[MD5: 913AAA C8E56B 743AF8 4A0E88 A7A553 08E952 D42071 A148A3 57B9B6 2156E3]

显示全部楼层 · 发表于 2007-7-6 10:53:56

10个费尔挂了的

[MD5: 913AAA C8E56B 743AF8 4A0E88 A7A553 08E952 D42071 A148A3 57B9B6 2156E3]

显示全部楼层 · 发表于 2007-7-6 10:59:19

KIS 7全报，一个是启发
已经删除: 木马程序 Trojan-Proxy.Win32.Small.du 文件: D:\Downloads\样本.rar/1(1).exe
已经删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: D:\Downloads\样本.rar/3(1).exe
已经删除: 木马程序 Trojan-Proxy.Win32.Small.du 文件: D:\Downloads\样本.rar/4.exe
已经删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: D:\Downloads\样本.rar/4(1).exe
已经删除: 木马程序 Trojan-PSW.Win32.OnLineGames.zb 文件: D:\Downloads\样本.rar/6(1).exe
已经删除: 木马程序 Trojan-PSW.Win32.OnLineGames.zl 文件: D:\Downloads\样本.rar/7(1).exe
已经删除: 木马程序 Trojan-Proxy.Win32.Small.du 文件: D:\Downloads\样本.rar/9(1).exe
已经隔离: 病毒 Downloader (变种) 文件: D:\Downloads\样本.rar/alexa.exe
已经删除: 病毒 Virus.Win32.AutoRun.dz 文件: D:\Downloads\样本.rar/down.exe
已经删除: 木马程序 Trojan-Downloader.Win32.Delf.bko 文件: D:\Downloads\样本.rar/down(1).exe

[ 本帖最后由 caocao 于 2007-7-6 11:05 编辑 ]

显示全部楼层 · 发表于 2007-7-6 10:59:56

C:\Documents and Settings\Administrator\桌面\样本
.rar>>1(1).exe       Trojan.PSW.Win32.OnlineGames.czt
C:\Documents and Settings\Administrator\桌面\样本
.rar>>3(1).exe       Trojan.PSW.Win32.OnlineGames.czk
C:\Documents and Settings\Administrator\桌面\样本
.rar>>4.exe       Trojan.PSW.Win32.OnlineGames.cze
C:\Documents and Settings\Administrator\桌面\样本
.rar>>4(1).exe       Trojan.PSW.Win32.OnlineGames.cyl
C:\Documents and Settings\Administrator\桌面\样本
.rar>>6(1).exe             Trojan.PSW.Win32.OnlineGames.cyh
C:\Documents and Settings\Administrator\桌面\样本
.rar>>7(1).exe             Trojan.PSW.Win32.SunOnline.k
C:\Documents and Settings\Administrator\桌面\样本
.rar>>9(1).exe                Trojan.PSW.Win32.OnlineGames.cyy
  C:\Documents and Settings\Administrator\桌面\样本
.rar>>down(1).exe             Trojan.DL.Win32.Delf.yqo
狮子吃掉8个

显示全部楼层 · 发表于 2007-7-6 11:04:16

Start of the scan: 2007年7月6日  11:03

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本.rar'
C:\Documents and Settings\Administrator\桌面\样本.rar
  [0] Archive type: RAR
  --> 1(1).exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
  --> 3(1).exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
  --> 4(1).exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
  --> 6(1).exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
  --> 7(1).exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 9(1).exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
  --> alexa.exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
  --> down.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
  --> down(1).exe
   [DETECTION] Is the Trojan horse TR/Dldr.Delf.bko.4

