都是鸽子[MD5: CE867E 224C0A 66F78C 9A8CE5 288B73 7BC25E 49906D AEF507 095090]

allenhippo

牛仔裤的样本贴里找到的

http://bbs.kafan.cn/viewthread.php?tid=103505
位于hxxp://lzw79.3322.org

准备好了么？5.6M

[ 本帖最后由 allenhippo 于 2007-7-2 22:37 编辑 ]

1688388728

反病毒专家 AntiVirusKit 2007 扫描病毒日志记录
版本
双引擎反病毒签名 7/2/2007
开始时间: 7/2/2007 22:36
引擎: KAV 引擎 (AVK 17.5810), AVST 引擎 (AVKB 17.283)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: 2.bat
        在压缩档案里: E:\病毒库\virus\10.exe
狀態: 已发现病毒
        病毒: Trojan.BAT.KillAV.ec (KAV 引擎)
对象: 2.exe
        在压缩档案里: E:\病毒库\virus\10.exe
狀態: 已发现病毒
        病毒: Backdoor.Win32.Hupigon.cda (KAV 引擎), Win32:Hupigon-AML [Trj] (AVST 引擎)
对象: 10.exe
        路径: E:\病毒库\virus
狀態: 已发现病毒
        病毒: Trojan.BAT.KillAV.ec, Backdoor.Win32.Hupigon.cda (KAV 引擎), Win32:Hupigon-AML [Trj] (AVST 引擎)
对象: 11.bat
        在压缩档案里: E:\病毒库\virus\11.exe
狀態: 已发现病毒
        病毒: Trojan.BAT.KillAV.ec (KAV 引擎)
对象: 11 .exe
        在压缩档案里: E:\病毒库\virus\11.exe
狀態: 已发现病毒
        病毒: not-a-virus:Downloader.Win32.WinFixer.u (KAV 引擎)
对象: 11.exe
        路径: E:\病毒库\virus
狀態: 已发现病毒
        病毒: Trojan.BAT.KillAV.ec, not-a-virus:Downloader.Win32.WinFixer.u (KAV 引擎)
对象: 12.bat
        在压缩档案里: E:\病毒库\virus\12.exe
狀態: 已发现病毒
        病毒: Trojan.BAT.KillAV.ec (KAV 引擎)
对象: 12.exe
        在压缩档案里: E:\病毒库\virus\12.exe
狀態: 已发现病毒
        病毒: Win32:Delf-DLH [Trj] (AVST 引擎)
对象: 12.exe
        路径: E:\病毒库\virus
狀態: 已发现病毒
        病毒: Trojan.BAT.KillAV.ec (KAV 引擎), Win32:Delf-DLH [Trj] (2x) (AVST 引擎)
对象: 14.exe
        路径: E:\病毒库\virus
狀態: 无法清除病毒
        病毒: Backdoor.Win32.GrayBird.px (KAV 引擎)
对象: 3.exe
        路径: E:\病毒库\virus
狀態: 无法清除病毒
        病毒: Backdoor.Win32.Hupigon.gs (KAV 引擎)
对象: 4.exe
        路径: E:\病毒库\virus
狀態: 无法清除病毒
        病毒: Win32:PePatch-CD [Trj] (AVST 引擎)
对象: explorer.bat
        在压缩档案里: E:\病毒库\virus\5.exe
狀態: 已发现病毒
        病毒: Trojan.BAT.KillAV.ec (KAV 引擎)
对象: QQ.vbs
        在压缩档案里: E:\病毒库\virus\5.exe
狀態: 已发现病毒
        病毒: Virus.BAT.Agent.d (KAV 引擎)
对象: 4.exe
        在压缩档案里: E:\病毒库\virus\5.exe
狀態: 已发现病毒
        病毒: Win32:PePatch-CD [Trj] (AVST 引擎)
对象: 5.exe
        路径: E:\病毒库\virus
狀態: 已发现病毒
        病毒: Trojan.BAT.KillAV.ec, Virus.BAT.Agent.d (KAV 引擎), Win32:PePatch-CD [Trj] (2x) (AVST 引擎)
对象: explorer.bat
        在压缩档案里: E:\病毒库\virus\6.exe
狀態: 已发现病毒
        病毒: Trojan.BAT.KillAV.ec (KAV 引擎)
对象: QQ.vbs
        在压缩档案里: E:\病毒库\virus\6.exe
狀態: 已发现病毒
        病毒: Virus.BAT.Agent.d (KAV 引擎)
对象: 2.exe
        在压缩档案里: E:\病毒库\virus\6.exe
狀態: 已发现病毒
        病毒: Backdoor.Win32.GrayBird.px (KAV 引擎)
对象: 6.exe
        路径: E:\病毒库\virus
狀態: 已发现病毒
        病毒: Trojan.BAT.KillAV.ec, Virus.BAT.Agent.d, Backdoor.Win32.GrayBird.px (KAV 引擎)
对象: 7.exe
        路径: E:\病毒库\virus
狀態: 无法清除病毒
        病毒: Win32:Delf-DLH [Trj] (AVST 引擎)
扫描完成: 7/2/2007 22:36
    已检查 9 个文件
    已发现 9 个染毒文件
    发现 0 个可疑文件

