再来39个

jimmyleo

虾米换成最早的头像了~

专家

原帖由 hj5abc 于 2007-7-8 22:24 发表
前一阵子在霏凡看到Defendio更新了..估计在忙那个吧

主要是杀马，其次还有全能优化等。

wangjay1980

deleted: Trojan program Trojan-PSW.Win32.Delf.qc        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/3.exe//UPX
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nn        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/1630.exe
deleted: Trojan program Trojan-Proxy.Win32.Small.du        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/jh.exe
deleted: Trojan program Trojan-PSW.Win32.Lmir.akw        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/vip1.exe//ASPack
deleted: adware not-a-virus:AdWare.Win32.BHO.av        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/ad107.exe//stream//data0001
deleted: Trojan program Trojan-Downloader.Win32.Agent.bfd        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/bind_50016.exe//data0002
deleted: adware not-a-virus:AdWare.Win32.Cinmus.b        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/dodolook082.exe
deleted: Trojan program Trojan-Spy.Win32.Agent.pn        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/pophit_hotads.exe//PE_Patch//UPack
deleted: adware not-a-virus:AdWare.Win32.WSearch.m        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/tshz134.exe//ASPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.wz        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/ms.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.oe        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/zx0616.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.yn        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/my0616.exe
deleted: adware not-a-virus:AdWare.Win32.Cinmus.ab        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/cpush.dll
deleted: adware not-a-virus:AdWare.Win32.AdMoke.ar        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/qsxs.exe//stream//data0002//ASPack
deleted: adware not-a-virus:AdWare.Win32.Cinmus.ab        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/qsxs.exe//stream//data0003//stream//data0001
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mk        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/gm.exe//PE_Patch//UPack//PE_Patch
deleted: Trojan program Trojan-Dropper.Win32.Joiner.aq        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/qqr2_v1.2.5_Full_dl.exe
deleted: Trojan program Trojan-Downloader.Win32.Delf.bnc        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/b.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rt        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/mh0618.exe
deleted: Trojan program Trojan-PSW.Win32.Delf.qc        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/mm.exe//UPX
deleted: Trojan program Trojan-Downloader.Win32.QQHelper.uv        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/bind_50467.exe
deleted: Trojan program Backdoor.Win32.Hupigon.eui        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/setup.exe//PE_Patch.AvSpoof
deleted: adware not-a-virus:AdWare.Win32.Iebar.h        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/barhelp24.0.dll
deleted: adware not-a-virus:AdWare.Win32.Iebar.m        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/iebar23.0.dll
deleted: Trojan program Backdoor.Win32.Bifrose.kt        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/JSY.DLL
deleted: virus Packed.Win32.CryptExe (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/VServer.exe
deleted: Trojan program Trojan-Dropper.Win32.Joiner.aq        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/QQTang2.1Beta0622_dl.exe
detected: virus Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/wm0612.exe//PE_Patch//UPack
detected: virus Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/hosts.exe

Giggs

这个都注意到了

moonsilver

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.XYOnline.am
病毒： Trojan.PSW.Agent.kat     
病毒： Trojan.DL.Win32.Delf.yqp
病毒： Trojan.IEbar.c           
病毒： Trojan.DL.Win32.Agent.wkq
病毒： Dropper.Agent.fws        
病毒： Trojan.PSW.Win32.OnlineGames.cus
病毒： Trojan.IEbar.b           
病毒： Trojan.PSW.Win32.OnlineGames.ch
病毒： Trojan.PSW.Win32.OnlineGames.dcz
病毒： Trojan.PSW.Delf.exv      
病毒： Trojan.PSW.Win32.OnlineGames.cvx
病毒： Trojan.PSW.Win32.OnlineGames.cxb
病毒： Trojan.Delf.qym         
病毒： Dropper.TiHs.at         
病毒： Trojan.PSW.Win32.LMir.hrt
病毒： Trojan.PSW.Win32.OnlineGames.cvw
病毒： Trojan.PSW.Win32.Zhuxian.m