End of the scan: 2007年7月6日  11:03
Used time: 00:05 min

显示全部楼层 · 发表于 2007-7-6 11:14:19

全是特征码扩展
Scanning Log
NOD32 version 2380 (20070705) NT
Command line: C:\Documents and Settings\Administrator\ ?
?桌面\??.rar
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not performed (option disabled)
Error occurred while scanning MBR sector of the 2.  ?
?physical disk. Error reading sector.
Error occurred while scanning MBR sector of the 3.  ?
?physical disk. Error reading sector.
Date: 6.7.2007  Time: 11:13:16
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and  ?
?Settings\Administrator\桌面\??.rar
C:\Documents and Settings\Administrator\桌面\??.rar ?RAR  ?
??1(1).exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\Administrator\桌面\??.rar ?RAR  ?
??3(1).exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Administrator\桌面\??.rar ?RAR  ?
??4.exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\Administrator\桌面\??.rar ?RAR  ?
??4(1).exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Administrator\桌面\??.rar ?RAR  ?
??6(1).exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Administrator\桌面\??.rar ?RAR  ?
??7(1).exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Administrator\桌面\??.rar ?RAR  ?
??9(1).exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\Administrator\桌面\??.rar ?RAR  ?
??alexa.exe - a variant of Win32/PSW.Delf.NHI trojan
C:\Documents and Settings\Administrator\桌面\??.rar ?RAR  ?
??down.exe - a variant of Win32/TrojanDownloader.Delf. ?
?NSA trojan
C:\Documents and Settings\Administrator\桌面\??.rar ?RAR  ?
??down(1).exe - a variant of Win32/TrojanDownloader.Delf. ?
?BHO trojan
Number of scanned files: 10
Number of threats found: 10
Time of completion: 11:13:17 Total scanning time: 1 sec  ?
?(00:00:01)

显示全部楼层 · 发表于 2007-7-6 11:21:29

c:\ABC\样本\1(1).exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
c:\ABC\样本\3(1).exe - Signature 'Trojan-PWS.Win32.OnLineGames.es' found
c:\ABC\样本\4(1).exe - Signature 'Trojan-PWS.Win32.OnLineGames.es' found
c:\ABC\样本\4.exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
c:\ABC\样本\6(1).exe - Signature 'Trojan-PWS.Win32.OnLineGames.zb' found
c:\ABC\样本\7(1).exe - Signature 'Trojan-PWS.Win32.OnLineGames.zl' found
c:\ABC\样本\9(1).exe - Signature 'Trojan-PWS.OnlineGames.AYD' found
c:\ABC\样本\alexa.exe - Signature 'Trojan.Delf.NEB' found
c:\ABC\样本\down(1).exe - Signature 'Trojan-PWS.Win32.QQPass.pb' found
c:\ABC\样本\down.exe - Signature 'Backdoor.Win32.Hupigon.dkl' found

10 Files scanned
(0 Archives with 0 files)
10 Signatures found
0 Suspect code-parts found
Used time: 0:00.187

显示全部楼层 · 发表于 2007-7-6 11:23:46

蠕虫名称:Worm.Win32.Agent.cjt

程序:
E:\病毒库\样本\1(1).EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.fvx

程序:
E:\病毒库\样本\3(1).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:Worm.Win32.Agent.cjx

程序:
E:\病毒库\样本\4.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.fvp

程序:
E:\病毒库\样本\4(1).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.fvm

程序:
E:\病毒库\样本\6(1).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.fwk

程序:
E:\病毒库\样本\7(1).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:Worm.Win32.Agent.ckr

程序:
E:\病毒库\样本\9(1).EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Delf.gio

程序:
E:\病毒库\样本\DOWN(1).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2007-7-6 11:25:36

反病毒专家 AntiVirusKit 2007 扫描病毒日志记录
版本
双引擎反病毒签名 7/5/2007
开始时间: 7/6/2007 11:24
引擎: KAV 引擎 (AVK 17.5886), AVST 引擎 (AVKB 17.287)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: 1(1).exe
路径: E:\病毒库\样本
狀態: 无法清除病毒
病毒: Trojan-Proxy.Win32.Small.du (KAV 引擎), Win32:Agent-HHP [Trj] (AVST 引擎)
对象: 3(1).exe
路径: E:\病毒库\样本
狀態: 无法清除病毒
病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎), Win32:Onlinegames-ACD [Trj] (AVST 引擎)
对象: 4(1).exe
路径: E:\病毒库\样本
狀態: 无法清除病毒
病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎), Win32:Onlinegames-AEA [Trj] (AVST 引擎)
对象: 4.exe
路径: E:\病毒库\样本
狀態: 无法清除病毒
病毒: Trojan-Proxy.Win32.Small.du (KAV 引擎), Win32:Agent-HHP [Trj] (AVST 引擎)
对象: 6(1).exe
路径: E:\病毒库\样本
狀態: 无法清除病毒
病毒: Trojan-PSW.Win32.OnLineGames.zb (KAV 引擎), Win32:Onlinegames-ACD [Trj] (AVST 引擎)
对象: 7(1).exe
路径: E:\病毒库\样本
狀態: 无法清除病毒
病毒: Trojan-PSW.Win32.OnLineGames.zl (KAV 引擎), Win32:Onlinegames-ACD [Trj] (AVST 引擎)
对象: 9(1).exe
路径: E:\病毒库\样本
狀態: 无法清除病毒
病毒: Trojan-Proxy.Win32.Small.du (KAV 引擎), Win32:Agent-HHP [Trj] (AVST 引擎)
对象: alexa.exe
路径: E:\病毒库\样本
狀態: 无法清除病毒
病毒: Win32:Delf-EWR [Trj] (AVST 引擎)
对象: down(1).exe
路径: E:\病毒库\样本
狀態: 无法清除病毒
病毒: Trojan-Downloader.Win32.Delf.bko (KAV 引擎), Win32:Agent-HUT [Wrm] (AVST 引擎)
对象: down.exe
路径: E:\病毒库\样本
狀態: 无法清除病毒
病毒: Virus.Win32.AutoRun.dz (KAV 引擎), Win32:Delf-EVJ [Wrm] (AVST 引擎)
扫描完成: 7/6/2007 11:24
已检查 10 个文件
已发现 10 个染毒文件
发现 0 个可疑文件