woai_jolin

2007/7/2 22:35:16        Scanning Log
2007/7/2 22:35:16        Version of virus signature database: 2369 (20070702)
2007/7/2 22:35:16        Date: 2.7.2007  Time: 22:35:16
2007/7/2 22:35:16        Scanned disks, folders and files: D:\病毒上报\
2007/7/2 22:35:51        D:\病毒上报\5.exe - BAT/Agent.D virus - deleted - quarantined
2007/7/2 22:35:51        D:\病毒上报\5.exe » ZIP:SFX=82944 » QQ.vbs - BAT/Agent.D virus
2007/7/2 22:35:59        D:\病毒上报\6.exe - BAT/Agent.D virus - deleted - quarantined
2007/7/2 22:35:59        D:\病毒上报\6.exe » ZIP:SFX=82944 » QQ.vbs - BAT/Agent.D virus
2007/7/2 22:36:00        Number of scanned files: 21
2007/7/2 22:36:00        Number of threats found: 2
2007/7/2 22:36:00        Time of completion: 22:36:00  Total scanning time: 44 sec (00:00:44)

promised

我觉得应该给我们至少2M的最大附件

allenhippo

离1M的附件还有7xx贴 起码等到8月份

woai_jolin

补充监控还报了一个
2007/7/2 22:38:13        eAmon        file        D:\病毒上报\3.exe        a variant of Win32/Hupigon trojan        cleaned by deleting - quarantined                Event occurred during an attempt to access the file by the application: C:\Program Files\Internet Explorer\iexplore.exe.

promised

C:\ABC\virus\10.exe:\2.vbs - Signature 'Trojan.VBS.Runner.h' found
C:\ABC\virus\10.exe:\2.bat
C:\ABC\virus\10.exe:\2.exe - Signature 'Trojan-PWS.Win32.Agent.iu' found
C:\ABC\virus\10.exe
C:\ABC\virus\11.exe:\11.bat
C:\ABC\virus\11.exe:\11.vbs - Signature 'Trojan.VBS.Runner.h' found
C:\ABC\virus\11.exe:\11 .exe - Signature 'not-a-virus:Downloader.Win32.WinFixer.u' found
C:\ABC\virus\11.exe
C:\ABC\virus\12.exe:\12.exe - Signature 'Backdoor.Win32.Hupigon.gs' found
C:\ABC\virus\12.exe:\12.vbs - Signature 'Trojan.VBS.Runner.h' found
C:\ABC\virus\12.exe:\12.bat
C:\ABC\virus\12.exe
C:\ABC\virus\14.exe - Signature 'Backdoor.Win32.Agent.ahj' found
C:\ABC\virus\3.exe - Signature 'Backdoor.Win32.Hupigon.cpb' found
C:\ABC\virus\4.exe - Signature 'Trojan-Dropper.Win32.Small.ase' found
C:\ABC\virus\5.exe:\explorer.bat
C:\ABC\virus\5.exe:\4.exe - Signature 'Trojan-Dropper.Win32.Small.ase' found
C:\ABC\virus\5.exe:\QQ.vbs - Signature 'Trojan.VBS.Runner.h' found
C:\ABC\virus\5.exe
C:\ABC\virus\6.exe:\explorer.bat
C:\ABC\virus\6.exe:\QQ.vbs - Signature 'Trojan.VBS.Runner.h' found
C:\ABC\virus\6.exe:\2.exe - Signature 'Backdoor.Win32.Agent.ahj' found
C:\ABC\virus\6.exe
C:\ABC\virus\7.exe - Signature 'Backdoor.Win32.Hupigon.gs' found

        24 Files scanned
          (5 Archives with 15 files)
        14 Signatures found
        0 Suspect code-parts found
        Used time: 0:00.641

promised

去会员区提提意见看看

wangjay1980

detected: Trojan program Trojan.BAT.KillAV.ec        File: E:\Ñù±¾\bingdu\10.exe/2.bat
detected: Trojan program Backdoor.Win32.Hupigon.cda        File: E:\Ñù±¾\bingdu\10.exe/2.exe
detected: Trojan program Trojan.BAT.KillAV.ec        File: E:\Ñù±¾\bingdu\11.exe/11.bat
detected: riskware not-a-virus:Downloader.Win32.WinFixer.u        File: E:\Ñù±¾\bingdu\11.exe/11 .exe//PE_Patch
detected: Trojan program Trojan.BAT.KillAV.ec        File: E:\Ñù±¾\bingdu\12.exe/12.bat
detected: Trojan program Backdoor.Win32.GrayBird.px        File: E:\Ñù±¾\bingdu\14.exe
detected: Trojan program Backdoor.Win32.Hupigon.gs        File: E:\Ñù±¾\bingdu\3.exe//SVKP//hmimys
detected: virus Heur.Trojan.Generic (modification)        File: E:\Ñù±¾\bingdu\4.exe//PE_Patch//VPacker//PolyCrypt
detected: Trojan program Trojan.BAT.KillAV.ec        File: E:\Ñù±¾\bingdu\5.exe/explorer.bat
detected: virus Heur.Trojan.Generic (modification)        File: E:\Ñù±¾\bingdu\5.exe/4.exe//PE_Patch//VPacker//PolyCrypt
detected: virus Virus.BAT.Agent.d        File: E:\Ñù±¾\bingdu\5.exe/QQ.vbs
detected: Trojan program Trojan.BAT.KillAV.ec        File: E:\Ñù±¾\bingdu\6.exe/explorer.bat
detected: virus Virus.BAT.Agent.d        File: E:\Ñù±¾\bingdu\6.exe/QQ.vbs
detected: Trojan program Backdoor.Win32.GrayBird.px        File: E:\Ñù±¾\bingdu\6.exe/2.exe

欠妳緈諨

金山2个红伞全灭，有报壳
Start of the scan: 2007年7月2日  22:55

Starting the file scan:

Begin scan in 'D:\病毒测试\解压'
D:\病毒测试\解压\10.exe
  [0] Archive type: ZIP SFX (self extracting)
  --> 2.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [WARNING]   The file was ignored!
D:\病毒测试\解压\11.exe
  [0] Archive type: ZIP SFX (self extracting)
  --> 11 .exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [WARNING]   The file was ignored!
D:\病毒测试\解压\12.exe
  [0] Archive type: ZIP SFX (self extracting)
  --> 12.exe
      [DETECTION] Is the Trojan horse TR/Spy.Agent.98893
      [WARNING]   The file was ignored!
D:\病毒测试\解压\14.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/GrayBird.PX.8 Backdoor server programs
      [WARNING]   The file was ignored!
D:\病毒测试\解压\3.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [WARNING]   The file was ignored!
D:\病毒测试\解压\4.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [WARNING]   The file was ignored!
D:\病毒测试\解压\5.exe
  [0] Archive type: ZIP SFX (self extracting)
  --> 4.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [WARNING]   The file was ignored!
D:\病毒测试\解压\6.exe
  [0] Archive type: ZIP SFX (self extracting)
  --> 2.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/GrayBird.PX.8 Backdoor server programs
      [WARNING]   The file was ignored!
D:\病毒测试\解压\7.exe
      [DETECTION] Is the Trojan horse TR/Spy.Agent.98893
      [WARNING]   The file was ignored!


End of the scan: 2007年7月2日  22:55
Used time: 00:31 min

The scan has been done completely.

      2 Scanning directories
     24 Files were scanned
      9 viruses and/or unwanted programs were found
      3 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     12 Files not concerned
      5 Archives were scanned
      9 Warnings
      0 Notes
      0 Hidden objects were found