24个大礼包

显示全部楼层 · 发表于 2007-7-2 12:30:46

MD5略去

[ 本帖最后由 promised 于 2007-7-2 12:36 编辑 ]

显示全部楼层 · 发表于 2007-7-2 12:32:41

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\virus'
C:\Documents and Settings\Administrator\My Documents\virus\
  19gjhuo.exe
   [DETECTION] Is the Trojan horse TR/PSW.Steal.26297
   [INFO]    The file was deleted!
  19huosh.exe
   [DETECTION] Is the Trojan horse TR/PSW.Steal.22660
   [INFO]    The file was deleted!
  19wlhuo.exe
   [DETECTION] Is the Trojan horse TR/PSW.Steal.25261
   [INFO]    The file was deleted!
  19wmhuo.exe
   [DETECTION] Is the Trojan horse TR/PSW.Steal.24661
   [INFO]    The file was deleted!
  2.exe
   [DETECTION] Contains signature of the dropper DR/KWin.1
   [INFO]    The file was deleted!
  5.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Gordon
   [INFO]    The file was deleted!
  626huozx.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
   [INFO]    The file was deleted!
  626rxhuo.exe
   [DETECTION] Is the Trojan horse TR/PSW.Steal.24466
   [INFO]    The file was deleted!
  ad_2216.exe
  bind_50404.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '46f6804c.qua'!
  boolan61.exe
  d03.exe
  dodolook326.exe
  down1[1].exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
   [INFO]    The file was deleted!
  down2[1].exe
   [DETECTION] Contains signature of the dropper DR/KWin.1
   [INFO]    The file was deleted!
  down3[1].exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
   [INFO]    The file was deleted!
  down4[1].exe
   [DETECTION] Is the Trojan horse TR/Proxy.Small.DU.733
   [INFO]    The file was deleted!
  down5[1].exe
   [DETECTION] Is the Trojan horse TR/Dldr.Gordon
   [INFO]    The file was deleted!
  netdde32.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Delf.T.3
   [INFO]    The file was deleted!
  QQyun_1.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '47018036.qua'!
  Server.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
  Setup(30).exe
   [DETECTION] Is the Trojan horse TR/Agent.akv.9
   [INFO]    The file was deleted!
  SkypeClient.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '47018051.qua'!
  winconp.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was deleted!

End of the scan: 2007年7月1日  21:32
Used time: 00:11 min

The scan has been done completely.

   1 Scanning directories
   24 Files were scanned
   20 viruses and/or unwanted programs were found
   3 classified as suspicious:
   17 files were deleted
   0 files were repaired
   3 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-7-2 12:34:01

