【病毒】會關閉小紅傘的病毒 [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QD

**Donna** · 2008-05-26, 02:22 AM

自己打的，不知到要不要打轉貼阿~~

http://billtu2002.spaces.live.com/bl...DA53!145.entry

**Donna** · 2008-05-26, 03:41 PM

病毒樣本下載
http://cid-603ef3171860da53.skydrive...px/VirusSample

共有三個rar 壓縮檔案，因為上傳檔案大小限制，所以切割檔案。
第二層壓縮檔案 virus.rar 解壓縮密碼 123 ，請小心服用。

**Donna** · 2008-05-27, 12:08 AM

今天花了點時間，重新找到讓我中毒的源檔，有興趣可以下載看看。

Virus_Password123.rar 密碼 123

請務必小心。

然後試試看小紅傘掃的到掃不到

Avira AntiVir Personal
Report file date: 2008年5月26日 23:49
Scanning for 1292650 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Administrator
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008/4/9 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008/3/18 03:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008/2/7 02:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008/2/28 02:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008/2/21 02:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007/7/18 04:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008/3/7 07:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008/5/17 12:39:34
ANTIVIR3.VDF : 7.0.4.93 240128 Bytes 2008/5/26 12:38:10
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008/2/25 03:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008/5/24 12:40:10
AESCN.DLL : 8.1.0.18 119156 Bytes 2008/5/24 12:40:09
AERDL.DLL : 8.1.0.20 418165 Bytes 2008/5/24 12:40:08
AEPACK.DLL : 8.1.1.5 364918 Bytes 2008/5/24 12:40:04
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008/5/24 12:40:00
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008/5/24 12:39:57
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008/5/24 12:39:50
AEGEN.DLL : 8.1.0.21 303477 Bytes 2008/5/24 12:39:48
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008/5/24 12:39:44
AECORE.DLL : 8.1.0.29 168311 Bytes 2008/5/24 12:39:41
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008/1/23 11:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008/2/18 04:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007/4/16 07:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008/1/23 11:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008/2/12 02:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008/2/28 02:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008/1/22 11:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008/1/23 11:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008/1/25 06:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008/3/10 08:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008/3/6 06:02:11
Configuration settings for the scan:
Jobname..........................: My Documents
Configuration file...............: c:\program files\avira\antivir personaledition classic\mydocs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008年5月26日 23:49
The scan of running processes will be started
[刪除部分]
Starting the file scan:
Begin scan in 'C:\Documents and Settings\Administrator\My Documents'

End of the scan: 2008年5月26日 23:52
Used time: 03:11 min
The scan has been done completely.
161 Scanning directories
4602 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
4602 Files not concerned
1 Archives were scanned
0 Warnings
0 Notes

耶~~~~ 還是掃不到

更新病毒碼
26.05.2008 23:54:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.4.93 < 7.0.4.95
Avira AntiVir Personal
Report file date: 2008年5月26日 23:56
Scanning for 1292849 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Administrator
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008/4/9 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008/3/18 03:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008/2/7 02:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008/2/28 02:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008/2/21 02:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007/7/18 04:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008/3/7 07:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008/5/17 12:39:34
ANTIVIR3.VDF : 7.0.4.95 243712 Bytes 2008/5/26 15:54:46
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008/2/25 03:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008/5/24 12:40:10
AESCN.DLL : 8.1.0.18 119156 Bytes 2008/5/24 12:40:09
AERDL.DLL : 8.1.0.20 418165 Bytes 2008/5/24 12:40:08
AEPACK.DLL : 8.1.1.5 364918 Bytes 2008/5/24 12:40:04
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008/5/24 12:40:00
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008/5/24 12:39:57
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008/5/24 12:39:50
AEGEN.DLL : 8.1.0.21 303477 Bytes 2008/5/24 12:39:48
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008/5/24 12:39:44
AECORE.DLL : 8.1.0.29 168311 Bytes 2008/5/24 12:39:41
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008/1/23 11:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008/2/18 04:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007/4/16 07:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008/1/23 11:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008/2/12 02:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008/2/28 02:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008/1/22 11:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008/1/23 11:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008/1/25 06:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008/3/10 08:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008/3/6 06:02:11
Configuration settings for the scan:
Jobname..........................: My Documents
Configuration file...............: c:\program files\avira\antivir personaledition classic\mydocs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008年5月26日 23:56
The scan of running processes will be started
[刪除部分]
Starting the file scan:
Begin scan in 'C:\Documents and Settings\Administrator\My Documents'
C:\Documents and Settings\Administrator\My Documents\USB_Monitor_2.37\USB_Monitor_2.37.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.QJ
[WARNING] The file was ignored!

End of the scan: 2008年5月26日 23:57
Used time: 01:25 min
The scan has been done completely.
161 Scanning directories
4602 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
4601 Files not concerned
1 Archives were scanned
1 Warnings
0 Notes
呵呵 ~~ 終於掃到了

ㄚ一 · 2008-05-28, 09:20 AM

隱藏安裝驅動後會破壞當前的AV

2008/5/28 W 09:16:09 Setting debug privileges Denied: KLPrivileges/KLPermissionSystem/KLPermissionPrivileges/KLSetDbgPrivilege
2008/5/28 W 09:16:09 Modification hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system Denied: KLSystemData/KLSystemSecRegKeys/Policies_System
2008/5/28 W 09:16:09 Modification hkey_users\S-1-5-21-796845957-220523388-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Denied: KLSystemData/KLSystemSecRegKeys/Policies_Explorer2
2008/5/28 W 09:16:11 Create C:\WINDOWS\system32\drivers\mdelk.exe Denied: KLSystemData/KLSystemFiles/SystemExe
2008/5/28 W 09:16:17 Create C:\WINDOWS\system32\drivers\hldrrr.exe Denied: KLSystemData/KLSystemFiles/SystemExe

**noeleon930** · 2008-05-31, 12:18 AM

真是凶悍啊，我的小紅傘也是有同樣的情況，把這問題回報給小紅傘官方吧!

**chilee** · 2008-06-04, 10:13 PM

我的小紅傘剛更新完病毒碼, 依然是偵測不到.

**Appreciate** · 2008-06-05, 09:39 PM

avira解壓縮時，可掃到

【病毒】會關閉小紅傘的病毒 [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QD

主題: 【病毒】會關閉小紅傘的病毒 [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QD

主題工具