来五个睡觉了[MD5: 65E43D 4FB21E E4C632 9FEFC2 EDA7DB]

显示全部楼层 · 发表于 2007-6-30 22:30:07

金山2个比瑞星强

显示全部楼层 · 发表于 2007-6-30 22:45:26

BitDefender

This web page has been blocked by BitDefender Antivirus Real-time Protection!

The blocked web page included objects that were either infected or likely to be infected with a virus. Your system has NOT been infected.

DeepScan:Generic.Dld.ADL.3C4196D1
Trojan.Cinmeng.A
Win32.Worm.Viking.IZ

显示全部楼层 · 发表于 2007-6-30 22:46:40

2007/6/30 22:41:28 Scanning Log
2007/6/30 22:41:28 Version of virus signature database: 2365 (20070630)
2007/6/30 22:41:28 Date: 30.6.2007 Time: 22:41:28
2007/6/30 22:41:28 Scanned disks, folders and files: D:\病毒上报\
2007/6/30 22:41:30 D:\病毒上报\1042.exe - a variant of Win32/Adware.Cinmus application - deleted - quarantined
2007/6/30 22:41:30 D:\病毒上报\1042.exe » NSIS:SFX=31232 » acpidisk.sys - a variant of Win32/Adware.Cinmus application
2007/6/30 22:41:31 D:\病毒上报\1[1].exe - probably a variant of Win32/Viking virus - deleted - quarantined
2007/6/30 22:41:31 Number of scanned files: 8
2007/6/30 22:41:31 Number of threats found: 2
2007/6/30 22:41:31 Time of completion: 22:41:31 Total scanning time: 3 sec (00:00:03)

显示全部楼层 · 发表于 2007-7-1 00:05:24

多数杀了2个..唉 .里面又有个江苏downloader.

完整版.

Scanned disks, folders and files: F:\virus.rar
F:\virus.rar ?RAR ?1[1].exe - probably a variant of Win32/Viking virus
F:\virus.rar ?RAR ?1042.exe ?NSIS ?System.dll - is OK
F:\virus.rar ?RAR ?1042.exe ?NSIS ?DoSSSetup.dll - is OK
F:\virus.rar ?RAR ?1042.exe ?NSIS ?acpidisk.sys - a variant of Win32/Adware.Cinmus application
F:\virus.rar ?RAR ?1630[1].exe - is OK
F:\virus.rar ?RAR ?3027.exe - is OK
F:\virus.rar ?RAR ?bind_50064.exe - is OK
Number of scanned files: 8
Number of threats found: 2

显示全部楼层 · 发表于 2007-7-1 00:51:21

剩下的我都上报了

显示全部楼层 · 发表于 2007-7-1 02:01:34

卡巴怎么6个？
deleted: virus Worm.Win32.Viking.lu File: E:\virus sample\virus01.rar/1[1].exe
deleted: adware not-a-virus:AdWare.Win32.Cinmus.z File: E:\virus sample\virus01.rar/1042.exe//data0003
deleted: adware not-a-virus:AdWare.Win32.Cinmus.z File: E:\virus sample\virus01.rar/1042.exe//data0004
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nn File: E:\virus sample\virus01.rar/1630[1].exe
deleted: adware not-a-virus:AdWare.Win32.IEHlpr.e File: E:\virus sample\virus01.rar/3027.exe
deleted: Trojan program Trojan-Downloader.Win32.QQHelper.wt File: E:\virus sample\virus01.rar/bind_50064.exe

显示全部楼层 · 发表于 2007-7-1 07:26:14

那时因为有人上报过了
在加上卡巴的升级速度

显示全部楼层 · 发表于 2007-7-2 14:33:25

微点:
时间       进程名       路径及参数       源IP       源端口       目的IP       目的端口       操作
2007-07-02 14:31:04       BIND_50064.EXE       D:\BIND_50064.EXE       0.0.0.0       4546       58.211.7.25       80       阻断
2007-07-02 14:31:04       BIND_50064.EXE       D:\BIND_50064.EXE       0.0.0.0       4545       58.211.7.41       80       阻断
2007-07-02 14:31:04       BIND_50064.EXE       D:\BIND_50064.EXE       0.0.0.0       4544       58.211.7.59       80       阻断
2007-07-02 14:31:04       BIND_50064.EXE       D:\BIND_50064.EXE       0.0.0.0       4543       58.211.7.36       80       阻断
2007-07-02 14:30:30       BIND_50064.EXE       D:\BIND_50064.EXE       0.0.0.0       4522       58.211.7.25       80       阻断
2007-07-02 14:30:30       BIND_50064.EXE       D:\BIND_50064.EXE       0.0.0.0       4512       58.211.7.41       80       永远禁止
2007-07-02 14:30:26       BIND_50064.EXE       D:\BIND_50064.EXE       0.0.0.0       4503       58.211.7.59       80       暂时禁止
2007-07-02 14:30:24       BIND_50064.EXE       D:\BIND_50064.EXE       0.0.0.0       4494       58.211.7.36       80       暂时禁止

时间       处理结果       蠕虫名称       蠕虫进程名       蠕虫文件创建者
2007-07-02 14:29:53       处理成功       Worm.Win32.Vikings.dmt       D:\1[1].EXE       C:\PROGRAM FILES\WINRAR\WINRAR.EXE

时间       处理结果       木马名称       木马进程名       木马文件创建者
2007-07-02 14:30:54       处理成功       未知木马       C:\DOCUMENTS AND SETTINGS\DSL\LOCAL SETTINGS\TEMP\DOSSSETUP.DLL       D:\1042.EXE
2007-07-02 14:30:54       处理成功       未知木马       C:\DOCUMENTS AND SETTINGS\DSL\LOCAL SETTINGS\TEMP\NSV3E.TMP\SYSTEM.DLL       D:\1042.EXE
2007-07-02 14:30:54       处理成功       未知木马       D:\1042.EXE       C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-07-02 14:30:48       处理成功       AdWare.Win32.Cinmus.nn       C:\DOCUMENTS AND SETTINGS\DSL\LOCAL SETTINGS\TEMP\ACPIDISK.SYS       D:\1042.EXE
2007-07-02 14:30:06       处理成功       AdWare.Win32.Cinmus.nn       C:\DOCUMENTS AND SETTINGS\DSL\LOCAL SETTINGS\TEMP\ACPIDISK.SYS       D:\1042.EXE
2007-07-02 14:29:56       处理成功       AdWare.Win32.IEHlpr.fi       D:\3027.EXE       C:\PROGRAM FILES\WINRAR\WINRAR.EXE

其中1个系统环境不符合,不能发作!不过其中一个木马我双击了两次才删除去!

[ 本帖最后由 dsl5 于 2007-7-2 14:35 编辑 ]

[病毒样本] 来五个睡觉了[MD5: 65E43D 4FB21E E4C632 9FEFC2 EDA7DB]

回复 #9 duandxxi 的帖子

本帖子中包含更多资源

回复 #16 Whkroran 的帖子