: 1.02.41, 2008-07-21
F-Secure Draco: 1.01.00, 2008-07-08
Scanning options:
Scan all files
Scan inside archives
Actions:
Viruses: Quarantine and delete
Spyware: Quarantine and delete
一个不落!全死光光![:01:]

电影结束了 发表于 2008-7-22 11:14

[:08:]
估计全可以干掉

yzx714 发表于 2008-7-22 11:16

红伞扫描17个，杀17个[:14:] [:14:]

yuanliu 发表于 2008-7-22 11:38

2008-7-22 11:35:09 [url]http://bbs.kafan.cn/attachment.php?aid=314217&k=9025ae1a7f6ae5ac6deafd9cbd02d6c6&t=1216697618//setup.exe/Setup.exe//PE_Patch.UPX//UPX[/url] Thunder 已检测到: Virus.Win32.Xorer.dr
2008-7-22 11:35:09 [url]http://bbs.kafan.cn/attachment.php?aid=314217&k=9025ae1a7f6ae5ac6deafd9cbd02d6c6&t=1216697618//setup.exe/Setup.exe//PE_Patch.UPX//UPX[/url] Thunder 拒绝: Virus.Win32.Xorer.dr
2008-7-22 11:35:13 [url]http://bbs.kafan.cn/attachment.php?aid=314217&k=9025ae1a7f6ae5ac6deafd9cbd02d6c6&t=1216697618//setup.exe/Setup.exe//PE_Patch.UPX//UPX[/url] Thunder 已检测到: Virus.Win32.Xorer.dr
2008-7-22 11:35:13 [url]http://bbs.kafan.cn/attachment.php?aid=314217&k=9025ae1a7f6ae5ac6deafd9cbd02d6c6&t=1216697618//setup.exe/Setup.exe//PE_Patch.UPX//UPX[/url] Thunder 拒绝: Virus.Win32.Xorer.dr
2008-7-22 11:35:19 [url]http://bbs.kafan.cn/attachment.php?aid=314217&k=9025ae1a7f6ae5ac6deafd9cbd02d6c6&t=1216697618//setup.exe/Setup.exe//PE_Patch.UPX//UPX[/url] Thunder 已检测到: Virus.Win32.Xorer.dr
2008-7-22 11:35:19 [url]http://bbs.kafan.cn/attachment.php?aid=314217&k=9025ae1a7f6ae5ac6deafd9cbd02d6c6&t=1216697618//setup.exe/Setup.exe//PE_Patch.UPX//UPX[/url] Thunder 拒绝: Virus.Win32.Xorer.dr
2008-7-22 11:36:47 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:36:47 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:36:48 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:36:48 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:36:54 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:36:54 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:00 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:00 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:06 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:06 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:12 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:12 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:18 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:18 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:28 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:28 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:37 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:37 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:37:43 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.ed
2008-7-22 11:37:43 [url]http://bbs.kafan.cn/attachment.php?aid=314219&k=2e8f06268fe9815be7971d6cc98bfed1&t=1216697618//[/url]本地磁盘(C：)/pagefile.exe//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.ed
2008-7-22 11:38:02 [url]http://bbs.kafan.cn/attachment.php?aid=314218&k=02ff46a2eda2e0fff02de70c5d401e1b&t=1216697618//[/url]本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.dp
2008-7-22 11:38:02 [url]http://bbs.kafan.cn/attachment.php?aid=314218&k=02ff46a2eda2e0fff02de70c5d401e1b&t=1216697618//[/url]本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.dp
2008-7-22 11:38:02 [url]http://bbs.kafan.cn/attachment.php?aid=314218&k=02ff46a2eda2e0fff02de70c5d401e1b&t=1216697618//[/url]本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.dp
2008-7-22 11:38:02 [url]http://bbs.kafan.cn/attachment.php?aid=314218&k=02ff46a2eda2e0fff02de70c5d401e1b&t=1216697618//[/url]本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.dp
2008-7-22 11:38:04 [url]http://bbs.kafan.cn/attachment.php?aid=314218&k=02ff46a2eda2e0fff02de70c5d401e1b&t=1216697618//[/url]本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 已检测到: Virus.Win32.Xorer.dp
2008-7-22 11:38:04 [url]http://bbs.kafan.cn/attachment.php?aid=314218&k=02ff46a2eda2e0fff02de70c5d401e1b&t=1216697618//[/url]本地磁盘(C：)/system32/dnsq.dll//PE_Patch.UPX//UPX Thunder 拒绝: Virus.Win32.Xorer.dp

欠妳緈諨 发表于 2008-7-22 12:18

avast！清空[:01:]

gho 发表于 2008-7-22 12:20

[quote]原帖由 [i]yzx714[/i] 于 2008-7-22 11:16 发表 [url=http://bbs.kafan.cn/redirect.php?goto=findpost&pid=4199000&ptid=290155][img]http://bbs.kafan.cn/images/common/back.gif[/img][/url]
红伞扫描17个，杀17个[:14:] [:14:] [/quote]
我用的红伞

BING126 发表于 2008-7-22 21:19

McAfee报了16个。。。[:14:]

youba 发表于 2008-8-12 08:24

再次更新：加入下载的病毒程序[url=http://js.k0102.com/data.gif][color=#0000ff]hxxp://js.k0102.com/data.gif[/color][/url],data.gif文件被下载到WINDOWS临时文件夹,也就是WINDOWS\Temp目录下

Exia 发表于 2008-8-12 08:30

18

Starting the file scan:

Begin scan in 'E:\本地磁盘(C：)'
E:\本地磁盘(C：)\AUTORUN.INF
[DETECTION] Contains recognition pattern of the INF/AutoRun.K INF virus
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\NetApi000.sys
[DETECTION] Contains recognition pattern of the RKIT/Xorer.A.11 root kit
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\pagefile.pif
[DETECTION] Is the TR/Drop.Xorer.C Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\pagefile.exe
[DETECTION] Is the TR/Xorer.ed.8192 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\037589.log
[DETECTION] Is the TR/Drop.Xorer.C Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\dnsq.dll
[DETECTION] Contains recognition pattern of the RKIT/Xorer.2 root kit
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Lcass.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Tzhen.A.1 back-door program
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\446751.log
[DETECTION] Is the TR/Drop.Xorer.C Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\alg.exe
[DETECTION] Is the TR/Dldr.Xorer.E.1 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\AntiTool.exe
[DETECTION] Is the TR/PSW.OnlineGames.Mix.2 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\lsass.exe
[DETECTION] Is the TR/Fujacks.A.1 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\netcfg.000
[DETECTION] Is the TR/Xorer.G Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\netcfg.dll
[DETECTION] Is the TR/Xorer.G Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\system32\Com\smss.exe
[DETECTION] Is the TR/Xorer.E.2 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\Temp\data.gif
   [DETECTION] Is the TR/Xorer.94208 Trojan
[NOTE]    The file was deleted!
E:\本地磁盘(C：)\Temp\Setup.exe
   [DETECTION] Is the TR/Xorer.94208 Trojan
[NOTE]    The file was deleted!
Begin scan in 'E:\setup.exe'
E:\setup.exe
[0] Archive type: RAR SFX (self extracting)
   --> Setup.exe
      [DETECTION] Is the TR/Xorer.94208 Trojan
[DETECTION] Contains recognition pattern of the DR/Xorer.A.3 dropper
[NOTE]    The file was deleted!

End of the scan: 2008年8月12日  08:31
Used time: 00:24 Minute(s)

The scan has been done completely.

   4 Scanning directories
   18 Files were scanned
   18 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   17 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   1 Archives were scanned
   0 Warnings
   17 Notes

youba 发表于 2008-8-20 20:06

增加了启动项，更新了主注释~

BING126 发表于 2008-8-20 20:10

McAfee 全杀了。。[:08:]

WillBeNextKido 发表于 2008-8-20 20:13

UGuard 完成了在 C:\Documents and Settings\Administrator\桌面\完美磁碟机病毒样本上的扫描。
================
'Heur.RARSFX.SilentDropper' 在 'setup.exe//RAR_DATA.rar//[ArchiverComment]' 中被检测到。
'Generic.nFile' 在 '037589.log' 中被检测到。
'Script.Unknown.a' 在 'AUTORUN.INF' 中被检测到。
'Generic.nFile' 在 'NetApi000.sys' 中被检测到。
'ST.Virus.Win32.Xorer.ed' 在 'pagefile.exe' 中被检测到。
'Generic.nFile' 在 'pagefile.pif' 中被检测到。
'Generic.nFile' 在 'Lcass.exe' 中被检测到。
'SL.Trojan.21202' 在 'alg.exe' 中被检测到。
'SL.Trojan.21202' 在 'smss.exe' 中被检测到。
================
扫描文件数： 19
本次扫描发现了 9 个已知威胁，请及时处理。
实际文件数： 18
扫描时间： 0-00-00 00:00:01:0921
威胁比率： 50%

qigang 发表于 2008-8-20 20:14

33/17

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.Win32.Undef.byh
病毒： Trojan.Win32.Undef.byi
病毒： Worm.Win32.DiskGen.cv
病毒： Worm.Win32.DiskGen.cs
病毒： Worm.Win32.DiskGen.cs
病毒： Worm.Win32.DiskGen.cs
病毒： Backdoor.Agent.ipt
病毒： Worm.Win32.DiskGen.GEN
病毒： Worm.Win32.DiskGen.gfk
病毒： Trojan.Win32.Undef.dxt
病毒： Worm.Win32.DiskGen.gfp
病毒： Worm.Win32.DiskGen.gfn

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.58.22

ahzsmzkf 发表于 2008-8-20 20:25

收下了
avast警报直响啊

zhaohk 发表于 2008-8-26 10:26

这个东西太恶毒了！！

byx0210 发表于 2008-8-26 10:37

解压后的本地磁盘C可不可以直接打开，带开后才发现里面优AUTORUN.INF。。
实机操作啊！！！！！！！！！！！

方空发表于 2008-8-26 10:46

bd查到18个，有几个是相同得毒~~~~[:05:]

fireworld 发表于 2008-8-26 11:43

本来就是一个老病毒全杀不稀奇了～～

youba 发表于 2008-8-29 17:23

更新日志：

1.加入AntiTool.exe和系统目录下drivers文件夹内的alg.exe程序。该程序是由磁碟机连接指定网站下载AntiTool.exe，并会释放一个alg.exe到drivers目录，这个alg.exe似乎是个ARP病毒一旦运行，全局域网QQ不久就会全掉线…

2.加入ntfsus.exe程序。这是由病毒体连接网络下载http://*.com/Stop.exe到system32文件夹命名为ntfsus.exe
该病毒具有arp欺骗功能。

[:01:]

页: [1] 2 3

卡饭论坛's Archiver

最完美的磁碟机病毒样本--值得收藏和研究！（不断更新，添加感染文件exe、htm）

18

33/17