用户来源：互联网

软件版本：19.30.62

20个

rasis

Begin scan in 'D:\My Download\样本'
1630.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.NN.298
      [WARNING]   The file was ignored!
3.exe
      [DETECTION] Is the Trojan horse TR/PSW.Delf.QC.40
      [WARNING]   The file was ignored!
3d226f621b4a032c.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.ahj.669 Backdoor server programs
      [WARNING]   The file was ignored!
ad107.exe
      [DETECTION] Contains signature of the dropper DR/BHO.AV.5
      [WARNING]   The file was ignored!
b.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.bnc.2
      [WARNING]   The file was ignored!
barhelp24.0.dll
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/IEBar.N
      [WARNING]   The file was ignored!
bind_50016.exe
      [DETECTION] Contains signature of the dropper DR/Dldr.Agent.bfd
      [WARNING]   The file was ignored!
bind_50467.exe
      [DETECTION] Is the Trojan horse TR/Dldr.QQHelper.UV.18
      [WARNING]   The file was ignored!
cpush.dll
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Cinmus.AB.3
      [WARNING]   The file was ignored!
dodolook082.exe
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Cinmus.B.55
      [WARNING]   The file was ignored!
gm.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.MK.10
      [WARNING]   The file was ignored!
hosts.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.ahj.668 Backdoor server programs
      [WARNING]   The file was ignored!
iebar23.0.dll
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Iebar.M.1
      [WARNING]   The file was ignored!
jh.exe
      [DETECTION] Is the Trojan horse TR/Agent.22016.B
      [WARNING]   The file was ignored!
JSY.DLL
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Bifrose.KT.511 Backdoor server programs
      [WARNING]   The file was ignored!
mh0618.exe
      [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
      [WARNING]   The file was ignored!
mm.exe
      [DETECTION] Is the Trojan horse TR/PSW.Steal.27488
      [WARNING]   The file was ignored!
ms.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.YF
      [WARNING]   The file was ignored!
my0616.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.YF
      [WARNING]   The file was ignored!
pophit_hotads.exe
      [DETECTION] Is the Trojan horse TR/Agent.24576.8
      [WARNING]   The file was ignored!
qq.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING]   The file was ignored!
qq2.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING]   The file was ignored!
qqr2_v1.2.5_Full_dl.exe
      [DETECTION] Is the Trojan horse TR/Drop.Joiner.AQ.3
      [WARNING]   The file was ignored!
QQTang2.1Beta0622_dl.exe
      [DETECTION] Is the Trojan horse TR/Drop.Joiner.AQ.4
      [WARNING]   The file was ignored!
qsxs.exe
      [DETECTION] Contains signature of the dropper DR/AdMoke.AR
      [WARNING]   The file was ignored!
setup.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.eui Backdoor server programs
      [WARNING]   The file was ignored!
tshz134.exe
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Cdnup.A.1
      [WARNING]   The file was ignored!
vip1.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [WARNING]   The file was ignored!
VServer.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING]   The file was ignored!
wm0612.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING]   The file was ignored!
zx0616.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING]   The file was ignored!


End of the scan: 2007年7月9日  07:56
Used time: 00:14 min

The scan has been done completely.

      1 Scanning directories
     39 Files were scanned
     31 viruses and/or unwanted programs were found
      0 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      8 Files not concerned
      0 Archives were scanned
     31 Warnings
      0 Notes
      0 Hidden objects were found

woai_jolin

扫描进行于：2007/7/9 7:46:16
扫描日志
NOD32版本 2384 (20070708) NT
命令行： D:\v\样本
C:\Program Files\Eset\nod32.exe - 是正常的
1 的MBR区.物理磁盘 - 是正常的
1 的启动引导区.物理磁盘 - 是正常的

