转4个[MD5: C56DA9 B1A124 154C02 6F3ADB]

promised

c:\ABC\ABC\163.exe - Signature 'Backdoor.Win32.PcClient.GV' found
c:\ABC\ABC\bind_40211.exe - Signature 'not-a-virus:AdWare.Win32.NewWeb.i' found
c:\ABC\ABC\Setup40222.exe - Signature 'not-a-virus:AdWare.Win32.NewWeb.i' found
c:\ABC\ABC\SRD.exe - Signature 'Trojan-Downloader.Win32.Delf.ACC' found
9 Files scanned
   (1 Archiv with 4 files)
4 Signatures found
0 Suspect code-parts found
Used time: 0:00.281

woai_jolin

扫描进行于：2007/7/9 9:59:26
扫描日志
NOD32版本 2384 (20070708) NT
命令行： D:\virus\样本.rar
C:\Program Files\Eset\nod32.exe - 是正常的
1 的MBR区.物理磁盘 - 是正常的
1 的启动引导区.物理磁盘 - 是正常的

日期： 9.7.2007  时间：09:59:30
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：D:\virus\样本.rar
D:\virus\样本.rar >>RAR >>163.exe - 是正常的
D:\virus\样本.rar >>RAR >>bind_40211.exe >>NSIS >>bind_40211.exe >>NSIS >>NSISdl.dll - 是正常的
D:\virus\样本.rar >>RAR >>bind_40211.exe >>NSIS >>softbox.exe - 未查明的 NewHeur_PE 病毒 [7]
D:\virus\样本.rar >>RAR >>Setup40222.exe >>NSIS >>bind_40222.exe >>NSIS >>NSISdl.dll - 是正常的
D:\virus\样本.rar >>RAR >>Setup40222.exe >>NSIS >>10008.exe >>NSIS >>UserID.txt - 是正常的
D:\virus\样本.rar >>RAR >>Setup40222.exe >>NSIS >>10008.exe >>NSIS >>server.exe - 是正常的
D:\virus\样本.rar >>RAR >>Setup40222.exe >>NSIS >>10008.exe >>NSIS >>iedw.dll - 是正常的
D:\virus\样本.rar >>RAR >>Setup40222.exe >>NSIS >>softbox.exe - 未查明的 NewHeur_PE 病毒 [7]
D:\virus\样本.rar >>RAR >>SRD.exe - 是正常的
D:\virus\样本.rar:Zone.Identifier - 是正常的
已扫描的文件数目：10
已发现的病毒数目：2
完成时间： 09:59:32 总扫描时间：2 秒 (00:00:02)

注意：
[7] 该文件可能感染上未知病毒。

wangjay1980

detected: Trojan program Trojan-Downloader.Win32.VB.ans        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/bind_40211.exe//data0003
detected: Trojan program Trojan-Downloader.NSIS.QQHelper.i        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/Setup40222.exe//data0002//data0001
detected: Trojan program Trojan.Win32.Agent.zl        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/Setup40222.exe//data0003//data0003
detected: Trojan program Trojan.Win32.Agent.zl        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/Setup40222.exe//data0003//data0004
detected: Trojan program Trojan-Downloader.Win32.VB.amm        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/Setup40222.exe//data0004
detected: Trojan program Trojan.Win32.StartPage.akn        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/SRD.exe

欠妳緈諨

tracydk

Starting the file scan:

Begin scan in 'F:\病毒样本\样本.rar'
F:\病毒样本\样本.rar
  [0] Archive type: RAR
  --> 163.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
  --> bind_40211.exe
      [DETECTION] Contains signature of the dropper DR/Dldr.VB.ans
  --> Setup40222.exe
      [DETECTION] Contains signature of the dropper DR/Dldr.NSIS.QQHelper.I.7
  --> SRD.exe
      [DETECTION] Is the Trojan horse TR/StartPage.akn.3
      [INFO]      The file was deleted!

uhthn2002

C:\Documents and Settings\uhthn\Desktop\1.rar:<RAR>\Setup40222.exe : infected Trojan.Starter.84
C:\Documents and Settings\uhthn\Desktop\1.rar:<RAR>\SRD.exe : infected Trojan.Win32.StartPage.akn


Directories       : 0       Files in archives:      Files on disks:
Archives:                   - total       : 4       - total       : 1     
- scanned         : 1       -  scanned    : 4       - scanned     : 1     
- contain viruses : 1       -  infected   : 2       - infected    : 1     
- deleted         : 0       -  suspicious : 0       - suspicious  : 0

风雪

费尔一个启发一个木马。

harryz

卡巴.......

wangjay1980

Hello, no malicious code was found in this file.

--
Best regards, Shvetsov Dmitry
Virus analyst, Kaspersky Lab.

e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/




> Attachment: ??163.zip

蓝色牛仔裤

蜘蛛扫的太细了。。。才两个。。。

[Scan path] C:\Documents and Settings\Administrator\桌面\样本.rar
>>C:\Documents and Settings\Administrator\桌面\样本.rar\163.exe - Ok
>>>C:\Documents and Settings\Administrator\桌面\样本.rar\bind_40211.exe\data001 - Ok
>>C:\Documents and Settings\Administrator\桌面\样本.rar\bind_40211.exe\data002 infected with Trojan.DownLoader.14618
>>C:\Documents and Settings\Administrator\桌面\样本.rar\bind_40211.exe\data003 infected with Trojan.DownLoader.12726
>C:\Documents and Settings\Administrator\桌面\样本.rar\bind_40211.exe - archive contains infected objects
>>>C:\Documents and Settings\Administrator\桌面\样本.rar\Setup40222.exe\data001 - Ok
>>C:\Documents and Settings\Administrator\桌面\样本.rar\Setup40222.exe\data002 infected with Trojan.DownLoader.12745
>>>>C:\Documents and Settings\Administrator\桌面\样本.rar\Setup40222.exe\data003\data001 - Ok
>>>C:\Documents and Settings\Administrator\桌面\样本.rar\Setup40222.exe\data003\data002 infected with Trojan.Starter.84
>>>C:\Documents and Settings\Administrator\桌面\样本.rar\Setup40222.exe\data003\data003 infected with Trojan.DownLoader.12618
>>C:\Documents and Settings\Administrator\桌面\样本.rar\Setup40222.exe\data003 - archive contains infected objects
>>C:\Documents and Settings\Administrator\桌面\样本.rar\Setup40222.exe\data004 infected with Trojan.DownLoader.12726
>C:\Documents and Settings\Administrator\桌面\样本.rar\Setup40222.exe - archive contains infected objects
>C:\Documents and Settings\Administrator\桌面\样本.rar\SRD.exe - Ok
C:\Documents and Settings\Administrator\桌面\样本.rar - archive contains infected objects

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 13
Infected objects found: 6
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 282 Kb/s
Scan time: 00:00:01