瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 实战猫癣下载器(附完全样本!!!!!)

12   1  /  2  页   跳转

[原创] 实战猫癣下载器(附完全样本!!!!!)

实战猫癣下载器(附完全样本!!!!!)

在朋友家杀的,处理病毒10分钟,捣鼓系统1小时附杀前日志和杀后日志和样本
这个俗称USP10.DLL的东西没这么可怕,就是一键备份恢复没用
先扫了个日志发现有猫癣特征,就从自动杀毒开始,先下载金山急救箱,断网,处理了病毒启动项,重启后装了杀毒软件全盘杀毒
就完全清除了,没必要手动
这是杀出的:


deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\My Documents\A&A\Kingsoft Internet Security 2008\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\My Documents\A&A\Kingsoft Internet Security\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\My Documents\A&A\Kingsoft Internet Security\ksa\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\My Documents\QQ\usp10.dll
deleted: Trojan program Trojan.Win32.SmallGame.cb File: C:\WINDOWS\system32\HBCHIBI.dll(病毒驱动)
deleted: Trojan program Trojan.Win32.Agent.binb File: C:\WINDOWS\system32\anymie360.dll(病毒驱动)
deleted: Trojan program Trojan-PSW.Win32.Agent.lqp File: C:\WINDOWS\Fonts\ComRes.dll
deleted: Trojan program Trojan-PSW.Win32.Agent.lqp File: C:\WINDOWS\Fonts\ctm04002.ttf
deleted: Trojan program Trojan-PSW.Win32.Agent.lsc File: C:\WINDOWS\Fonts\ctm04004.ttf
deleted: Trojan program Trojan-GameThief.Win32.WOW.ewp File: C:\Documents and Settings\Administrator\Local Settings\Temp\WowInitcode.dat
deleted: Trojan program Trojan-GameThief.Win32.WOW.ewz File: C:\Documents and Settings\Administrator\Local Settings\Temp\wsasystem.gif
deleted: Trojan program Trojan-GameThief.Win32.WOW.ewz File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C2KFA0A3\new1[1].exe
注:盗号木马就不一一标出,太多,写不了          都在TEMP
deleted: Trojan program Trojan-PSW.Win32.Agent.lqo File: C:\Program Files\Internet Explorer\UnxxZun.Zmp//UPX
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Microsoft Office\OFFICE11\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Microsoft Office\OFFICE11\2052\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\PowerInfo\DreamPlayer\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\TTPlayer\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdou File: D:\Program Files\Tencent\QQ\psapi.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\QQUpdateQzone\191030_20_0\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\Qzone\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\QQPet\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\QQPet\QQUpdateQQPet\3_4_0\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\QQDoctor\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\QQDoctor\Hotfix\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQGame\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQGame\Update\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQGame\Download\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQGame\Five\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQMusic\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQDownload\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQPet\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQPet\LiveUpdater\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Real\RealPlayer\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Real\RealPlayer\Setup\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\PPLive\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Program\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Program\Update\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Components\InMedia\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Components\VPShell\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\WPS Office 2005 OEM\office6\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\WPS Office 2005 OEM\utility\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\CommonHtml\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.yrl File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\bin\kavstart.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\bin\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\bin\antispy\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\bin\oemupdate\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\bin\oemupdate\KSA\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\KSA\PatchBak\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\ÐÂÀ˷ѵãµçÊÓ\feidianTV\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Ç廪×Ϲâ\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Á¬Á¬¿´\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Á¬Á¬¿´4\Á¬Á¬¿´4\Updater\usp10.dll









用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

附件附件:

下载次数:159
文件类型:application/octet-stream
文件大小:
上传时间:2009-2-2 22:08:57
描述:log

附件附件:

下载次数:197
文件类型:application/octet-stream
文件大小:
上传时间:2009-2-2 22:08:57
描述:log

附件附件:

下载次数:977
文件类型:application/octet-stream
文件大小:
上传时间:2009-2-2 22:08:57
描述:rar

最后编辑夲號ヱ被ジ盜 最后编辑于 2009-02-03 09:42:06
分享到:
gototop
 

回复: yang ben wenjian

建议发到“可疑文件交流区”,以免不知情的网友误下载运行。



要我转么?
最后编辑超级游戏迷 最后编辑于 2009-02-02 20:46:02
打酱油的……
gototop
 

回复:yang ben wenjian

正好不够可疑文件交流区的下载权限,谢喽
gototop
 

回复:实战猫癣下载器(附完全样本!!!!!)

编辑OK,欢迎借鉴
gototop
 

回复:实战猫癣下载器(附完全样本!!!!!)

反正够折腾的.

我的hosts文件消失了,用SRE重置,说没权限.
再早两天的求助里提到过,没人有空理,帖子太多了,很快就沉了.
gototop
 

回复:实战猫癣下载器(附完全样本!!!!!)

我怎么这么好清除
难道这是RP问题?
补充点:这个毒好像删GHO文件
gototop
 

回复: 实战猫癣下载器(附完全样本!!!!!)



引用:
原帖由 夲號ヱ被ジ盜 于 2009-2-2 22:58:00 发表
我怎么这么好清除
难道这是RP问题?
补充点:这个毒好像删GHO文件


是贩毒者的RPWT!
反正够阴够损的.
昨天杀时有发现usp10.dll侵入GHOST目录下,不知GHO是否会遭遇破坏?
gototop
 

回复: 实战猫癣下载器(附完全样本!!!!!)



引用:
原帖由 七彩黄花菜萱草 于 2009-2-2 23:11:00 发表


引用:
原帖由 夲號ヱ被ジ盜 于 2009-2-2 22:58:00 发表
我怎么这么好清除
难道这是RP问题?
补充点:这个毒好像删GHO文件


是贩毒者的RPWT!
反正够阴够损的.
昨天杀时有发现usp10.dll侵入GHOST目录下,不知GHO是否会遭遇破坏?

想起来了是把GHOST的文件删了,开机没这一项了
gototop
 

回复:实战猫癣下载器(附完全样本!!!!!)

中这毒能进安全模式不??
gototop
 

回复: 实战猫癣下载器(附完全样本!!!!!)



引用:
原帖由 七月灬等待 于 2009-2-3 12:07:00 发表
中这毒能进安全模式不??


如果你中了 很明显安全模式早就挂了
gototop
 
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT