win32.iuhzu.a卤猪病毒微点报警

显示全部楼层 · 发表于 2007-7-5 18:02:44

微点主动防御软件报警发现新的未知木马！

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ALERTER COM+\ IMAGEPATH C:\WINDOWS\SYSTEM32\IME\SVCHOST.EXE

[ 本帖最后由 Nblock 于 2007-7-8 09:14 编辑 ]

显示全部楼层 · 发表于 2007-7-5 18:08:16

Scan performed at: 2007-7-5 18:07:57
Scanning Log
NOD32 version 2379 (20070704) NT
Command line: C:\Documents and Settings\EQ2\桌面\z.rar
Operating memory - is OK

Date: 5.7.2007 Time: 18:08:03
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\z.rar
C:\Documents and Settings\EQ2\桌面\z.rar ?ZIP ?Q W.com - probably a variant of Win32/Pacex.Gen virus
C:\Documents and Settings\EQ2\桌面\z.rar ?ZIP ?Trojan..com - probably a variant of Win32/Pacex.Gen virus
C:\Documents and Settings\EQ2\桌面\z.rar ?ZIP ?Server.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\z.rar ?ZIP ?too.exe - a variant of Win32/PSW.Lineage.ACN trojan
Number of scanned files: 6
Number of threats found: 4
Number of files cleaned: 1
Time of completion: 18:08:05 Total scanning time: 2 sec (00:00:02)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-7-5 18:08:44

已检测到: 木马程序 Trojan-PSW.Win32.Maran.dy URL: http:/bbs.kafan.cn/attachment.php?aid=96920/Q W.com

卡巴报了第一个

显示全部楼层 · 发表于 2007-7-5 18:12:20

C:\Documents and Settings\Administrator\桌面\z.ra
r>>Q W.com       Trojan.PSW.Win32.Agent.c
C:\Documents and Settings\Administrator\桌面\z.ra
r>>Trojan..com       Trojan.PSW.Win32.OnlineGames.ae
C:\Documents and Settings\Administrator\桌面\z.ra
r>>Server.exe>>nspack    Win32.Iuhzu.a
C:\Documents and Settings\Administrator\桌面\z.ra
r>>too.exe>>packlz>>upx_c>>pe_patch(14       Trojan.PSW.Lineage.mug

显示全部楼层 · 发表于 2007-7-5 18:15:32

原帖由 红心王子 于 2007-7-5 18:12 发表
r>>Server.exe>>nspack Win32.Iuhzu.a

就是这支?!

显示全部楼层 · 发表于 2007-7-5 18:18:16

C:\ABC\z.rar:\Q W.com - Signature 'Packed.Win32.NSAnti.p' found
C:\ABC\z.rar:\Trojan..com - Signature 'Packed.Win32.NSAnti.p' found
C:\ABC\z.rar:\Trojan....com - File is maybe corrupt
C:\ABC\z.rar:\Server.exe - Signature 'Backdoor.Win32.Agent.ahj' found
C:\ABC\z.rar:\too.exe - Signature 'Trojan.Popwin.R' found
C:\ABC\z.rar

8 Files scanned
(2 Archives with 6 files)
4 Signatures found
0 Suspect code-parts found
Used time: 0:00.110

显示全部楼层 · 发表于 2007-7-5 18:20:33

Trojan....com果然如IKARUS所说死了

显示全部楼层 · 发表于 2007-7-5 19:09:17

BitDefender

This web page has been blocked by BitDefender Antivirus Real-time Protection!

The blocked web page included objects that were either infected or likely to be infected with a virus. Your system has NOT been infected.
GenPack:Generic.Malware.SBdld.AAF99D6D
Packer.Malware.NSAnti.F

显示全部楼层 · 发表于 2007-7-5 19:12:02

AVAST报第一个！

显示全部楼层 · 发表于 2007-7-5 19:34:57

z.rar
  [0] Archive type: ZIP
  --> Q W.com
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> Trojan..com
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> Trojan....com
   [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Expressor). Please verify the origin of the file
  --> Server.exe
   [DETECTION] Contains signature of the worm WORM/Agent.AJ.23
  --> too.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.SE

[病毒样本] win32.iuhzu.a卤猪病毒微点报警

本帖子中包含更多资源

[病毒样本] win32.iuhzu.a卤猪病毒 微点报警

本帖子中包含更多资源

[病毒样本] win32.iuhzu.a卤猪病毒微点报警