样本0629

sdbsky

样本0629.........................virus

wangjay1980

detected: Trojan program Trojan-Downloader.JS.Agent.ka        File: C:\Documents and Settings\Owner\×ÀÃæ\virus.zip/virus.rar/www1.js
detected: Trojan program Backdoor.Win32.Agent.ahj        File: C:\Documents and Settings\Owner\×ÀÃæ\virus.zip/virus.rar/aaa.exe//PE_Patch
detected: Trojan program Trojan-Downloader.Win32.Delf.bko        File: C:\Documents and Settings\Owner\×ÀÃæ\virus.zip/servet.rar/servet.exe

hj5abc

Date: 29.6.2007  Time: 20:28:00
Anti-Stealth technology is enabled.

Scanned disks, folders and files: F:\servet.rar
F:\servet.rar ?RAR ?servet.exe - Win32/TrojanDownloader.Delf.BHO trojan - was a part of the deleted object

Scanned disks, folders and files: F:\virus.rar
F:\virus.rar ?RAR ?web.js - is OK
F:\virus.rar ?RAR ?www1.js - is OK
F:\virus.rar ?RAR ?run[1].js - is OK
F:\virus.rar ?RAR ?aaa.exe - probably a variant of Win32/Agent.NEO trojan

woai_jolin

2007/6/29 20:44:53        Scanning Log
2007/6/29 20:44:53        Version of virus signature database: 2364 (20070629)
2007/6/29 20:44:53        Date: 29.6.2007  Time: 20:44:53
2007/6/29 20:44:53        Scanned disks, folders and files: D:\病毒上报\
2007/6/29 20:44:53        D:\病毒上报\servet.rar - Win32/TrojanDownloader.Delf.BHO trojan - deleted - quarantined
2007/6/29 20:44:53        D:\病毒上报\servet.rar » RAR » servet.exe - Win32/TrojanDownloader.Delf.BHO trojan
2007/6/29 20:44:55        D:\病毒上报\virus.rar - probably a variant of Win32/Agent.NEO trojan - deleted - quarantined
2007/6/29 20:44:55        D:\病毒上报\virus.rar » RAR » aaa.exe - probably a variant of Win32/Agent.NEO trojan
2007/6/29 20:44:59        Number of scanned files: 9
2007/6/29 20:44:59        Number of threats found: 2
2007/6/29 20:44:59        Time of completion: 20:44:59  Total scanning time: 6 sec (00:00:06)

randyr

红伞P，sorry我没看到密码。
virus.rar
  [0] Archive type: RAR
  --> run[1].js
      [DETECTION] Contains signature of the HTML script virus HTML/Dldr.Agen.EG.2
      [WARNING]   The file was ignored!
D:\Program Files\virus\servet.rar
  [0] Archive type: RAR
  --> servet.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.bko
      [INFO]      The file was deleted!

[ 本帖最后由 randyr 于 2007-6-29 20:57 编辑 ]

风雪

费尔无反应。

woai_jolin

原帖由 randyr 于 2007-6-29 20:52 发表
红伞P过。
算了，原来是带密码的。密码呢？

password:virus

The EQs

Scan performed at: 2007-6-29 21:47:49
Scanning Log
NOD32 version 2364 (20070629) NT
Command line: C:\Documents and Settings\EQ2\桌面\virus
Operating memory - is OK

Date: 29.6.2007  Time: 21:47:53
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\virus\
C:\Documents and Settings\EQ2\桌面\virus\servet.rar ?RAR ?servet.exe - Win32/TrojanDownloader.Delf.BHO trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\virus\virus.rar ?RAR ?aaa.exe - probably a variant of Win32/Agent.NEO trojan
Number of scanned files: 7
Number of threats found: 2
Number of files cleaned: 2
Time of completion: 21:47:54 Total scanning time: 1 sec (00:00:01)

1688388728

以 AntiVirusKit 掃瞄病毒
版本 17.0.6353
病毒特徵碼 6/29/2007
開始時間: 6/29/2007 21:51
引擎: 引擎 A (AVK 17.5732), 引擎 B (AVKB 17.278)
啟發式: 開啟
壓縮檔: 開啟
系統區域: 開啟

掃瞄系統區域...
掃瞄所選的目錄及檔案...
掃瞄目錄 E:\病毒库\virus\servet
物件: aaa.exe
        路徑: E:\病毒库\virus\servet
        狀態: 偵測到病毒
        病毒: Backdoor.Win32.Agent.ahj (引擎 A)
物件: servet.exe
        路徑: E:\病毒库\virus\servet
        狀態: 偵測到病毒
        病毒: Trojan-Downloader.Win32.Delf.bko (引擎 A)
物件: www1.js
        路徑: E:\病毒库\virus\servet
        狀態: 偵測到病毒
        病毒: Trojan-Downloader.JS.Agent.ka (引擎 A)
分析完成: 6/29/2007 21:51
    已掃瞄 5 檔案
    偵測到 3 已感染的檔案
    偵測到 0 可疑的檔案

红心王子

狮子不吃上报