显示全部楼层 · 发表于 2007-7-6 11:29:24

10

[Scan path] C:\Documents and Settings\Administrator\桌面\样本\1(1).exe
C:\Documents and Settings\Administrator\桌面\样本\1(1).exe infected with Trojan.DownLoader.26475

[Scan path] C:\Documents and Settings\Administrator\桌面\样本\3(1).exe
C:\Documents and Settings\Administrator\桌面\样本\3(1).exe infected with Trojan.PWS.Gamania.2398

[Scan path] C:\Documents and Settings\Administrator\桌面\样本\4(1).exe
C:\Documents and Settings\Administrator\桌面\样本\4(1).exe infected with Trojan.PWS.Gamania.2396

[Scan path] C:\Documents and Settings\Administrator\桌面\样本\4.exe
C:\Documents and Settings\Administrator\桌面\样本\4.exe infected with Trojan.DownLoader.26475

[Scan path] C:\Documents and Settings\Administrator\桌面\样本\6(1).exe
>C:\Documents and Settings\Administrator\桌面\样本\6(1).exe infected with Trojan.PWS.Gamania.2378

[Scan path] C:\Documents and Settings\Administrator\桌面\样本\7(1).exe
>C:\Documents and Settings\Administrator\桌面\样本\7(1).exe probably infected with MULDROP.Trojan

[Scan path] C:\Documents and Settings\Administrator\桌面\样本\9(1).exe
C:\Documents and Settings\Administrator\桌面\样本\9(1).exe infected with Trojan.DownLoader.26475

[Scan path] C:\Documents and Settings\Administrator\桌面\样本\alexa.exe
>>C:\Documents and Settings\Administrator\桌面\样本\alexa.exe infected with Trojan.PWS.Gamania.origin

[Scan path] C:\Documents and Settings\Administrator\桌面\样本\down(1).exe
C:\Documents and Settings\Administrator\桌面\样本\down(1).exe infected with BackDoor.WebDor

[Scan path] C:\Documents and Settings\Administrator\桌面\样本\down.exe
C:\Documents and Settings\Administrator\桌面\样本\down.exe infected with Win32.HLLW.Autoruner.149

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 12
Infected objects found: 9
Objects with modifications found: 0
Suspicious objects found: 1
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 252 Kb/s
Scan time: 00:00:00

显示全部楼层 · 发表于 2007-7-6 11:56:49

C:\Documents and Settings\uhthn\Desktop\1.rar:<RAR>\3(1).exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\1.rar:<RAR>\4(1).exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\1.rar:<RAR>\6(1).exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\1.rar:<RAR>\7(1).exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\1.rar:<RAR>\alexa.exe : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\1.rar:<RAR>\down.exe : infected MalwareScope.Trojan-PSW.Game.14
C:\Documents and Settings\uhthn\Desktop\1.rar:<RAR>\down(1).exe : infected MalwareScope.Trojan-PSW.Game.14
C:\Documents and Settings\uhthn\Desktop\1.rar : backup copy created

Directories    : 0    Files in archives:    Files on disks:
Archives:                - total    : 10    - total    : 1
- scanned       : 1    -  scanned : 10    - scanned    : 1
- contain viruses : 1    -  infected : 7    - infected : 1
- deleted       : 0    -  suspicious : 0    - suspicious  : 0

[MD5: 913AAA C8E56B 743AF8 4A0E88 A7A553 08E952 D42071 A148A3 57B9B6 2156E3]

本帖子中包含更多资源