21个卡巴免杀，1个下载者，10个木马外带10个释放的dll

allenhippo

[MD5: 06658D F68895 F66387 888433 298356 87BC73 E63F6B 470163 D9808B 4A1F31 B9C37C 277832 D5EF8E 41B7EC C7495D 670F0D 60BEAA 82A0FE 96F02E 802B9B 6E6F4F]



看名字包括了10个流行网游

servet.exe 是下载者

cache的内容：



[ 本帖最后由 allenhippo 于 2007-6-30 21:03 编辑 ]

rodneyxp2002

微点全部搞定
真厉害

hj5abc

2秒就搞定了.

Scan performed at: 2007-6-30 20:40:30
Scanning Log
NOD32 version 2365 (20070630) NT
Command line: F:\virus[1]
C:\Program Files\Eset\nod32.exe - is OK
Operating memory - is OK
MBR sector of the 1. physical disk - is OK
Active boot sector of the 1. physical disk - is OK

Date: 30.6.2007  Time: 20:40:33
Anti-Stealth technology is enabled.
Scanned disks, folders and files: F:\virus[1]\
F:\virus[1]\c0nime.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\crasos.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\exp10rer.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\explorei.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\Gjzo0.dll - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\iexp10re.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\iexp1ore.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\iexpl0re.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\iexplorer.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\LgSy0.dll - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\LgSy0r.dll - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\LgSy1.dll - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\Msxo0.dll - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\qjzo0.dll - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\Rav.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\Ravs0.dll - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\servet.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\tlzo0.dll - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\txzo0.dll - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\winlog0n.exe - probably a variant of Win32/Pacex.Gen virus
F:\virus[1]\zxzo0.dll - probably a variant of Win32/Pacex.Gen virus
Number of scanned files: 21
Number of threats found: 21
Number of files cleaned: 21
Time of completion: 20:40:35 Total scanning time: 2 sec (00:00:02)

virus007

咖啡报了10个

allenhippo

原帖由 hj5abc 于 2007-6-30 20:42 发表
2秒就搞定了.

Scan performed at: 2007-6-30 20:40:30
Scanning Log
NOD32 version 2365 (20070630) NT
Command line: F:\virus[1]
C:\Program Files\Eset\nod32.exe - is OK
Operating memory  ...

看来这个pacex的确也是xx的一种了

0.078秒就搞定了：

IKARUS - T3SCAN V1.25 (WIN32)
         T3 V1.01.08
         Copyright (c) 2003 - 2007 by IKARUS Software.
         Written by Richard Schmoegner.
         All rights reserved.
Signature-database from 27.6.2007 04:15:06 (Build: 69126)

G:\virtualshare\md5\virus1\c0nime.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\crasos.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\exp10rer.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\explorei.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\Gjzo0.dll - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\iexp10re.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\iexp1ore.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\iexpl0re.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\iexplorer.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\LgSy0.dll - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\LgSy0r.dll - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\LgSy1.dll - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\Msxo0.dll - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\qjzo0.dll - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\Rav.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\Ravs0.dll - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\servet.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\tlzo0.dll - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\txzo0.dll - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\winlog0n.exe - Signature 'Packed.Win32.NSAnti.p' found

G:\virtualshare\md5\virus1\zxzo0.dll - Signature 'Packed.Win32.NSAnti.p' found

21 Files scanned
   (0 Archives with 0 files)
21 Signatures found
0 Suspect code-parts found
Used time: 0:00.078

[ 本帖最后由 allenhippo 于 2007-6-30 20:52 编辑 ]

风雪

费尔11个。剩下启发。

promised

IKARUS扫描速度绝对无敌
所以老是喜欢用这扫

promised

谀哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪姆
?            VirusBlokAda (Console scanner)             ?
?Vba32 Windows/CL 3.12.0.2 / 2007.06.29 18:41 (Vba32.W) ?
?         Copyright (c) 1993-2007 by VBA Ltd.           ?
酝屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯图
License expired
License #000000119 Valid till 2006-12-31
Demo mode
Computer: PROMISED-CE046A
System: Windows XP
Command line options:
/r=susp.rpt /ha=3 /collect_suspects /nc /sfx /af+ /fd+ /ar+ /bt- /mr- /ml+ /rw+ /as-
Program settings:
/r=susp.rpt /ha=3 /collect_suspects /nc /sfx /af+ /fd+ /ar+ /qu+ /ml+ /rw+

*:
C:\
C:\ABC\virus\c0nime.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\crasos.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\exp10rer.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\explorei.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\Gjzo0.dll : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\iexp10re.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\iexp1ore.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\iexpl0re.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\iexplorer.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\LgSy0.dll : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\LgSy0r.dll : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\LgSy1.dll : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\Msxo0.dll : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\qjzo0.dll : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\Rav.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\Ravs0.dll : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\servet.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\tlzo0.dll : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\txzo0.dll : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\winlog0n.exe : infected MalwareScope.Worm.Viking.3
C:\ABC\virus\zxzo0.dll : infected MalwareScope.Worm.Viking.3
Program execution terminated by user


Directories       : 5       Files in archives:      Files on disks:
Archives:                   - total       : 1       - total       : 38   
- scanned         : 1       -  scanned    : 1       - scanned     : 38   
- contain viruses : 0       -  infected   : 0       - infected    : 21   
- deleted         : 0       -  suspicious : 0       - suspicious  : 0     

Startup    : 21:02:02 30-06-2007
End        : 21:02:10 30-06-2007
Total time : 00:00:08

allenhippo

原帖由 promised 于 2007-6-30 21:00 发表
IKARUS扫描速度绝对无敌
所以老是喜欢用这扫

也喜欢瞎报，什么都敢杀

promised

AVK都给它杀了