剩下的都是nsis。。。

显示全部楼层 · 发表于 2007-7-2 12:38:46

2007/7/2 12:36:32 Scanning Log
2007/7/2 12:36:32 Version of virus signature database: 2368 (20070701)
2007/7/2 12:36:32 Date: 2.7.2007 Time: 12:36:32
2007/7/2 12:36:32 Scanned disks, folders and files: D:\virus\
2007/7/2 12:36:32 D:\virus\virus\19gjhuo.exe - Win32/PSW.OnLineGames.NBN trojan - cleaned by deleting - quarantined [1]
2007/7/2 12:36:34 D:\virus\virus\19huosh.exe - probably unknown NewHeur_PE virus [7] - deleted - quarantined
2007/7/2 12:36:35 D:\virus\virus\19wlhuo.exe - probably unknown NewHeur_PE virus [7] - deleted - quarantined
2007/7/2 12:36:35 D:\virus\virus\19wmhuo.exe - Win32/PSW.Delf.NIJ trojan - cleaned by deleting - quarantined [1]
2007/7/2 12:36:37 D:\virus\virus\626huozx.exe - probably unknown NewHeur_PE virus [7] - deleted - quarantined
2007/7/2 12:36:37 D:\virus\virus\626rxhuo.exe - probably unknown NewHeur_PE virus [7] - deleted - quarantined
2007/7/2 12:36:38 D:\virus\virus\ad_2216.exe - Win32/Adware.Boran application - deleted - quarantined
2007/7/2 12:36:38 D:\virus\virus\ad_2216.exe » NSIS:SFX=32256 » insshell.exe - Win32/Adware.Boran application
2007/7/2 12:36:40 D:\virus\virus\boolan61.exe - probably a variant of Win32/Genetik trojan - deleted - quarantined
2007/7/2 12:36:40 D:\virus\virus\boolan61.exe » NSIS:SFX=36864 » boolan.exe - probably a variant of Win32/Genetik trojan
2007/7/2 12:36:41 D:\virus\virus\d03.exe - probably a variant of Win32/Adware.BHO.AV application - deleted - quarantined
2007/7/2 12:36:41 D:\virus\virus\d03.exe » NSIS:SFX=32256 » cpush.dll - probably a variant of Win32/Adware.BHO.AV application
2007/7/2 12:36:42 D:\virus\virus\dodolook326.exe - a variant of Win32/Adware.Cinmus application - deleted - quarantined
2007/7/2 12:36:42 D:\virus\virus\dodolook326.exe » NSIS:SFX=43520 » 1097.exe - a variant of Win32/Adware.Cinmus application
2007/7/2 12:36:42 D:\virus\virus\dodolook326.exe » NSIS:SFX=43520 » 1097.exe » NSIS:SFX=31232 » acpidisk.sys - a variant of Win32/Adware.Cinmus application
2007/7/2 12:36:43 D:\virus\virus\down1[1].exe - a variant of Win32/Agent.NIK trojan - cleaned by deleting - quarantined [1]
2007/7/2 12:36:44 D:\virus\virus\down3[1].exe - a variant of Win32/Agent.NIK trojan - cleaned by deleting - quarantined [1]
2007/7/2 12:36:45 D:\virus\virus\down4[1].exe - a variant of Win32/Agent.NIK trojan - cleaned by deleting - quarantined [1]
2007/7/2 12:36:46 D:\virus\virus\down5[1].exe - a variant of Win32/Agent.NIK trojan - cleaned by deleting - quarantined [1]
2007/7/2 12:36:46 D:\virus\virus\netdde32.exe - probably unknown NewHeur_PE virus [7] - deleted - quarantined
2007/7/2 12:36:47 D:\virus\virus\QQyun_1.exe - probably a variant of Win32/PSW.QQShou trojan - cleaned by deleting - quarantined [1]
2007/7/2 12:36:49 Number of scanned files: 33
2007/7/2 12:36:49 Number of threats found: 16
2007/7/2 12:36:49 Time of completion: 12:36:49 Total scanning time: 17 sec (00:00:17)
2007/7/2 12:36:49 Notes:
2007/7/2 12:36:49 [1] File has been deleted as it contained only the virus body.
2007/7/2 12:36:49 [7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-7-2 12:42:04

C:\ABC\virus\virus\19gjhuo.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
C:\ABC\virus\virus\19huosh.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
C:\ABC\virus\virus\19wlhuo.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
C:\ABC\virus\virus\19wmhuo.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
C:\ABC\virus\virus\2.exe - Signature 'Backdoor.Win32.PcClient.GV' found
C:\ABC\virus\virus\5.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:\ABC\virus\virus\626huozx.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
C:\ABC\virus\virus\626rxhuo.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
C:\ABC\virus\virus\ad_2216.exe
C:\ABC\virus\virus\bind_50404.exe
C:\ABC\virus\virus\boolan61.exe - Signature 'Trojan-Downloader.7484' found
C:\ABC\virus\virus\d03.exe
C:\ABC\virus\virus\dodolook326.exe - Signature 'not-a-virus:AdWare.Win32.Cinmus.f' found
C:\ABC\virus\virus\down1[1].exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:\ABC\virus\virus\down2[1].exe - Signature 'Backdoor.Win32.PcClient.GV' found
C:\ABC\virus\virus\down3[1].exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:\ABC\virus\virus\down4[1].exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:\ABC\virus\virus\down5[1].exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:\ABC\virus\virus\netdde32.exe - Signature 'Trojan-Downloader.Win32.QQHelper.vn' found
C:\ABC\virus\virus\QQyun_1.exe - Signature 'MalwareScope.Worm.Viking.4' found
C:\ABC\virus\virus\Server.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
C:\ABC\virus\virus\Setup(30).exe - Signature 'Trojan.Win32.Agent.akv' found
C:\ABC\virus\virus\SkypeClient.exe
C:\ABC\virus\virus\winconp.exe - Suspect code-parts found (Level: 55)