日期： 9.7.2007  时间：07:46:17
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：D:\v\样本\
D:\v\样本\1630.exe - Win32/PSW.Agent.NEC 木马
D:\v\样本\3.exe - Win32/PSW.Delf.NHI 木马的变种
D:\v\样本\3d226f621b4a032c.exe - Win32/Agent.NEO 木马的变种
D:\v\样本\ad107.exe >>NSIS >>cpush.dll - Win32/Adware.BHO.AV 应用程序
D:\v\样本\b.exe - 可能是 Win32/Genetik 木马 的一个变种
D:\v\样本\barhelp24.0.dll - 是正常的
D:\v\样本\bind_50016.exe - Win32/TrojanDownloader.QQHelper 木马的变种
D:\v\样本\bind_50467.exe - Win32/TrojanDownloader.QQHelper.NCO 木马的变种
D:\v\样本\cpush.dll - 可能是 Win32/Adware.BHO.AV 应用程序 的一个变种
D:\v\样本\dodolook082.exe - Win32/Adware.Cinmus 应用程序
D:\v\样本\gm.exe - Win32/PSW.Legendmir.NEP 木马的变种
D:\v\样本\hosts.exe - 可能是 Win32/Agent.NEO 木马 的一个变种
D:\v\样本\iebar23.0.dll - Win32/Adware.Toolbar.IEBar 应用程序
D:\v\样本\jh.exe - Win32/Agent.NIK 木马的变种
D:\v\样本\JSY.DLL - 是正常的
D:\v\样本\mh0618.exe - Win32/PSW.OnLineGames.YA 木马的变种
D:\v\样本\Mir3.dll >>ASPack v2.12 - 是正常的
D:\v\样本\mm.exe - Win32/PSW.Delf.NHI 木马的变种
D:\v\样本\MMCShell.dll - 是正常的
D:\v\样本\ms.exe - Win32/PSW.OnLineGames.YA 木马的变种
D:\v\样本\my0616.exe - Win32/PSW.OnLineGames.YA 木马
D:\v\样本\pophit_hotads.exe - 可能是 Win32/Genetik 木马 的一个变种
D:\v\样本\qq.exe - 可能是 Win32/Agent.NDA 木马 的一个变种
D:\v\样本\qq2.exe - 可能是 Win32/Agent.NDA 木马 的一个变种
D:\v\样本\qqr2_v1.2.5_Full_dl.exe - 是正常的
D:\v\样本\QQTang2.1Beta0622_dl.exe - 是正常的
D:\v\样本\qsxs.exe >>NSIS >>SkypeClient.exe >>UPX v12_m2 - 是正常的
D:\v\样本\qsxs.exe >>NSIS >>512.exe >>ASPack v2.12 - 是正常的
D:\v\样本\qsxs.exe >>NSIS >>ad2509.exe >>NSIS >>cpush.dll - Win32/Adware.BHO.AV 应用程序
D:\v\样本\qsxs.exe >>NSIS >>dodolook080.exe >>NSIS >>System.dll - 是正常的
D:\v\样本\qsxs.exe >>NSIS >>dodolook080.exe >>NSIS >>1156.exe >>NSIS >>System.dll - 是正常的
D:\v\样本\qsxs.exe >>NSIS >>dodolook080.exe >>NSIS >>1156.exe >>NSIS >>DoSSSetup.dll - 是正常的
D:\v\样本\qsxs.exe >>NSIS >>dodolook080.exe >>NSIS >>1156.exe >>NSIS >>acpidisk.sys - Win32/Adware.Cinmus 应用程序的变种
D:\v\样本\qsxs.exe >>NSIS >>my_70012.exe - Win32/TrojanDownloader.QQHelper.NDD 木马的变种
D:\v\样本\setup.exe - 是正常的
D:\v\样本\tshz134.exe >>ASPack v2.12 - 是正常的
D:\v\样本\update4.exe - 是正常的
D:\v\样本\urlinfo.xml - 是正常的
D:\v\样本\vip1.exe - Win32/PSW.Legendmir.NEP 木马的变种
D:\v\样本\VServer.exe - 是正常的
D:\v\样本\winio.dll - 是正常的
D:\v\样本\winio.sys - 是正常的
D:\v\样本\winio.vxd - 是正常的
D:\v\样本\wm0612.exe - 可能是 Win32/PSW.OnLineGames.RC 木马 的一个变种
D:\v\样本\zx0616.exe - Win32/PSW.Agent.NEW 木马的变种
D:\v\样本\启动器.exe - 是正常的
已扫描的文件数目：46
已发现的病毒数目：26
完成时间： 07:46:31 总扫描时间：14 秒 (00:00:14)

promised

某些杀软居然连QQ糖的下载器都杀了
比IKARUS还强
启动器.exe无问题
那个UPDATE我这几天已经看到N次了 ，无问题
VserveR.exe也木问题
winio.dllwinio.syswinio.vxd卡巴样本分析师前几天就验证没问题了
这包真是什么都有

[ 本帖最后由 promised 于 2007-7-9 09:23 编辑 ]