      24 Files scanned
      (0 Archives with 0 files)
      19 Signatures found
      1 Suspect code-part found
      Used time: 0:03.188

[ 本帖最后由 promised 于 2007-7-2 12:43 编辑 ]

显示全部楼层 · 发表于 2007-7-2 12:42:44

detected: adware not-a-virus:AdWare.Win32.Boran.ai       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\ad_2216.exe//stream//data0001
detected: Trojan program Trojan-PSW.Win32.Lmir.yw       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\19gjhuo.exe//UPack//#
detected: Trojan program Trojan-Spy.Win32.Delf.vo       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\19huosh.exe//UPack
detected: Trojan program Trojan-Spy.Win32.Delf.uh       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\19wlhuo.exe//UPack
detected: Trojan program Trojan-Downloader.Win32.Delf.bcm       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\boolan61.exe//stream//data0002//NSPack
detected: Trojan program Trojan.Win32.Agent.akv       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\Setup(30).exe
detected: Trojan program Trojan-Spy.Win32.Delf.uh       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\626rxhuo.exe//UPack
detected: adware not-a-virus:AdWare.Win32.BHO.av       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\d03.exe//stream//data0001
detected: Trojan program Trojan-Downloader.Win32.QQHelper.vn       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\netdde32.exe
detected: virus Heur.Trojan.Generic       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\Server.exe//UPack
detected: Trojan program Trojan-Proxy.Win32.Small.du       File: C:\Documents and Settings\Owner\×ÀÃæ\virus\down4[1].exe
deleted: Trojan program Trojan-PSW.Win32.Lmir.yw File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/19gjhuo.exe//UPack
deleted: Trojan program Trojan-Spy.Win32.Delf.uh File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/19wmhuo.exe//UPack
deleted: adware not-a-virus:AdWare.Win32.Cinmus.g File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/dodolook326.exe//data0003//data0003
deleted: adware not-a-virus:AdWare.Win32.Cinmus.f File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/dodolook326.exe//data0003//data0004
deleted: Trojan program Trojan-Downloader.Win32.Agent.bbv File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/bind_50404.exe
deleted: Trojan program Trojan-Spy.Win32.Delf.uh File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/626huozx.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.QQPass.pf File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/QQyun_1.exe//PE_Patch.UltraProtect//UltraProtect
deleted: Trojan program Trojan-PSW.Win32.QQPass.cp File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/winconp.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.bxb File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/Server.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.Delf.jc File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/2.exe//NSPack
deleted: Trojan program Trojan-Proxy.Win32.Small.du File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/down1[1].exe
deleted: Trojan program Trojan-PSW.Win32.Delf.jc File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/down2[1].exe//NSPack
deleted: Trojan program Trojan-Proxy.Win32.Small.du File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/down3[1].exe
deleted: Trojan program Trojan-Proxy.Win32.Small.du File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/down5[1].exe
deleted: Trojan program Trojan-Proxy.Win32.Small.du File: C:\Documents and Settings\Owner\×ÀÃæ\virus15.zip/virus/5.exe

[ 本帖最后由 wangjay1980 于 2007-7-2 16:25 编辑 ]

显示全部楼层 · 发表于 2007-7-2 12:48:58

原帖由 wangjay1980 于 2007-7-2 12:42 发表
detected: adware not-a-virus:AdWare.Win32.Boran.ai File: C:\Documents and Settings\Owner\×ÀÃæ\virus\ad_2216.exe//stream//data0001
detected: Trojan program Trojan-PSW.Win32.L ...

卡巴差了
壳王都17个

显示全部楼层 · 发表于 2007-7-2 12:51:11

C:\Documents and Settings\Administrator\桌面\viru
s.part2.rar>>virus\winconp.exe>>pearmor Trojan.PSW.QQPass.ax
C:\Documents and Settings\Administrator\桌面\viru
s.part2.rar>>virus\d03.exe>>$COMMONFILES\CPUSH\cpu
sh.tmp       Adware.Win32.Agent.npp
C:\Documents and Settings\Administrator\桌面\viru
s.part2.rar>>virus\Server.exe>>upack0.34    Trojan.DL.Win32.Delf.yqe
C:\Documents and Settings\Administrator\桌面\viru
s.part2.rar>>virus\2.exe>>nspack    Trojan.PSW.Win32.OnlineGames.cvg  2
C:\Documents and Settings\Administrator\桌面\viru
s.part1.rar>>virus\ad_2216.exe>>$TEMP\insshell.exe       Dropper.Win32.Agent.y
C:\Documents and Settings\Administrator\桌面\viru
s.part1.rar>>virus\19gjhuo.exe>>upack0.34    Trojan.PSW.OnlineGames.cej
C:\Documents and Settings\Administrator\桌面\viru
s.part1.rar>>virus\19huosh.exe>>upack0.34       Trojan.PSW.Win32.OnlineGames.cle
C:\Documents and Settings\Administrator\桌面\viru
s.part1.rar>>virus\19wlhuo.exe>>upack0.34    Trojan.PSW.Win32.WorldOnline.ie
C:\Documents and Settings\Administrator\桌面\viru
s.part1.rar>>virus\19wmhuo.exe>>upack0.34    Trojan.PSW.OnlineGames.aws
C:\Documents and Settings\Administrator\桌面\viru
s.part1.rar>>virus\boolan61.exe>>$TEMP\boolan.exe>
>nspack       Trojan.Clicker.Win32.Agent.js
C:\Documents and Settings\Administrator\桌面\viru
s.part1.rar>>virus\Setup(30).exe>>fakeupx       AdWare.Agent.ax
狮子吃掉16个

显示全部楼层 · 发表于 2007-7-2 12:57:32

要不怎么叫壳王呢

再说卡巴还有变态的更新速度

Hello,

19gjhuo.exek - Trojan-PSW.Win32.Lmir.yw,
19wmhuo.exek, 626huozx.exek - Trojan-Spy.Win32.Delf.uh,
2.exek, down2[1].exek - Trojan-PSW.Win32.Delf.jc,
bind_50404.exek - Trojan-Downloader.Win32.Agent.bbv,
QQyun_1.exek - Trojan-PSW.Win32.QQPass.pf,
Server.exek - Trojan-Downloader.Win32.Agent.bxb,
winconp.exek - Trojan-PSW.Win32.QQPass.cp

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

5.exek, down1[1].exek, down3[1].exek, down5[1].exek - Trojan-Proxy.Win32.Small.du

These files are already detected. Please update your antivirus bases.

dodolook326.exek - not-a-virus:AdWare.Win32.Cinmus.g

This file is an Advertizing Tool, It's detection will be included in the next
update of extended databases set. See more info about
extended databases here: http://www.kaspersky.com/extraavupdates

SkypeClient.exek

No malicious code was found in this file.

Please quote all when answering.

--
Best regards, Vladimir Krylov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[ 本帖最后由 wangjay1980 于 2007-7-2 15:13 编辑 ]

显示全部楼层 · 发表于 2007-7-2 13:00:34

费尔的回答。

[病毒样本] 24个大礼包

本帖子中包含更多资源

评分

本帖子中包含更多资源

回复 #7 promised 的帖子

本帖子中包含更多资源